├── .gitignore ├── CHANGELOG.md ├── CONTRIBUTING.md ├── LICENSE.txt ├── README.md ├── authzforce-xacmlsdk-admin ├── pom.xml └── src │ ├── main │ └── java │ │ └── org │ │ └── ow2 │ │ └── authzforce │ │ └── sdk │ │ ├── core │ │ └── AdminNet.java │ │ └── impl │ │ └── AdminXacmlSdkImpl.java │ └── test │ ├── java │ └── org │ │ └── ow2 │ │ └── authzforce │ │ └── sdk │ │ ├── impl │ │ └── AdminXacmlSdkImplTest.java │ │ └── test │ │ └── ScenarioRecorder.java │ └── resources │ ├── logback-test.xml │ └── mappings │ ├── domains-857bd380-bbe5-4d2c-a871-d176ff3bddcd.json │ ├── domains-fe256081-99b1-4925-a787-9a35d57c3834.json │ ├── domains_dp79bab_eemeoqjcrbeaag-ce5b6d2b-272b-4b73-a714-69a3cd430f31.json │ ├── domains_dp79bab_eemeoqjcrbeaag-d7c260a9-01a7-4f51-b15c-8b32b2eee045.json │ ├── domains_dp79bab_eemeoqjcrbeaag_pap_policies-88b2a7a0-3f53-4084-9334-f61152dbf1db.json │ ├── domains_dp79bab_eemeoqjcrbeaag_pap_policies-c98bafe6-c0cb-49e8-9352-c288eebb7a74.json │ ├── domains_dp79bab_eemeoqjcrbeaag_pap_policies_mytestpolicy_latest-129f66a3-51b7-4800-a43d-4bd7d1cdac56.json │ └── domains_dp79bab_eemeoqjcrbeaag_pap_policies_mytestpolicy_latest-62c57462-8d16-4275-a112-699e96224905.json ├── authzforce-xacmlsdk-api ├── pom.xml └── src │ └── main │ └── java │ └── com │ └── thalesgroup │ └── authzforce │ └── sdk │ └── XacmlSdk.java ├── authzforce-xacmlsdk-common ├── license │ └── thales-gpl.header.txt ├── pom.xml └── src │ └── main │ ├── java │ └── org │ │ └── ow2 │ │ └── authzforce │ │ └── sdk │ │ └── exceptions │ │ ├── XacmlSdkException.java │ │ └── XacmlSdkExceptionCodes.java │ └── resources │ ├── fileHeader.apache2.txt │ └── fileHeader.gplv3.txt ├── authzforce-xacmlsdk-core ├── license │ └── thales-gpl.header.txt ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── ow2 │ │ │ └── authzforce │ │ │ └── sdk │ │ │ ├── core │ │ │ ├── HttpHeaderInterceptor.java │ │ │ ├── Net.java │ │ │ ├── Utils.java │ │ │ └── utils │ │ │ │ └── ResponsesFactory.java │ │ │ └── impl │ │ │ └── XacmlSdkImpl.java │ └── resources │ │ ├── fileHeader.apache2.txt │ │ ├── fileHeader.gplv3.txt │ │ └── ssl-client-configuration.xml │ └── test │ ├── java │ └── com │ │ └── thalesgroup │ │ └── authzforce │ │ └── sdk │ │ └── tests │ │ ├── TestCalls.java │ │ ├── TestPerformance.java │ │ ├── TestResponseFactory.java │ │ ├── TestUtils.java │ │ └── utils │ │ ├── StubPdp.java │ │ └── Utils.java │ └── resources │ ├── logback-test.xml │ ├── requests │ └── simple-request.xml │ └── responses │ ├── TestExtractResponseWithMultipleResponses.xml │ ├── TestExtractResponseWithMultipleSameSubject.xml │ ├── TestExtractResponseWithOneResponse.xml │ ├── TestResponseFactoryGetResponseGroupBySubject.xml │ ├── domainIdTranslation-response.xml │ └── simple-response.xml ├── authzforce-xacmlsdk-model ├── license │ └── thales-gpl.header.txt ├── pom.xml └── src │ └── main │ ├── java │ └── org │ │ └── ow2 │ │ └── authzforce │ │ └── sdk │ │ └── core │ │ └── schema │ │ ├── Action.java │ │ ├── Attribute.java │ │ ├── Environment.java │ │ ├── Request.java │ │ ├── Resource.java │ │ ├── Response.java │ │ ├── Responses.java │ │ ├── Subject.java │ │ ├── SubjectKey.java │ │ ├── SubjectRequestTime.java │ │ ├── XACMLAttributeId.java │ │ ├── XACMLDatatypes.java │ │ └── category │ │ ├── ActionCategory.java │ │ ├── Category.java │ │ ├── EnvironmentCategory.java │ │ ├── ResourceCategory.java │ │ └── SubjectCategory.java │ └── resources │ └── fileHeader.apache2.txt ├── authzforce-xacmlsdk-pap-api ├── pom.xml └── src │ └── main │ └── java │ └── org │ └── ow2 │ └── authzforce │ └── sdk │ └── AdminXacmlSdk.java ├── authzforce-xacmlsdk-pdp-api ├── license │ └── thales-gpl.header.txt ├── pom.xml └── src │ └── main │ └── java │ └── org │ └── ow2 │ └── authzforce │ └── sdk │ └── XacmlSdk.java ├── authzforce-xacmlsdk-samples ├── license │ └── thales-gpl.header.txt ├── pom.xml └── src │ ├── main │ ├── java │ │ ├── META-INF │ │ │ └── MANIFEST.MF │ │ └── org │ │ │ └── ow2 │ │ │ └── authzforce │ │ │ └── sdk │ │ │ ├── pap │ │ │ └── SimplePolicyCRUD.java │ │ │ ├── pdp │ │ │ ├── CustomHeadersRequest.java │ │ │ ├── MultiValuedAttributeRequest.java │ │ │ ├── MultipleDecisionProfileRequest.java │ │ │ └── SimpleAuthorizationRequest.java │ │ │ └── utils │ │ │ ├── PapService.java │ │ │ └── ServerSetup.java │ └── resources │ │ ├── META-INF │ │ └── spring │ │ │ └── beans.xml │ │ ├── fileHeader.apache2.txt │ │ ├── logback.xml │ │ └── samples │ │ ├── multi-resources-request.xml │ │ ├── request.xml │ │ └── response.xml │ └── test │ └── resources │ ├── conf │ ├── authzforce-ext.xsd │ ├── catalog.xml │ ├── domain.tmpl │ │ ├── attributeFinders.xml │ │ ├── pdp.xml │ │ ├── policySet.xml │ │ └── refPolicySets.xml │ ├── domains.xml │ ├── logback.xml │ └── properties.xml │ └── data │ └── domains │ └── 5e022256-6d0f-4eb8-aa9d-77db3d4ad141 │ ├── attributeFinders.xml │ ├── pdp.xml │ ├── policySet.xml │ ├── properties.xml │ └── refPolicySets.xml ├── license └── thales-gpl.header.txt ├── pom.xml └── xacml-sdk-distribution ├── license └── thales-gpl.header.txt ├── pom.xml └── src └── main └── resources └── bin.xml /.gitignore: -------------------------------------------------------------------------------- 1 | *.settings 2 | *target 3 | *.classpath 4 | *.project 5 | *.tar.gz 6 | *.jar 7 | *dependency-reduced-pom.xml 8 | **/*.pmd 9 | **/*.pmdruleset.xml 10 | .idea/ 11 | *.iml 12 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Change Log 2 | All notable changes to this project will be documented in this file. 3 | This project adheres to [Semantic Versioning](http://semver.org/). 4 | 5 | ## [Unreleased] 6 | ### Changed 7 | - Complete refactoring of package to match the OSS Sonatype requirement. All suffixes becoming `org.ow2` 8 | 9 | ### Added 10 | - PMD Checks 11 | - Findbug Checks 12 | - Contributing guide 13 | - Performance testing -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # How to report issues 2 | Use the OW2 JIRA: https://jira.ow2.org/browse/AUTHZFORCE/component/12021 3 | 4 | # How to make a release (for committers only) 5 | 6 | 1. From the develop branch, run: `$ mvn jgitflow:release-start` 7 | 1. Update the CHANGELOG according to keepachangelog.com. 8 | 1. When done, run: `$ mvn jgitflow:release-finish` 9 | 1. Connect and log in to the OSS Nexus Repository Manager: https://oss.sonatype.org/ 10 | 1. Go to Staging Profiles and select the pending repository authzforce-*... you just uploaded with `jgitflow:release-finish` 11 | 1. Click the Release button to release to Maven Central. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | XACML SDK 2 | ========= 3 | [![License: GPL v3](https://img.shields.io/badge/License-GPL%20v3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0) 4 | [![Codacy Badge](https://api.codacy.com/project/badge/Grade/350fb29478014aec81bd6e28067e1355)](https://www.codacy.com/app/romain-ferrari/xacmlsdk?utm_source=tuleap.ow2.org&utm_medium=referral&utm_content=plugins/git/authzforce/xacmlsdk&utm_campaign=Badge_Grade) 5 | 6 | Includes both the [Policy Decision Point (PDP)](https://authzforce-ce-fiware.readthedocs.io/en/latest/UserAndProgrammersGuide.html#policy-decision-api) and the [Policy Administration Point (PAP)](https://authzforce-ce-fiware.readthedocs.io/en/latest/UserAndProgrammersGuide.html#policy-administration-api) client SDKs 7 | 8 | Quick Start 9 | ----------- 10 | In the mean time, to use the library, you have to build it from source. 11 | To do this follow the instructions below. 12 | 13 | ### Prerequisites 14 | * [Git](https://git-scm.org) 15 | * [Maven](https://maven.apache.org/) 16 | 17 | ### Setup 18 | Clone this repository, install dependencies with mvn. 19 | 20 | ```bash 21 | git clone https://github.com/authzforce/xacml-sdk.git && cd xacmlsdk 22 | mvn compile -DskipTests=true -Dmaven.javadoc.skip=true -B -V 23 | ``` 24 | 25 | Install the package within your own maven repository. 26 | ```bash 27 | mvn install 28 | ```` 29 | 30 | You can start using it inside your java project by adding the dependency to your pom file 31 | ```xml 32 | 33 | com.thalesgroup.authzforce 34 | xacml-sdk-pdp-rest-impl 35 | 5.0.0-SNAPSHOT 36 | 37 | ```` 38 | for PDP actions 39 | 40 | or 41 | 42 | ```xml 43 | 44 | com.thalesgroup.authzforce 45 | xacml-sdk-pap-rest-impl 46 | 5.0.0-SNAPSHOT 47 | 48 | ```` 49 | for PAP actions 50 | 51 | PDP vs PAP 52 | ---------- 53 | 54 | The PDP provides an API for getting authorization decisions computed by a XACML-compliant access control engine. It supports the following actions 55 | 56 | * `getAuthz` to get the computed decision 57 | 58 | see the [PDP samples](authzforce-xacmlsdk-samples/src/main/java/org/ow2/authzforce/sdk/pdp) for usage examples 59 | 60 | The PAP provides API for managing XACML policies to be handled by the Authorization Service PDP. It supports the following actions 61 | 62 | * `getDomains` to list all domains in the access control engine 63 | * `getDomain` to get details on a given domain 64 | * `addDomain` to add a new domain 65 | * `deleteDomain` to remove a domain 66 | * `getPolicy` to get details on a policy set 67 | * `addPolicy` to add a policy set to a domain 68 | * `deletePolicy` to delete a policy set from a domain 69 | * `createSimplePolicy` to create (without saving to a domain, i.e. in memory only) a basic policy set based on the root policy. Intended to be used in conjunction with `addPolicy` 70 | 71 | see the [PAP samples](authzforce-xacmlsdk-samples/src/main/java/org/ow2/authzforce/sdk/pap) for usage examples 72 | 73 | Development 74 | ----------- 75 | For more information on contributing to AuthZForce, see `CONTRIBUTING.md`. 76 | 77 | FAQ 78 | ----------- 79 | TODO 80 | 81 | License 82 | ------- 83 | ``` 84 | AuthZForce CE-XACML SDK - Software Development Kit for AuthZForce authorization server 85 | Copyright (c) 2016 Thales Services 86 | 87 | This program is free software: you can redistribute it and/or modify 88 | it under the terms of the GNU General Public License as published by 89 | the Free Software Foundation, either version 3 of the License, or 90 | (at your option) any later version. 91 | 92 | This program is distributed in the hope that it will be useful, 93 | but WITHOUT ANY WARRANTY; without even the implied warranty of 94 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 95 | GNU General Public License for more details. 96 | 97 | You should have received a copy of the GNU General Public License 98 | along with this program. If not, see http://www.gnu.org/licenses/. 99 | ``` 100 | 101 | References 102 | ----------- 103 | * OASIS XACML 3.0: http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html 104 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-admin/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | xacml-sdk 5 | org.ow2.authzforce 6 | 5.0.0 7 | 8 | 4.0.0 9 | 10 | xacml-sdk-pap-rest-impl 11 | AuthZForce :: XACML SDK :: PAP IMPL :: REST 12 | 2019 13 | Provides access to the PAP interface 14 | https://authzforce-ce-fiware.readthedocs.io/en/latest/UserAndProgrammersGuide.html#policy-administration-api 15 | 16 | 17 | UTF-8 18 | Thales Services - ThereSIS 19 | 20 | 21 | 22 | 23 | com.github.zafarkhaja 24 | java-semver 25 | 0.9.0 26 | 27 | 28 | org.apache.cxf 29 | cxf-rt-rs-client 30 | 31 | 32 | ${project.parent.groupId} 33 | xacml-sdk-pdp-rest-impl 34 | 35 | 36 | ${project.parent.groupId} 37 | xacml-sdk-pap-api 38 | 39 | 40 | com.github.tomakehurst 41 | wiremock-jre8 42 | 2.23.2 43 | test 44 | 45 | 46 | 47 | 48 | 49 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-admin/src/main/java/org/ow2/authzforce/sdk/core/AdminNet.java: -------------------------------------------------------------------------------- 1 | package org.ow2.authzforce.sdk.core; 2 | 3 | import org.apache.cxf.ext.logging.LoggingInInterceptor; 4 | import org.apache.cxf.ext.logging.LoggingOutInterceptor; 5 | import org.apache.cxf.jaxrs.client.ClientConfiguration; 6 | import org.apache.cxf.jaxrs.client.JAXRSClientFactory; 7 | import org.apache.cxf.jaxrs.client.WebClient; 8 | import org.apache.cxf.jaxrs.impl.MetadataMap; 9 | import org.ow2.authzforce.rest.api.jaxrs.DomainResource; 10 | import org.ow2.authzforce.rest.api.jaxrs.DomainsResource; 11 | import org.slf4j.Logger; 12 | import org.slf4j.LoggerFactory; 13 | 14 | import javax.ws.rs.core.MultivaluedMap; 15 | import java.net.URI; 16 | import java.util.HashMap; 17 | import java.util.Map; 18 | 19 | public class AdminNet { 20 | 21 | private static final Logger LOGGER = LoggerFactory.getLogger(AdminNet.class); 22 | private final boolean doDomainIdTranslation; 23 | private final DomainsResource domainsResource; 24 | private final MetadataMap customHeaders; 25 | private final URI serverEndpoint; 26 | private Map domainHandlers = new HashMap<>(); 27 | 28 | 29 | public AdminNet(URI serverEndpoint, MultivaluedMap headers, boolean doDomainIdTranslation) { 30 | this.serverEndpoint = serverEndpoint; 31 | this.customHeaders = new MetadataMap<>(headers); 32 | this.doDomainIdTranslation = doDomainIdTranslation; 33 | this.domainsResource = setupProxy(); 34 | } 35 | 36 | public DomainsResource getDomainsResource() { 37 | return this.domainsResource; 38 | } 39 | 40 | private DomainsResource setupProxy() { 41 | DomainsResource domainsResource = JAXRSClientFactory.create(String.valueOf(this.serverEndpoint), DomainsResource.class); 42 | 43 | LOGGER.debug("Adding custom headers {}", this.customHeaders.toString()); 44 | final ClientConfiguration clientConf = WebClient.getConfig(WebClient.client(domainsResource)); 45 | final HttpHeaderInterceptor headerInterceptor = new HttpHeaderInterceptor(this.customHeaders); 46 | clientConf.getOutInterceptors().add(headerInterceptor); 47 | 48 | // Request/response logging (for debugging). 49 | if (LOGGER.isDebugEnabled()) { 50 | clientConf.getInInterceptors().add(new LoggingInInterceptor()); 51 | clientConf.getOutInterceptors().add(new LoggingOutInterceptor()); 52 | } 53 | return domainsResource; 54 | } 55 | 56 | public DomainResource getDomainResource(String domain) { 57 | return getDomainHandler(domain).getMyDomainResource(); 58 | } 59 | 60 | private Net getDomainHandler(String domain) { 61 | if (!domainHandlers.containsKey(domain)) { 62 | domainHandlers.put(domain, new Net(serverEndpoint, domain, customHeaders, doDomainIdTranslation)); 63 | } 64 | return domainHandlers.get(domain); 65 | } 66 | 67 | } 68 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-admin/src/test/java/org/ow2/authzforce/sdk/impl/AdminXacmlSdkImplTest.java: -------------------------------------------------------------------------------- 1 | package org.ow2.authzforce.sdk.impl; 2 | 3 | import com.github.tomakehurst.wiremock.junit.WireMockRule; 4 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySet; 5 | import org.junit.After; 6 | import org.junit.Before; 7 | import org.junit.Rule; 8 | import org.junit.Test; 9 | import org.ow2.authzforce.rest.api.xmlns.DomainProperties; 10 | import org.ow2.authzforce.sdk.AdminXacmlSdk; 11 | import org.ow2.authzforce.sdk.exceptions.XacmlSdkException; 12 | import org.slf4j.Logger; 13 | import org.slf4j.LoggerFactory; 14 | import org.w3._2005.atom.Link; 15 | 16 | import java.net.URI; 17 | import java.util.Collections; 18 | import java.util.List; 19 | 20 | import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.options; 21 | import static org.junit.Assert.assertEquals; 22 | import static org.junit.Assert.assertFalse; 23 | import static org.ow2.authzforce.sdk.test.ScenarioRecorder.ENDPOINT_ADDRESS; 24 | import static org.ow2.authzforce.sdk.test.ScenarioRecorder.PORT; 25 | 26 | public class AdminXacmlSdkImplTest { 27 | private static final Logger LOGGER = LoggerFactory.getLogger(AdminXacmlSdkImplTest.class); 28 | private static final String DOMAIN = "myTestDomain1"; 29 | @Rule 30 | public WireMockRule server = new WireMockRule(options().port(PORT), false); 31 | private AdminXacmlSdk client; 32 | private String newDomainID = "dP79Bab_EemeoQJCrBEAAg"; 33 | 34 | @Before 35 | public void setup() { 36 | client = new AdminXacmlSdkImpl(URI.create(ENDPOINT_ADDRESS)); 37 | } 38 | 39 | @Test 40 | public void domainCrud() throws XacmlSdkException { 41 | List domains = client.getDomains(); 42 | assertFalse(domains.isEmpty()); 43 | newDomainID = client.addDomain("test domain", DOMAIN); 44 | LOGGER.info("new domain {}", newDomainID); 45 | DomainProperties domainProperties = client.getDomain(newDomainID); 46 | assertEquals(domainProperties.getExternalId(), DOMAIN); 47 | client.deleteDomain(newDomainID); 48 | } 49 | 50 | @Test 51 | public void policyCrud() throws XacmlSdkException { 52 | PolicySet set = client.createSimplePolicy(newDomainID, "myTestPolicy", "Test policy", Collections.emptyList()); 53 | client.addPolicy(newDomainID, set); 54 | client.getPolicy(newDomainID, null, "myTestPolicy"); 55 | client.deletePolicy(newDomainID, null, "myTestPolicy"); 56 | } 57 | } -------------------------------------------------------------------------------- /authzforce-xacmlsdk-admin/src/test/java/org/ow2/authzforce/sdk/test/ScenarioRecorder.java: -------------------------------------------------------------------------------- 1 | package org.ow2.authzforce.sdk.test; 2 | 3 | import com.github.tomakehurst.wiremock.junit.WireMockRule; 4 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySet; 5 | import org.junit.Ignore; 6 | import org.junit.Rule; 7 | import org.junit.Test; 8 | import org.ow2.authzforce.sdk.AdminXacmlSdk; 9 | import org.ow2.authzforce.sdk.impl.AdminXacmlSdkImpl; 10 | import org.ow2.authzforce.sdk.impl.AdminXacmlSdkImplTest; 11 | import org.slf4j.Logger; 12 | import org.slf4j.LoggerFactory; 13 | import org.w3._2005.atom.Link; 14 | 15 | import java.io.IOException; 16 | import java.net.URI; 17 | import java.nio.file.Files; 18 | import java.nio.file.Paths; 19 | import java.util.Collections; 20 | import java.util.List; 21 | 22 | import static com.github.tomakehurst.wiremock.client.WireMock.recordSpec; 23 | import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.options; 24 | 25 | @Ignore 26 | public class ScenarioRecorder { 27 | public static final int PORT = 6666; 28 | public static final String ENDPOINT_ADDRESS = "http://127.0.0.1:" + PORT + "/"; 29 | private static final String REAL_SERVER = "http://127.0.0.1:8080/authzforce-ce"; 30 | private static final AdminXacmlSdk client = new AdminXacmlSdkImpl(URI.create(ENDPOINT_ADDRESS)); 31 | private static final Logger LOGGER = LoggerFactory.getLogger(AdminXacmlSdkImplTest.class); 32 | @Rule 33 | public WireMockRule server = new WireMockRule(options().port(PORT), false); 34 | 35 | private void happyPath() { 36 | LOGGER.info("Recording: Happy path"); 37 | try { 38 | List domains = client.getDomains(); 39 | LOGGER.info("getDomains():{}", domains); 40 | String newDomainID = client.addDomain("test domain", "myTestDomain1"); 41 | LOGGER.info("addDomain():{}", newDomainID); 42 | LOGGER.info("getDomain():{}", client.getDomain(newDomainID)); 43 | PolicySet set = client.createSimplePolicy(newDomainID, "myTestPolicy", "Test policy", Collections.emptyList()); 44 | LOGGER.info("createSimplePolicy():{}", set); 45 | LOGGER.info("addPolicy():{}", client.addPolicy(newDomainID, set)); 46 | set = client.getPolicy(newDomainID, null, "myTestPolicy"); 47 | LOGGER.info("getPolicy():{}", set); 48 | client.deletePolicy(newDomainID, null, "myTestPolicy"); 49 | client.deleteDomain(newDomainID); 50 | LOGGER.info("happy scenario done!"); 51 | } catch (Exception e) { 52 | LOGGER.error("Happy scenario failure: {}", e.getMessage(), e); 53 | } 54 | 55 | } 56 | 57 | @Test 58 | @Ignore //Run manually once to setup wiremock 59 | public void rec() { 60 | try { 61 | LOGGER.info("start recording"); 62 | server.start(); 63 | server.resetAll(); 64 | Files.list(Paths.get("src/test/resources/mappings")).forEach(path -> { 65 | try { 66 | Files.deleteIfExists(path); 67 | } catch (IOException e) { 68 | LOGGER.warn("w {}", e.getMessage()); 69 | } 70 | }); 71 | server.startRecording(recordSpec().forTarget(REAL_SERVER).matchRequestBodyWithEqualToXml().ignoreRepeatRequests()); 72 | 73 | happyPath(); 74 | 75 | server.stopRecording(); 76 | server.stop(); 77 | LOGGER.info("done recording"); 78 | } catch (Throwable t) { 79 | LOGGER.error("Error {}", t.getMessage()); 80 | t.printStackTrace(); 81 | System.exit(-1); 82 | } 83 | } 84 | } 85 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-admin/src/test/resources/logback-test.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | %date{ISO8601} %-5level [%thread] %logger:%line: %msg%n 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-admin/src/test/resources/mappings/domains-857bd380-bbe5-4d2c-a871-d176ff3bddcd.json: -------------------------------------------------------------------------------- 1 | { 2 | "id" : "857bd380-bbe5-4d2c-a871-d176ff3bddcd", 3 | "name" : "domains", 4 | "request" : { 5 | "url" : "/domains", 6 | "method" : "GET" 7 | }, 8 | "response" : { 9 | "status" : 200, 10 | "body" : "", 11 | "headers" : { 12 | "Date" : "Mon, 15 Jul 2019 12:52:51 GMT", 13 | "Content-Type" : "application/xml" 14 | } 15 | }, 16 | "uuid" : "857bd380-bbe5-4d2c-a871-d176ff3bddcd", 17 | "persistent" : true, 18 | "insertionIndex" : 17 19 | } -------------------------------------------------------------------------------- /authzforce-xacmlsdk-admin/src/test/resources/mappings/domains-fe256081-99b1-4925-a787-9a35d57c3834.json: -------------------------------------------------------------------------------- 1 | { 2 | "id" : "fe256081-99b1-4925-a787-9a35d57c3834", 3 | "name" : "domains", 4 | "request" : { 5 | "url" : "/domains", 6 | "method" : "POST", 7 | "bodyPatterns" : [ { 8 | "equalToXml" : "test domain" 9 | } ] 10 | }, 11 | "response" : { 12 | "status" : 200, 13 | "body" : "", 14 | "headers" : { 15 | "Date" : "Mon, 15 Jul 2019 12:52:52 GMT", 16 | "Content-Type" : "application/xml" 17 | } 18 | }, 19 | "uuid" : "fe256081-99b1-4925-a787-9a35d57c3834", 20 | "persistent" : true, 21 | "insertionIndex" : 18 22 | } -------------------------------------------------------------------------------- /authzforce-xacmlsdk-admin/src/test/resources/mappings/domains_dp79bab_eemeoqjcrbeaag-ce5b6d2b-272b-4b73-a714-69a3cd430f31.json: -------------------------------------------------------------------------------- 1 | { 2 | "id" : "ce5b6d2b-272b-4b73-a714-69a3cd430f31", 3 | "name" : "domains_dp79bab_eemeoqjcrbeaag", 4 | "request" : { 5 | "url" : "/domains/dP79Bab_EemeoQJCrBEAAg", 6 | "method" : "DELETE" 7 | }, 8 | "response" : { 9 | "status" : 200, 10 | "body" : "", 11 | "headers" : { 12 | "Date" : "Mon, 15 Jul 2019 12:52:52 GMT", 13 | "Content-Type" : "application/xml" 14 | } 15 | }, 16 | "uuid" : "ce5b6d2b-272b-4b73-a714-69a3cd430f31", 17 | "persistent" : true, 18 | "insertionIndex" : 24 19 | } -------------------------------------------------------------------------------- /authzforce-xacmlsdk-admin/src/test/resources/mappings/domains_dp79bab_eemeoqjcrbeaag-d7c260a9-01a7-4f51-b15c-8b32b2eee045.json: -------------------------------------------------------------------------------- 1 | { 2 | "id" : "d7c260a9-01a7-4f51-b15c-8b32b2eee045", 3 | "name" : "domains_dp79bab_eemeoqjcrbeaag", 4 | "request" : { 5 | "url" : "/domains/dP79Bab_EemeoQJCrBEAAg", 6 | "method" : "GET" 7 | }, 8 | "response" : { 9 | "status" : 200, 10 | "body" : "test domain", 11 | "headers" : { 12 | "Date" : "Mon, 15 Jul 2019 12:52:52 GMT", 13 | "Content-Type" : "application/xml" 14 | } 15 | }, 16 | "uuid" : "d7c260a9-01a7-4f51-b15c-8b32b2eee045", 17 | "persistent" : true, 18 | "insertionIndex" : 19 19 | } -------------------------------------------------------------------------------- /authzforce-xacmlsdk-admin/src/test/resources/mappings/domains_dp79bab_eemeoqjcrbeaag_pap_policies-88b2a7a0-3f53-4084-9334-f61152dbf1db.json: -------------------------------------------------------------------------------- 1 | { 2 | "id" : "88b2a7a0-3f53-4084-9334-f61152dbf1db", 3 | "name" : "domains_dp79bab_eemeoqjcrbeaag_pap_policies", 4 | "request" : { 5 | "url" : "/domains/dP79Bab_EemeoQJCrBEAAg/pap/policies", 6 | "method" : "POST", 7 | "bodyPatterns" : [ { 8 | "equalToXml" : "Test policy" 9 | } ] 10 | }, 11 | "response" : { 12 | "status" : 200, 13 | "body" : "", 14 | "headers" : { 15 | "Date" : "Mon, 15 Jul 2019 12:52:52 GMT", 16 | "Content-Type" : "application/xml" 17 | } 18 | }, 19 | "uuid" : "88b2a7a0-3f53-4084-9334-f61152dbf1db", 20 | "persistent" : true, 21 | "insertionIndex" : 21 22 | } -------------------------------------------------------------------------------- /authzforce-xacmlsdk-admin/src/test/resources/mappings/domains_dp79bab_eemeoqjcrbeaag_pap_policies-c98bafe6-c0cb-49e8-9352-c288eebb7a74.json: -------------------------------------------------------------------------------- 1 | { 2 | "id" : "c98bafe6-c0cb-49e8-9352-c288eebb7a74", 3 | "name" : "domains_dp79bab_eemeoqjcrbeaag_pap_policies", 4 | "request" : { 5 | "url" : "/domains/dP79Bab_EemeoQJCrBEAAg/pap/policies", 6 | "method" : "GET" 7 | }, 8 | "response" : { 9 | "status" : 200, 10 | "body" : "", 11 | "headers" : { 12 | "Date" : "Mon, 15 Jul 2019 12:52:52 GMT", 13 | "Content-Type" : "application/xml" 14 | } 15 | }, 16 | "uuid" : "c98bafe6-c0cb-49e8-9352-c288eebb7a74", 17 | "persistent" : true, 18 | "insertionIndex" : 20 19 | } -------------------------------------------------------------------------------- /authzforce-xacmlsdk-admin/src/test/resources/mappings/domains_dp79bab_eemeoqjcrbeaag_pap_policies_mytestpolicy_latest-129f66a3-51b7-4800-a43d-4bd7d1cdac56.json: -------------------------------------------------------------------------------- 1 | { 2 | "id" : "129f66a3-51b7-4800-a43d-4bd7d1cdac56", 3 | "name" : "domains_dp79bab_eemeoqjcrbeaag_pap_policies_mytestpolicy_latest", 4 | "request" : { 5 | "url" : "/domains/dP79Bab_EemeoQJCrBEAAg/pap/policies/myTestPolicy/latest", 6 | "method" : "DELETE" 7 | }, 8 | "response" : { 9 | "status" : 200, 10 | "body" : "Test policy", 11 | "headers" : { 12 | "Date" : "Mon, 15 Jul 2019 12:52:52 GMT", 13 | "Content-Type" : "application/xml" 14 | } 15 | }, 16 | "uuid" : "129f66a3-51b7-4800-a43d-4bd7d1cdac56", 17 | "persistent" : true, 18 | "insertionIndex" : 23 19 | } -------------------------------------------------------------------------------- /authzforce-xacmlsdk-admin/src/test/resources/mappings/domains_dp79bab_eemeoqjcrbeaag_pap_policies_mytestpolicy_latest-62c57462-8d16-4275-a112-699e96224905.json: -------------------------------------------------------------------------------- 1 | { 2 | "id" : "62c57462-8d16-4275-a112-699e96224905", 3 | "name" : "domains_dp79bab_eemeoqjcrbeaag_pap_policies_mytestpolicy_latest", 4 | "request" : { 5 | "url" : "/domains/dP79Bab_EemeoQJCrBEAAg/pap/policies/myTestPolicy/latest", 6 | "method" : "GET" 7 | }, 8 | "response" : { 9 | "status" : 200, 10 | "body" : "Test policy", 11 | "headers" : { 12 | "Date" : "Mon, 15 Jul 2019 12:52:52 GMT", 13 | "Content-Type" : "application/xml" 14 | } 15 | }, 16 | "uuid" : "62c57462-8d16-4275-a112-699e96224905", 17 | "persistent" : true, 18 | "insertionIndex" : 22 19 | } -------------------------------------------------------------------------------- /authzforce-xacmlsdk-api/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4.0.0 3 | 4 | com.thalesgroup.authzforce 5 | xacml-sdk 6 | 4.0.1 7 | 8 | 9 | UTF-8 10 | Thales Services - ThereSIS 11 | 12 | 2013 13 | xacml-sdk-api 14 | AuthZForce :: XACML SDK :: API 15 | 16 | 17 | 18 | com.thalesgroup.authzforce 19 | xacml-sdk-common 20 | 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-api/src/main/java/com/thalesgroup/authzforce/sdk/XacmlSdk.java: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (C) 2013-2013 Thales Services - ThereSIS - All rights reserved. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.thalesgroup.authzforce.sdk; 17 | 18 | import java.util.List; 19 | 20 | import com.thalesgroup.authzforce.sdk.core.schema.Action; 21 | import com.thalesgroup.authzforce.sdk.core.schema.Environment; 22 | import com.thalesgroup.authzforce.sdk.core.schema.Resource; 23 | import com.thalesgroup.authzforce.sdk.core.schema.Response; 24 | import com.thalesgroup.authzforce.sdk.core.schema.Responses; 25 | import com.thalesgroup.authzforce.sdk.core.schema.Subject; 26 | import com.thalesgroup.authzforce.sdk.exceptions.XacmlSdkException; 27 | 28 | public interface XacmlSdk { 29 | 30 | /** 31 | * This method is used to create the XML request based on the RequestType 32 | * 33 | * @return XML Request (String) 34 | */ 35 | public abstract String toString(); 36 | 37 | /** 38 | * 39 | * @param subject 40 | * @param resources 41 | * @param actions 42 | * @param environment 43 | * @return 44 | * @throws XacmlSdkException 45 | */ 46 | public abstract Responses getAuthZ(List subject, 47 | List resources, List actions, 48 | Environment environment) throws XacmlSdkException; 49 | 50 | /** 51 | * 52 | * @param subject 53 | * @param resources 54 | * @param actions 55 | * @param environment 56 | * @return 57 | * @throws XacmlSdkException 58 | */ 59 | public abstract Responses getAuthZ(Subject subject, 60 | List resources, List actions, 61 | Environment environment) throws XacmlSdkException; 62 | 63 | /** 64 | * 65 | * @param subject 66 | * @param resource 67 | * @param action 68 | * @param environment 69 | * @return 70 | * @throws XacmlSdkException 71 | */ 72 | public abstract Response getAuthZ(Subject subject, Resource resource, 73 | Action action, Environment environment) throws XacmlSdkException; 74 | 75 | /** 76 | * 77 | * @param subject 78 | * @param resource 79 | * @param action 80 | * @param environment 81 | * @return 82 | * @throws XacmlSdkException 83 | */ 84 | public abstract Responses getAuthZ(Subject subject, 85 | List resource, Action action, Environment environment) 86 | throws XacmlSdkException; 87 | 88 | /** 89 | * 90 | * @param subject 91 | * @param resource 92 | * @param action 93 | * @param environment 94 | * @return 95 | * @throws XacmlSdkException 96 | */ 97 | public abstract Responses getAuthZ(Subject subject, Resource resource, 98 | List action, Environment environment) 99 | throws XacmlSdkException; 100 | 101 | } -------------------------------------------------------------------------------- /authzforce-xacmlsdk-common/license/thales-gpl.header.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) ${inceptionYear}-${currentYear} ${copyrightOwner}. 2 | 3 | This file is part of ${projectName}. 4 | 5 | ${projectName} is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | ${projectName} is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with ${projectName}. If not, see . 17 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-common/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4.0.0 3 | 4 | org.ow2.authzforce 5 | xacml-sdk 6 | 5.0.0 7 | 8 | 9 | UTF-8 10 | Thales Services - ThereSIS 11 | 12 | 2013 13 | xacml-sdk-common 14 | AuthZForce :: XACML SDK :: COMMON 15 | 16 | 17 | ch.qos.logback 18 | logback-classic 19 | 20 | 21 | 22 | 23 | ${project.parent.groupId} 24 | xacml-sdk-model 25 | 26 | 27 | 28 | 29 | 30 | 31 | org.codehaus.gmaven 32 | gmaven-plugin 33 | 1.5 34 | 35 | 36 | 37 | execute 38 | 39 | 40 | 41 | import java.util.Date 42 | import java.text.MessageFormat 43 | def 44 | vartimestamp = MessageFormat.format("{0,date,yyyy}", new Date()) 45 | project.properties['currentYear'] = vartimestamp 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | com.mycila.maven-license-plugin 54 | maven-license-plugin 55 | 1.9.0 56 | 57 | 58 |
src/main/resources/fileHeader.apache2.txt
59 | 60 | 61 | ${project.inceptionYear} 62 | ${currentYear} 63 | ${copyrightOwner} 64 | 65 | true 66 | 67 | **/*.html 68 | **/*.xml 69 | **/*.txt 70 | **/*.ec 71 | **/*.log 72 | **/*.css 73 | **/*.js 74 | **/*.jsp 75 | **/*.md 76 | **/*.properties 77 | **/*.gitignore 78 | src/test/** 79 | src/main/resources/** 80 | 81 | 82 | src/main/java/com/thalesgroup/** 83 | 84 | 85 | 86 | 87 | 88 | format 89 | 90 | 91 | 92 | 93 | 94 | org.codehaus.mojo 95 | aspectj-maven-plugin 96 | 1.4 97 | 98 | 99 | default 100 | compile 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-common/src/main/java/org/ow2/authzforce/sdk/exceptions/XacmlSdkException.java: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (C) 2013-2014 Thales Services - ThereSIS - All rights reserved. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package org.ow2.authzforce.sdk.exceptions; 17 | 18 | public class XacmlSdkException extends Exception { 19 | 20 | private static final long serialVersionUID = 985260175957642427L; 21 | 22 | public XacmlSdkException() { 23 | super(); 24 | } 25 | 26 | public XacmlSdkException(String message) { 27 | super(message); 28 | } 29 | 30 | public XacmlSdkException(XacmlSdkExceptionCodes errorCode) { 31 | switch (errorCode) { 32 | case MISSING_SUBJECT: 33 | System.err.println(errorCode.value()+": You MUST put a subject into your request"); 34 | break; 35 | case MISSING_ACTION: 36 | System.err.println(errorCode.value()+": You MUST put a ACTION into your request"); 37 | break; 38 | case MISSING_RESOURCE: 39 | System.err.println(errorCode.value()+": You MUST put a RESOURCE into your request"); 40 | break; 41 | case CATEGORY_IS_NULL: 42 | System.err.println(errorCode.value()+": You CANNOT have a null category"); 43 | break; 44 | default: 45 | System.err.print(errorCode.value()+": Error code unknown"); 46 | break; 47 | } 48 | this.printStackTrace(); 49 | } 50 | 51 | public XacmlSdkException(Throwable cause) { 52 | super(cause); 53 | } 54 | 55 | public XacmlSdkException(String message, Throwable cause) { 56 | super(message, cause); 57 | } 58 | 59 | } 60 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-common/src/main/java/org/ow2/authzforce/sdk/exceptions/XacmlSdkExceptionCodes.java: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (C) 2013-2014 Thales Services - ThereSIS - All rights reserved. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package org.ow2.authzforce.sdk.exceptions; 17 | 18 | 19 | public enum XacmlSdkExceptionCodes { 20 | 21 | MISSING_SUBJECT("MissingSubject"), 22 | MISSING_RESOURCE("MissingResource"), 23 | MISSING_ACTION("MissingAction"), 24 | MISSING_ENVIRONMENT("MissingEnvironment"), 25 | CATEGORY_IS_NULL("NullCategory"); 26 | 27 | private final String value; 28 | 29 | XacmlSdkExceptionCodes(String v) { 30 | value = v; 31 | } 32 | 33 | public String value() { 34 | return value; 35 | } 36 | 37 | public static XacmlSdkExceptionCodes fromValue(String v) { 38 | for (XacmlSdkExceptionCodes c: XacmlSdkExceptionCodes.values()) { 39 | if (c.value.equals(v)) { 40 | return c; 41 | } 42 | } 43 | throw new IllegalArgumentException(v); 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-common/src/main/resources/fileHeader.apache2.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) ${h_inceptionYear}-${h_currentYear} ${h_copyrightOwner} - All rights reserved. 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/license/thales-gpl.header.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) ${inceptionYear}-${currentYear} ${copyrightOwner}. 2 | 3 | This file is part of ${projectName}. 4 | 5 | ${projectName} is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | ${projectName} is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with ${projectName}. If not, see . 17 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4.0.0 3 | 4 | org.ow2.authzforce 5 | xacml-sdk 6 | 5.0.0 7 | 8 | 2013 9 | xacml-sdk-pdp-rest-impl 10 | AuthZForce :: XACML SDK :: PDP IMPL :: REST 11 | 12 | UTF-8 13 | Thales Services - ThereSIS 14 | 15 | 16 | 17 | org.apache.cxf 18 | cxf-rt-rs-client 19 | 20 | 21 | org.apache.cxf 22 | cxf-rt-features-logging 23 | 24 | 25 | javax.xml.bind 26 | jaxb-api 27 | 28 | 29 | javax.ws.rs 30 | javax.ws.rs-api 31 | 32 | 33 | 34 | 35 | ${project.parent.groupId} 36 | xacml-sdk-pdp-api 37 | 38 | 39 | ${project.parent.groupId} 40 | xacml-sdk-common 41 | 42 | 43 | 44 | 45 | 46 | ${project.parent.groupId} 47 | ${artifactId.prefix}-rest-api-model 48 | 49 | 50 | 51 | 52 | 53 | com.xebialabs.restito 54 | restito 55 | 0.7 56 | 57 | 58 | junit 59 | junit 60 | 4.13.1 61 | test 62 | 63 | 64 | org.springframework 65 | spring-context 66 | 4.1.6.RELEASE 67 | test 68 | 69 | 70 | org.springframework 71 | spring-test 72 | 4.1.6.RELEASE 73 | test 74 | 75 | 76 | 77 | xml-resolver 78 | xml-resolver 79 | 1.2 80 | test 81 | 82 | 83 | javax.servlet 84 | javax.servlet-api 85 | 4.0.0-b01 86 | test 87 | 88 | 89 | 90 | ${project.parent.groupId} 91 | ${artifactId.prefix}-server-rest-service 92 | test 93 | 94 | 95 | 96 | 97 | 98 | default 99 | 100 | true 101 | 102 | 103 | 104 | 105 | org.apache.maven.plugins 106 | maven-pmd-plugin 107 | 3.5 108 | 110 | 111 | true 112 | 113 | target/generated-sources 114 | target/generated-test-sources 115 | 116 | 117 | 118 | 119 | verify 120 | 121 | check 122 | cpd-check 123 | 124 | 125 | 126 | 127 | 128 | org.codehaus.mojo 129 | findbugs-maven-plugin 130 | 3.0.4 131 | 132 | 134 | Max 135 | 136 | Low 137 | true 138 | 139 | 140 | 141 | verify 142 | 143 | check 144 | 145 | 146 | 147 | 148 | 149 | maven-surefire-plugin 150 | 2.12.4 151 | 152 | 153 | default-test 154 | test 155 | 156 | test 157 | 158 | 159 | 160 | 161 | 162 | **/TestPerformance.java 163 | 164 | 165 | 166 | 167 | org.codehaus.mojo 168 | aspectj-maven-plugin 169 | 1.4 170 | 171 | 172 | default 173 | compile 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | performance-tests 186 | 187 | 188 | 189 | maven-surefire-plugin 190 | 2.12.4 191 | 192 | 193 | default-test 194 | test 195 | 196 | test 197 | 198 | 199 | 200 | 201 | 202 | **/TestPerformance.java 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/src/main/java/org/ow2/authzforce/sdk/core/HttpHeaderInterceptor.java: -------------------------------------------------------------------------------- 1 | package org.ow2.authzforce.sdk.core; 2 | 3 | import org.apache.cxf.interceptor.Fault; 4 | import org.apache.cxf.jaxrs.impl.MetadataMap; 5 | import org.apache.cxf.message.Message; 6 | import org.apache.cxf.phase.AbstractPhaseInterceptor; 7 | import org.apache.cxf.phase.Phase; 8 | 9 | public class HttpHeaderInterceptor extends AbstractPhaseInterceptor { 10 | 11 | private MetadataMap headers; 12 | 13 | public HttpHeaderInterceptor(String phase) { 14 | super(phase); 15 | } 16 | 17 | public HttpHeaderInterceptor() { 18 | super(Phase.PRE_PROTOCOL); 19 | } 20 | 21 | public HttpHeaderInterceptor(MetadataMap customHeaders) { 22 | super(Phase.PRE_PROTOCOL); 23 | this.headers = customHeaders; 24 | } 25 | 26 | public void handleMessage(Message message) throws Fault { 27 | //System.out.println("HTTP HEADER INTERCEPTOR"); 28 | try { 29 | ((MetadataMap) message.get(Message.PROTOCOL_HEADERS)).putAll(headers); 30 | } catch (Exception ce) { 31 | throw new Fault(ce); 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/src/main/java/org/ow2/authzforce/sdk/core/Net.java: -------------------------------------------------------------------------------- 1 | package org.ow2.authzforce.sdk.core; 2 | 3 | import org.apache.cxf.ext.logging.LoggingInInterceptor; 4 | import org.apache.cxf.ext.logging.LoggingOutInterceptor; 5 | import org.apache.cxf.jaxrs.client.ClientConfiguration; 6 | import org.apache.cxf.jaxrs.client.JAXRSClientFactory; 7 | import org.apache.cxf.jaxrs.client.WebClient; 8 | import org.apache.cxf.jaxrs.impl.MetadataMap; 9 | import org.ow2.authzforce.rest.api.jaxrs.DomainResource; 10 | import org.ow2.authzforce.rest.api.jaxrs.DomainsResource; 11 | import org.ow2.authzforce.rest.api.xmlns.Resources; 12 | import org.slf4j.Logger; 13 | import org.slf4j.LoggerFactory; 14 | import org.w3._2005.atom.Link; 15 | 16 | import javax.ws.rs.core.MultivaluedMap; 17 | import java.net.URI; 18 | 19 | public class Net { 20 | 21 | private static final Logger LOGGER = LoggerFactory.getLogger(Net.class); 22 | 23 | private MetadataMap customHeaders; 24 | private String domainId; 25 | private URI serverEndpoint; 26 | private DomainResource targetedDomain; 27 | 28 | public Net(URI serverEndpoint, String domainId, MultivaluedMap headers, boolean doDomainIdTranslation) { 29 | 30 | this.serverEndpoint = serverEndpoint; 31 | this.domainId = domainId; 32 | this.customHeaders = new MetadataMap<>(headers); 33 | this.targetedDomain = setupProxy(doDomainIdTranslation); 34 | } 35 | 36 | private DomainResource setupProxy(boolean doDomainIdTranslation) { 37 | DomainsResource domainsResource = JAXRSClientFactory.create(String.valueOf(this.serverEndpoint), DomainsResource.class); 38 | if (doDomainIdTranslation) { 39 | this.domainId = getDomainIdFromAlias(domainsResource, this.domainId); 40 | } 41 | 42 | DomainResource proxy = domainsResource.getDomainResource(this.domainId); 43 | 44 | LOGGER.debug("Adding custom headers {}", this.customHeaders.toString()); 45 | final ClientConfiguration clientConf = WebClient.getConfig(WebClient.client(proxy)); 46 | final HttpHeaderInterceptor headerInterceptor = new HttpHeaderInterceptor(this.customHeaders); 47 | clientConf.getOutInterceptors().add(headerInterceptor); 48 | 49 | // Request/response logging (for debugging). 50 | if (LOGGER.isDebugEnabled()) { 51 | clientConf.getInInterceptors().add(new LoggingInInterceptor()); 52 | clientConf.getOutInterceptors().add(new LoggingOutInterceptor()); 53 | } 54 | 55 | return proxy; 56 | } 57 | 58 | private String getDomainIdFromAlias(DomainsResource domainsResource, String domainAlias) { 59 | Resources resources = domainsResource.getDomains(domainAlias); 60 | String domainID = ""; 61 | if (resources.getLinks().size() < 1) { 62 | LOGGER.warn("there are no domains with external reference {}", domainAlias); 63 | return domainID; 64 | } 65 | if (resources.getLinks().size() > 1) { 66 | LOGGER.warn("More than 1 link for resource {}. Will select first available", domainAlias); 67 | } 68 | Link link = resources.getLinks().get(0); 69 | if (link != null) { 70 | domainID = link.getHref(); 71 | LOGGER.debug("Resolved {} to {}", domainAlias, domainID); 72 | } 73 | return domainID; 74 | } 75 | 76 | /* 77 | * Headers customizers 78 | */ 79 | 80 | public MultivaluedMap getCustomHeaders() { 81 | return customHeaders; 82 | } 83 | 84 | public DomainResource getMyDomainResource() { 85 | return targetedDomain; 86 | } 87 | 88 | @Override 89 | public String toString() { 90 | 91 | String networkHandler = "[ endpoint => " + this.serverEndpoint + ", domain => " + this.domainId; 92 | if (WebClient.client(targetedDomain) != null) { 93 | networkHandler += ", headers => [" + WebClient.client(targetedDomain).getHeaders() + "]]"; 94 | } else { 95 | networkHandler += "]"; 96 | } 97 | return networkHandler; 98 | } 99 | 100 | } 101 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/src/main/java/org/ow2/authzforce/sdk/core/Utils.java: -------------------------------------------------------------------------------- 1 | package org.ow2.authzforce.sdk.core; 2 | 3 | import java.io.StringWriter; 4 | import java.util.ArrayList; 5 | import java.util.List; 6 | 7 | import javax.xml.bind.JAXBContext; 8 | import javax.xml.bind.JAXBException; 9 | import javax.xml.bind.Marshaller; 10 | 11 | import org.ow2.authzforce.sdk.core.schema.Request; 12 | import org.ow2.authzforce.sdk.core.schema.category.ActionCategory; 13 | import org.ow2.authzforce.sdk.core.schema.category.Category; 14 | import org.ow2.authzforce.sdk.core.schema.category.EnvironmentCategory; 15 | import org.ow2.authzforce.sdk.core.schema.category.ResourceCategory; 16 | import org.ow2.authzforce.sdk.core.schema.category.SubjectCategory; 17 | import org.ow2.authzforce.sdk.core.utils.ResponsesFactory; 18 | import org.ow2.authzforce.sdk.exceptions.XacmlSdkException; 19 | import org.ow2.authzforce.sdk.exceptions.XacmlSdkExceptionCodes; 20 | import org.ow2.authzforce.xacml.identifiers.XACMLAttributeId; 21 | import org.slf4j.Logger; 22 | import org.slf4j.LoggerFactory; 23 | 24 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.Attribute; 25 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.Attributes; 26 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType; 27 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.Response; 28 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.Result; 29 | 30 | public final class Utils { 31 | 32 | private static final Logger LOGGER = LoggerFactory.getLogger(Utils.class); 33 | 34 | /** 35 | * 36 | * @return a properly formed XACML request 37 | * @throws XacmlSdkException 38 | */ 39 | public static Request createXacmlRequest(List subjects, List resources, 40 | List actions, List environments) throws XacmlSdkException { 41 | 42 | if (null == subjects || null == resources || null == actions || null == environments) { 43 | throw new XacmlSdkException(XacmlSdkExceptionCodes.CATEGORY_IS_NULL); 44 | } 45 | if (subjects.size() > 1 || resources.size() > 1 || actions.size() > 1 || environments.size() > 1) { 46 | LOGGER.warn("Multiple categories: Be sure that your PDP support multiple decision profile"); 47 | } 48 | 49 | LOGGER.debug("Assembling Request..."); 50 | try { 51 | 52 | for (SubjectCategory subject : subjects) { 53 | Utils.check(subject); 54 | } 55 | for (ResourceCategory resource : resources) { 56 | Utils.check(resource); 57 | } 58 | for (ActionCategory action : actions) { 59 | Utils.check(action); 60 | } 61 | for (EnvironmentCategory environment : environments) { 62 | Utils.check(environment); 63 | } 64 | } catch (XacmlSdkException e) { 65 | throw new XacmlSdkException(e); 66 | } 67 | 68 | List attributes = new ArrayList(); 69 | attributes.addAll(environments); 70 | attributes.addAll(subjects); 71 | attributes.addAll(actions); 72 | attributes.addAll(resources); 73 | boolean combinedDecision = false; 74 | boolean returnPolicyIdList = false; 75 | 76 | final Request xacmlRequest = new Request(null, attributes, null, returnPolicyIdList, combinedDecision); 77 | 78 | if (LOGGER.isDebugEnabled()) { 79 | StringWriter stringRequest = new StringWriter(); 80 | try { 81 | Marshaller marshaller = JAXBContext 82 | .newInstance(oasis.names.tc.xacml._3_0.core.schema.wd_17.Request.class).createMarshaller(); 83 | marshaller.setProperty(Marshaller.JAXB_FRAGMENT, Boolean.TRUE); 84 | marshaller.marshal(xacmlRequest, stringRequest); 85 | } catch (JAXBException e) { 86 | e.printStackTrace(); 87 | LOGGER.error(e.getLocalizedMessage()); 88 | } 89 | LOGGER.debug("XACML Request created: {}", stringRequest.toString()); 90 | } 91 | 92 | return xacmlRequest; 93 | } 94 | 95 | private static void check(Category category) throws XacmlSdkException { 96 | if (null == category) { 97 | throw new XacmlSdkException(XacmlSdkExceptionCodes.CATEGORY_IS_NULL); 98 | } 99 | } 100 | 101 | /** 102 | * This method take a XACML Response and convert it to a Responses object 103 | * easy to use in the SDK 104 | * 105 | * @throws XacmlSdkException 106 | */ 107 | public static ResponsesFactory extractResponse(Response myResponse) throws XacmlSdkException { 108 | 109 | org.ow2.authzforce.sdk.core.schema.Responses responses = new org.ow2.authzforce.sdk.core.schema.Responses(); 110 | 111 | for (Result result : myResponse.getResults()) { 112 | org.ow2.authzforce.sdk.core.schema.Response response = new org.ow2.authzforce.sdk.core.schema.Response(); 113 | if(result.getDecision().equals(DecisionType.INDETERMINATE) || result.getDecision().equals(DecisionType.NOT_APPLICABLE)) { 114 | throw new XacmlSdkException("Decision is " + result.getDecision().value()); 115 | } 116 | response.setDecision(result.getDecision()); 117 | for (Attributes attrs : result.getAttributes()) { 118 | for (Attribute attr : attrs.getAttributes()) { 119 | if (attr.getAttributeId().equals(XACMLAttributeId.XACML_RESOURCE_RESOURCE_ID.value())) { 120 | if (null != attr.getAttributeValues() && attr.getAttributeValues().size() > 0) { 121 | response.setResourceId(String.valueOf(attr.getAttributeValues().get(0).getContent())); 122 | } 123 | } else if (attr.getAttributeId().equals(XACMLAttributeId.XACML_ACTION_ACTION_ID.value())) { 124 | if (null != attr.getAttributeValues() && attr.getAttributeValues().size() > 0) { 125 | response.setActionId(String.valueOf(attr.getAttributeValues().get(0).getContent())); 126 | 127 | } 128 | } else if (attr.getAttributeId().equals(XACMLAttributeId.XACML_SUBJECT_SUBJECT_ID.value()) && null != attr.getAttributeValues() && attr.getAttributeValues().size() > 0) { 129 | response.setSubjectId(String.valueOf(attr.getAttributeValues().get(0).getContent())); 130 | } 131 | } 132 | } 133 | 134 | responses.getResponses().add(response); 135 | } 136 | 137 | return new ResponsesFactory(responses); 138 | } 139 | 140 | public static void logRawResponse(Response myResponse) { 141 | StringWriter stringRequest = new StringWriter(); 142 | try { 143 | JAXBContext.newInstance(Response.class).createMarshaller() 144 | .marshal(myResponse, stringRequest); 145 | } catch (JAXBException e) { 146 | e.printStackTrace(); 147 | LOGGER.error(e.getLocalizedMessage()); 148 | } 149 | LOGGER.debug("XACML Response\n[ {} ]", stringRequest.toString()); 150 | 151 | } 152 | } 153 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/src/main/java/org/ow2/authzforce/sdk/core/utils/ResponsesFactory.java: -------------------------------------------------------------------------------- 1 | package org.ow2.authzforce.sdk.core.utils; 2 | 3 | import java.util.ArrayList; 4 | import java.util.List; 5 | 6 | import org.ow2.authzforce.sdk.core.schema.Attribute; 7 | import org.ow2.authzforce.sdk.core.schema.Response; 8 | import org.ow2.authzforce.sdk.core.schema.Responses; 9 | import org.ow2.authzforce.xacml.identifiers.XACMLAttributeId; 10 | 11 | /** 12 | * 13 | * @author romain.ferrari[at]thalesgroup.com 14 | * 15 | * Not Implemented yet. 16 | * This class will allow high level computation around xacml responses. Like sorting, grouping, etc... 17 | * 18 | */ 19 | public final class ResponsesFactory extends Responses { 20 | 21 | private String filterAttribute; 22 | 23 | public ResponsesFactory (Responses responses) { 24 | this.getResponses().addAll(responses.getResponses()); 25 | } 26 | 27 | public Responses getResponseGroupBySubject() { 28 | return getResponseGroupBy(XACMLAttributeId.XACML_SUBJECT_SUBJECT_ID); 29 | } 30 | 31 | public Responses getResponseGroupByResource() { 32 | return getResponseGroupBy(XACMLAttributeId.XACML_RESOURCE_RESOURCE_ID); 33 | } 34 | 35 | public Responses getResponseGroupByAction() { 36 | return getResponseGroupBy(XACMLAttributeId.XACML_ACTION_ACTION_ID); 37 | } 38 | 39 | private Responses getResponseGroupBy(XACMLAttributeId id2GroupBy) { 40 | this.setFilterAttribute(id2GroupBy.value()); 41 | Response sortedResponses = new Response(); 42 | Responses responses = new Responses(); 43 | List arrayFinal = new ArrayList(); 44 | for (Response response : this.getResponses()) { 45 | for (Attribute attr : response.getAttributes()) { 46 | if(attr.getAttributeId().equals(id2GroupBy.value())) { 47 | sortedResponses.getAttributes().addAll(response.getAttributes()); 48 | this.setFilterAttribute(String.valueOf(attr.getAttributeValues().get(0).getContent())); 49 | } 50 | sortedResponses.setDecision(response.getDecision()); 51 | } 52 | 53 | arrayFinal.add(sortedResponses); 54 | } 55 | 56 | responses.setResponses(arrayFinal); 57 | 58 | return responses; 59 | } 60 | 61 | public String getFilterAttribute() { 62 | return filterAttribute; 63 | } 64 | 65 | public void setFilterAttribute(String filterAttribute) { 66 | this.filterAttribute = filterAttribute; 67 | } 68 | } -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/src/main/java/org/ow2/authzforce/sdk/impl/XacmlSdkImpl.java: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (C) 2013-2014 Thales Services - ThereSIS - All rights reserved. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package org.ow2.authzforce.sdk.impl; 17 | 18 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.Response; 19 | import org.ow2.authzforce.sdk.XacmlSdk; 20 | import org.ow2.authzforce.sdk.core.Net; 21 | import org.ow2.authzforce.sdk.core.Utils; 22 | import org.ow2.authzforce.sdk.core.schema.Request; 23 | import org.ow2.authzforce.sdk.core.schema.category.ActionCategory; 24 | import org.ow2.authzforce.sdk.core.schema.category.EnvironmentCategory; 25 | import org.ow2.authzforce.sdk.core.schema.category.ResourceCategory; 26 | import org.ow2.authzforce.sdk.core.schema.category.SubjectCategory; 27 | import org.ow2.authzforce.sdk.core.utils.ResponsesFactory; 28 | import org.ow2.authzforce.sdk.exceptions.XacmlSdkException; 29 | import org.slf4j.Logger; 30 | import org.slf4j.LoggerFactory; 31 | 32 | import javax.ws.rs.core.MultivaluedMap; 33 | import java.net.URI; 34 | import java.util.Arrays; 35 | import java.util.List; 36 | 37 | /** 38 | * This Library is about XACML and XML Processing tools to make the developers' 39 | * life easier. 40 | * 41 | * @author Romain FERRARI, romain.ferrari[AT]thalesgroup.com 42 | * @version 0.5 43 | * 44 | */ 45 | public class XacmlSdkImpl implements XacmlSdk { 46 | 47 | private static final Logger LOGGER = LoggerFactory.getLogger(XacmlSdkImpl.class); 48 | 49 | public final Net networkHandler; 50 | 51 | /** 52 | * This constructor is multi tenant enabled. The final endpoint will be 53 | * something like: http://serverEndpoint/domains/{domainId}/pdp 54 | * @param serverEndpoint 55 | * is the PDP endpoint 56 | * @param domainId the UUID of the target domain (or domain alias if doDomainIdTranslation is true) 57 | * @param doDomainIdTranslation if set to true domainId will be taken as an alias instead of UUID 58 | */ 59 | public XacmlSdkImpl(URI serverEndpoint, String domainId, MultivaluedMap customHeaders, boolean doDomainIdTranslation) { 60 | networkHandler = new Net(serverEndpoint, domainId, customHeaders, doDomainIdTranslation); 61 | } 62 | 63 | public XacmlSdkImpl(URI serverEndpoint, String domainId, MultivaluedMap customHeaders) { 64 | this(serverEndpoint, domainId, customHeaders, false); 65 | } 66 | 67 | 68 | public XacmlSdkImpl(URI serverEndpoint, String domainId) { 69 | networkHandler = new Net(serverEndpoint, domainId, null, false); 70 | } 71 | 72 | public ResponsesFactory getAuthZ(List subject, List resources, 73 | List actions, List environment) throws XacmlSdkException { 74 | // XACML Request creation 75 | final Request request = Utils.createXacmlRequest(subject, resources, actions, environment); 76 | 77 | try { 78 | LOGGER.debug("Calling PDP using network handler: {}", networkHandler); 79 | final Response rawResponse = networkHandler.getMyDomainResource().getPdpResource().requestPolicyDecision(request); 80 | if (LOGGER.isDebugEnabled()) { 81 | Utils.logRawResponse(rawResponse); 82 | } 83 | return Utils.extractResponse(rawResponse); 84 | } catch (javax.ws.rs.NotFoundException e) { 85 | throw new XacmlSdkException("HTTP 404: Authorization server not found", e); 86 | } catch (javax.ws.rs.BadRequestException e) { 87 | throw new XacmlSdkException("HTTP 400: Bad Request", e); 88 | } catch (javax.ws.rs.InternalServerErrorException e) { 89 | throw new XacmlSdkException("HTTP 500: Internal Server Error", e); 90 | } catch (javax.ws.rs.ServerErrorException e) { 91 | throw new XacmlSdkException(e); 92 | } catch (Exception e) { 93 | throw new XacmlSdkException(e); 94 | } 95 | } 96 | 97 | public ResponsesFactory getAuthZ(SubjectCategory subject, ResourceCategory resources, ActionCategory actions, 98 | EnvironmentCategory environment) throws XacmlSdkException { 99 | return this.getAuthZ(Arrays.asList(subject), Arrays.asList(resources), Arrays.asList(actions), 100 | Arrays.asList(environment)); 101 | } 102 | 103 | public ResponsesFactory getAuthZ(List subject, ResourceCategory resources, ActionCategory actions, 104 | EnvironmentCategory environment) throws XacmlSdkException { 105 | return this.getAuthZ(subject, Arrays.asList(resources), Arrays.asList(actions), Arrays.asList(environment)); 106 | } 107 | 108 | public ResponsesFactory getAuthZ(SubjectCategory subject, List resources, ActionCategory actions, 109 | EnvironmentCategory environment) throws XacmlSdkException { 110 | return this.getAuthZ(Arrays.asList(subject), resources, Arrays.asList(actions), Arrays.asList(environment)); 111 | } 112 | 113 | public ResponsesFactory getAuthZ(SubjectCategory subject, ResourceCategory resources, List actions, 114 | EnvironmentCategory environment) throws XacmlSdkException { 115 | return this.getAuthZ(Arrays.asList(subject), Arrays.asList(resources), actions, Arrays.asList(environment)); 116 | } 117 | 118 | public ResponsesFactory getAuthZ(SubjectCategory subject, ResourceCategory resources, ActionCategory actions, 119 | List environment) throws XacmlSdkException { 120 | return this.getAuthZ(Arrays.asList(subject), Arrays.asList(resources), Arrays.asList(actions), environment); 121 | } 122 | } 123 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/src/main/resources/fileHeader.apache2.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) ${h_inceptionYear}-${h_currentYear} ${h_copyrightOwner} - All rights reserved. 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/src/main/resources/fileHeader.gplv3.txt: -------------------------------------------------------------------------------- 1 | This file is part of ${h_projectName}. 2 | 3 | ${h_projectName} is free software: you can redistribute it and/or modify 4 | it under the terms of the GNU General Public License as published by 5 | the Free Software Foundation, either version 3 of the License, or 6 | (at your option) any later version. 7 | 8 | ${h_projectName} is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | GNU General Public License for more details. 12 | 13 | You should have received a copy of the GNU General Public License 14 | along with ${h_projectName}. If not, see -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/src/main/resources/ssl-client-configuration.xml: -------------------------------------------------------------------------------- 1 | 13 | 14 | 15 | 16 | 17 | 18 | 20 | 21 | 22 | 24 | 25 | 26 | 30 | .*_EXPORT_.* 31 | .*_EXPORT1024_.* 32 | .*_WITH_DES_.* 33 | .*_WITH_AES_.* 34 | .*_WITH_NULL_.* 35 | .*_DH_anon_.* 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/src/test/java/com/thalesgroup/authzforce/sdk/tests/TestCalls.java: -------------------------------------------------------------------------------- 1 | package com.thalesgroup.authzforce.sdk.tests; 2 | 3 | import com.thalesgroup.authzforce.sdk.tests.utils.Utils; 4 | import com.xebialabs.restito.server.StubServer; 5 | import com.xebialabs.restito.support.junit.NeedsServer; 6 | import com.xebialabs.restito.support.junit.ServerDependencyRule; 7 | import org.apache.cxf.jaxrs.impl.MetadataMap; 8 | import org.junit.After; 9 | import org.junit.Assert; 10 | import org.junit.Before; 11 | import org.junit.Rule; 12 | import org.junit.Test; 13 | import org.junit.rules.ExpectedException; 14 | import org.ow2.authzforce.sdk.core.schema.category.ActionCategory; 15 | import org.ow2.authzforce.sdk.core.schema.category.EnvironmentCategory; 16 | import org.ow2.authzforce.sdk.core.schema.category.ResourceCategory; 17 | import org.ow2.authzforce.sdk.core.schema.category.SubjectCategory; 18 | import org.ow2.authzforce.sdk.exceptions.XacmlSdkException; 19 | import org.ow2.authzforce.sdk.impl.XacmlSdkImpl; 20 | import org.slf4j.Logger; 21 | import org.slf4j.LoggerFactory; 22 | 23 | import javax.xml.bind.JAXBException; 24 | import java.io.FileNotFoundException; 25 | import java.net.URI; 26 | import java.util.Scanner; 27 | import java.util.regex.Pattern; 28 | 29 | import static com.xebialabs.restito.builder.stub.StubHttp.whenHttp; 30 | import static com.xebialabs.restito.builder.verify.VerifyHttp.verifyHttp; 31 | import static com.xebialabs.restito.semantics.Action.contentType; 32 | import static com.xebialabs.restito.semantics.Action.ok; 33 | import static com.xebialabs.restito.semantics.Action.stringContent; 34 | import static com.xebialabs.restito.semantics.Condition.matchesUri; 35 | import static com.xebialabs.restito.semantics.Condition.withHeader; 36 | import static com.xebialabs.restito.semantics.Condition.withPostBody; 37 | 38 | public class TestCalls { 39 | 40 | private static final String USER_DOMAIN = "5e022256-6d0f-4eb8-aa9d-77db3d4ad141"; 41 | 42 | protected StubServer server; 43 | 44 | @Rule 45 | public ExpectedException exception = ExpectedException.none(); 46 | 47 | @Rule 48 | public ServerDependencyRule serverDependency = new ServerDependencyRule(); 49 | 50 | private static final Logger LOGGER = LoggerFactory.getLogger(TestCalls.class); 51 | private final static String ENDPOINT_ADDRESS = "http://127.0.0.1:" + StubServer.DEFAULT_PORT + "/"; 52 | 53 | private static final String TEST_HEADER_KEY = "X-AUTH-TOKEN"; 54 | 55 | @Before 56 | public void setUp() throws FileNotFoundException, JAXBException { 57 | if (serverDependency.isServerDependent()) { 58 | server = new StubServer(StubServer.DEFAULT_PORT).run(); 59 | final String expectedResponse = Utils.printResponse(Utils.createResponse("src/test/resources/responses/simple-response.xml")); 60 | whenHttp(server).match(withPostBody()).then(ok(), stringContent(expectedResponse), contentType("application/xml")); 61 | } 62 | } 63 | 64 | @After 65 | public void stopServer() { 66 | if (null != server) { 67 | server.stop(); 68 | } 69 | } 70 | 71 | /** 72 | * This test has be written to check that the SDK is actually throwing 73 | * proper exceptions when not finding an authorization server 74 | * 75 | * @throws XacmlSdkException 76 | */ 77 | @Test 78 | public void TestPdpNotFound() throws XacmlSdkException { 79 | LOGGER.info("Testing not responsive server"); 80 | XacmlSdkImpl sdk = new XacmlSdkImpl(URI.create(ENDPOINT_ADDRESS), USER_DOMAIN, null); 81 | exception.expect(XacmlSdkException.class); 82 | sdk.getAuthZ(new SubjectCategory(), new ResourceCategory(), new ActionCategory(), new EnvironmentCategory()); 83 | Assert.fail("Exception not thrown"); 84 | 85 | } 86 | 87 | @Test 88 | @NeedsServer 89 | public void TestEmptyRequest() throws XacmlSdkException { 90 | LOGGER.info("Testing empty request call"); 91 | XacmlSdkImpl sdk = new XacmlSdkImpl(URI.create(ENDPOINT_ADDRESS), USER_DOMAIN, null); 92 | sdk.getAuthZ(new SubjectCategory(), new ResourceCategory(), new ActionCategory(), new EnvironmentCategory()); 93 | verifyHttp(server).once(withPostBody()); 94 | } 95 | 96 | @Test 97 | @NeedsServer 98 | public void TestCustomHeaders() throws XacmlSdkException { 99 | LOGGER.info("Testing custom header funcitonnality"); 100 | MetadataMap headers = new MetadataMap(); 101 | headers.add(TEST_HEADER_KEY, "TEST-AUTH-TOKEN"); 102 | XacmlSdkImpl sdk = new XacmlSdkImpl(URI.create(ENDPOINT_ADDRESS), USER_DOMAIN, headers); 103 | sdk.getAuthZ(new SubjectCategory(), new ResourceCategory(), new ActionCategory(), new EnvironmentCategory()); 104 | verifyHttp(server).once(withHeader(TEST_HEADER_KEY)); 105 | } 106 | 107 | @Test 108 | @NeedsServer 109 | public void TestDomainIdTranslation() throws XacmlSdkException { 110 | LOGGER.info("Testing domainID translation functionality"); 111 | String serverResponse = new Scanner(ClassLoader.getSystemResourceAsStream("responses/domainIdTranslation-response.xml")).useDelimiter("eof").next(); 112 | whenHttp(server).match(matchesUri(Pattern.compile("/domains"))).then(ok(), stringContent(serverResponse), contentType("application/xml")); 113 | 114 | XacmlSdkImpl sdk = new XacmlSdkImpl(URI.create(ENDPOINT_ADDRESS), "domainAlias", null, true); 115 | sdk.getAuthZ(new SubjectCategory(), new ResourceCategory(), new ActionCategory(), new EnvironmentCategory()); 116 | verifyHttp(server).once(matchesUri(Pattern.compile("/domains"))); 117 | verifyHttp(server).once(withPostBody()); 118 | } 119 | } -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/src/test/java/com/thalesgroup/authzforce/sdk/tests/TestPerformance.java: -------------------------------------------------------------------------------- 1 | package com.thalesgroup.authzforce.sdk.tests; 2 | 3 | import static com.xebialabs.restito.builder.stub.StubHttp.whenHttp; 4 | import static com.xebialabs.restito.semantics.Action.contentType; 5 | import static com.xebialabs.restito.semantics.Action.ok; 6 | import static com.xebialabs.restito.semantics.Action.stringContent; 7 | import static com.xebialabs.restito.semantics.Condition.withPostBody; 8 | 9 | import java.io.FileNotFoundException; 10 | import java.io.StringWriter; 11 | import java.net.URI; 12 | import java.util.Arrays; 13 | import java.util.List; 14 | import java.util.concurrent.ArrayBlockingQueue; 15 | import java.util.concurrent.ExecutorService; 16 | import java.util.concurrent.ThreadPoolExecutor; 17 | import java.util.concurrent.TimeUnit; 18 | 19 | import javax.xml.bind.JAXBException; 20 | 21 | import org.junit.After; 22 | import org.junit.Before; 23 | import org.junit.Rule; 24 | import org.junit.Test; 25 | import org.junit.rules.ExpectedException; 26 | import org.ow2.authzforce.sdk.core.schema.category.ActionCategory; 27 | import org.ow2.authzforce.sdk.core.schema.category.EnvironmentCategory; 28 | import org.ow2.authzforce.sdk.core.schema.category.ResourceCategory; 29 | import org.ow2.authzforce.sdk.core.schema.category.SubjectCategory; 30 | import org.ow2.authzforce.sdk.exceptions.XacmlSdkException; 31 | import org.ow2.authzforce.sdk.impl.XacmlSdkImpl; 32 | import org.slf4j.Logger; 33 | import org.slf4j.LoggerFactory; 34 | 35 | import com.thalesgroup.authzforce.sdk.tests.utils.Utils; 36 | import com.xebialabs.restito.server.StubServer; 37 | import com.xebialabs.restito.support.junit.NeedsServer; 38 | import com.xebialabs.restito.support.junit.ServerDependencyRule; 39 | 40 | import ch.qos.logback.classic.Level; 41 | import ch.qos.logback.classic.LoggerContext; 42 | 43 | public class TestPerformance { 44 | 45 | private static final String USER_DOMAIN = "5e022256-6d0f-4eb8-aa9d-77db3d4ad141"; 46 | 47 | protected StubServer server; 48 | 49 | @Rule 50 | public ExpectedException exception = ExpectedException.none(); 51 | 52 | @Rule 53 | public ServerDependencyRule serverDependency = new ServerDependencyRule(); 54 | 55 | private static final int MYTHREADS = 30; 56 | // ExecutorService executor = Executors.newFixedThreadPool(MYTHREADS); 57 | ExecutorService executor = new ThreadPoolExecutor(MYTHREADS, MYTHREADS, 1, TimeUnit.MINUTES, new ArrayBlockingQueue(MYTHREADS, true), new ThreadPoolExecutor.CallerRunsPolicy()); 58 | 59 | private List myResourceCategory; 60 | private List mySubjCategroy; 61 | private List myActionCategory; 62 | private List myEnvironmentCategory; 63 | 64 | private final static String ENDPOINT_ADDRESS = "http://127.0.0.1:" + StubServer.DEFAULT_PORT + "/"; 65 | private final static XacmlSdkImpl sdk = new XacmlSdkImpl(URI.create(ENDPOINT_ADDRESS), USER_DOMAIN); 66 | 67 | private static final int WARM_UP_ROUNDS = 1000; 68 | 69 | private static final int[] TEST_ROUND = {1, 10, 50, 100, 200, 250, 500, 700, 1000, 1500, 2000, 3000, 4000, 5000, 7000, 10000}; 70 | 71 | private static final String SEPARATOR = "\t\t"; 72 | 73 | private StringWriter resultsReqS = new StringWriter(); 74 | 75 | private StringWriter results = new StringWriter(); 76 | 77 | @Before 78 | public void setUp() throws FileNotFoundException, JAXBException { 79 | LoggerContext loggerContext = (LoggerContext) LoggerFactory.getILoggerFactory(); 80 | ch.qos.logback.classic.Logger rootLogger = loggerContext.getLogger(Logger.ROOT_LOGGER_NAME); 81 | ch.qos.logback.classic.Logger sdkLogger = loggerContext.getLogger("com.thalesgroup"); 82 | rootLogger.setLevel(Level.OFF); 83 | sdkLogger.setLevel(Level.OFF); 84 | if (serverDependency.isServerDependent()) { 85 | server = new StubServer(StubServer.DEFAULT_PORT).run(); 86 | final String expectedResponse = Utils 87 | .printResponse(Utils.createResponse("src/test/resources/responses/simple-response.xml")); 88 | whenHttp(server).match(withPostBody()).then(ok(), stringContent(expectedResponse), 89 | contentType("application/xml")); 90 | } 91 | categorySetUp(); 92 | } 93 | 94 | private void categorySetUp() { 95 | mySubjCategroy = Arrays.asList(new SubjectCategory()); 96 | myResourceCategory = Arrays.asList(new ResourceCategory()); 97 | myActionCategory = Arrays.asList(new ActionCategory()); 98 | myEnvironmentCategory = Arrays.asList(new EnvironmentCategory()); 99 | } 100 | 101 | @After 102 | public void stopServer() { 103 | System.out.println(results.toString()); 104 | System.out.println(); 105 | System.out.println(resultsReqS.toString()); 106 | if (null != server) { 107 | server.stop(); 108 | } 109 | } 110 | 111 | private void warmUp() { 112 | System.out.println("Warming up the JVM...."); 113 | XacmlSdkImpl sdk = new XacmlSdkImpl(URI.create(ENDPOINT_ADDRESS), USER_DOMAIN, null); 114 | for (int i = 0; i < WARM_UP_ROUNDS; i++) { 115 | try { 116 | sdk.getAuthZ(mySubjCategroy, myResourceCategory, myActionCategory, myEnvironmentCategory); 117 | } catch (XacmlSdkException e) { 118 | e.printStackTrace(); 119 | } 120 | // verifyHttp(server).once(withPostBody()); 121 | } 122 | } 123 | 124 | private void TestMultipleRequests(int nbRequest) throws XacmlSdkException { 125 | long before = System.nanoTime(); 126 | for (int i = 0; i < nbRequest; i++) { 127 | executor.execute(new Runnable() { 128 | public void run() { 129 | try { 130 | sdk.getAuthZ(mySubjCategroy, myResourceCategory, myActionCategory, myEnvironmentCategory) 131 | .getResponses().get(0).getDecision(); 132 | } catch (XacmlSdkException e) { 133 | e.printStackTrace(); 134 | } 135 | } 136 | }); 137 | } 138 | 139 | long processingTime = System.nanoTime(); 140 | processingTime -= before; 141 | long requestBySec = Long.valueOf(nbRequest)/processingTime; 142 | processingTime = processingTime/Long.valueOf(nbRequest); 143 | results.append(processingTime + "\n"); 144 | resultsReqS.append(requestBySec +"\n"); 145 | } 146 | 147 | @Test 148 | @NeedsServer 149 | public void TestSDKPerformance() throws XacmlSdkException { 150 | warmUp(); 151 | System.out.println("Starting tests"); 152 | for (int round : TEST_ROUND) { 153 | // System.out.println("Round #"+round); 154 | TestMultipleRequests(round); 155 | } 156 | executor.shutdown(); 157 | try { 158 | if (!executor.awaitTermination(60, TimeUnit.SECONDS)) { 159 | // pool didn't terminate after the first try 160 | executor.shutdownNow(); 161 | } 162 | 163 | if (!executor.awaitTermination(60, TimeUnit.SECONDS)) { 164 | // pool didn't terminate after the second try 165 | } 166 | } catch (InterruptedException ex) { 167 | executor.shutdownNow(); 168 | Thread.currentThread().interrupt(); 169 | } 170 | } 171 | } 172 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/src/test/java/com/thalesgroup/authzforce/sdk/tests/TestResponseFactory.java: -------------------------------------------------------------------------------- 1 | package com.thalesgroup.authzforce.sdk.tests; 2 | 3 | import java.io.FileNotFoundException; 4 | 5 | import javax.xml.bind.JAXBException; 6 | 7 | import org.junit.Assert; 8 | import org.junit.Test; 9 | import org.ow2.authzforce.sdk.core.Utils; 10 | import org.ow2.authzforce.sdk.core.schema.Response; 11 | import org.ow2.authzforce.sdk.core.schema.Responses; 12 | import org.ow2.authzforce.sdk.exceptions.XacmlSdkException; 13 | import org.slf4j.Logger; 14 | import org.slf4j.LoggerFactory; 15 | 16 | public class TestResponseFactory { 17 | private static final Logger LOGGER = LoggerFactory.getLogger(TestResponseFactory.class); 18 | private static final String REQUEST_FILES_PATH = "src/test/resources/requests"; 19 | private static final String RESPONSE_FILES_PATH = "src/test/resources/responses"; 20 | 21 | // @Test 22 | // public void testGetResponseGroupBySubject() throws FileNotFoundException, JAXBException, XacmlSdkException { 23 | // Responses responses = Utils.extractResponse(com.thalesgroup.authzforce.sdk.tests.utils.Utils.createResponse(RESPONSE_FILES_PATH + "/TestResponseFactoryGetResponseGroupBySubject.xml")).getResponseGroupBySubject(); 24 | // for (Response response : responses.getResponses()) { 25 | // LOGGER.debug(response.getSubjectId()); 26 | // Assert.assertEquals("thales", response.getSubjectId()); 27 | // if(response.getActionId().equals("HEAD")) { 28 | // Assert.assertEquals("Deny", response.getDecision().value()); 29 | // } else { 30 | // Assert.assertEquals("Permit", response.getDecision().value()); 31 | // } 32 | // Assert.assertEquals("http://www.thalesgroup.com", response.getResourceId()); 33 | // } 34 | // } 35 | // 36 | // @Test 37 | // public void testGetResponseGroupByResource() { 38 | // Assert.fail("Not implemented"); 39 | // } 40 | // 41 | // @Test 42 | // public void testGetResponseGroupByAction() { 43 | // Assert.fail("Not implemented"); 44 | // } 45 | } 46 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/src/test/java/com/thalesgroup/authzforce/sdk/tests/utils/StubPdp.java: -------------------------------------------------------------------------------- 1 | package com.thalesgroup.authzforce.sdk.tests.utils; 2 | 3 | import static com.xebialabs.restito.builder.stub.StubHttp.whenHttp; 4 | import static com.xebialabs.restito.semantics.Action.contentType; 5 | import static com.xebialabs.restito.semantics.Action.ok; 6 | import static com.xebialabs.restito.semantics.Action.stringContent; 7 | import static com.xebialabs.restito.semantics.Condition.withPostBody; 8 | 9 | import java.io.FileNotFoundException; 10 | 11 | import javax.xml.bind.JAXBException; 12 | 13 | import org.junit.After; 14 | import org.junit.Before; 15 | import org.junit.Rule; 16 | 17 | import com.xebialabs.restito.server.StubServer; 18 | import com.xebialabs.restito.support.junit.ServerDependencyRule; 19 | 20 | public abstract class StubPdp { 21 | protected StubServer server; 22 | 23 | @Rule 24 | public ServerDependencyRule serverDependency = new ServerDependencyRule(); 25 | 26 | @Before 27 | public void startServer() throws FileNotFoundException, JAXBException { 28 | if (serverDependency.isServerDependent()) { 29 | 30 | } 31 | } 32 | 33 | @After 34 | public void stopServer() { 35 | if (server != null) { 36 | server.stop(); 37 | } 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/src/test/java/com/thalesgroup/authzforce/sdk/tests/utils/Utils.java: -------------------------------------------------------------------------------- 1 | package com.thalesgroup.authzforce.sdk.tests.utils; 2 | 3 | import java.io.FileNotFoundException; 4 | import java.io.StringWriter; 5 | import java.net.URL; 6 | 7 | import javax.xml.bind.JAXBContext; 8 | import javax.xml.bind.JAXBException; 9 | import javax.xml.bind.Marshaller; 10 | import javax.xml.bind.Unmarshaller; 11 | 12 | import org.slf4j.Logger; 13 | import org.slf4j.LoggerFactory; 14 | import org.springframework.util.ResourceUtils; 15 | 16 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.Request; 17 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.Response; 18 | 19 | public final class Utils { 20 | 21 | private static final Logger LOGGER = LoggerFactory.getLogger(Utils.class); 22 | 23 | /** 24 | * This creates the XACML request from file on classpath 25 | * 26 | * @param requestFileLocation 27 | * file path (with Spring-supported URL prefixes: 'classpath:', etc.) path to the 28 | * request file, relative to classpath 29 | * @return the XML/JAXB Request or null if any error 30 | * @throws JAXBException 31 | * error reading XACML 3.0 Request from the file at {@code requestFileLocation} 32 | * @throws FileNotFoundException 33 | * no file found at {@code requestFileLocation} 34 | */ 35 | public static Request createRequest(String requestFileLocation) throws JAXBException, FileNotFoundException 36 | { 37 | /** 38 | * Get absolute path/URL to request file in a portable way, using current class loader. As 39 | * per javadoc, the name of the resource passed to ClassLoader.getResource() is a 40 | * '/'-separated path name that identifies the resource. So let's build it. Note: do not use 41 | * File.separator as path separator, as it will be turned into backslash "\\" on Windows, 42 | * and will be URL-encoded (%5c) by the getResource() method (not considered path separator 43 | * by this method), and file will not be found as a result. 44 | */ 45 | URL requestFileURL = ResourceUtils.getURL(requestFileLocation); 46 | if (requestFileURL == null) 47 | { 48 | throw new FileNotFoundException("No XACML Request file found at location: 'classpath:" + requestFileLocation + "'"); 49 | } 50 | 51 | LOGGER.debug("Request file to read: {}", requestFileURL); 52 | Unmarshaller u = JAXBContext.newInstance(Request.class).createUnmarshaller(); 53 | Request request = (Request) u.unmarshal(requestFileURL); 54 | return request; 55 | } 56 | 57 | public static String printRequest(Request request) 58 | { 59 | StringWriter writer = new StringWriter(); 60 | try 61 | { 62 | Marshaller marshaller = JAXBContext.newInstance(Request.class).createMarshaller(); 63 | marshaller.setProperty(Marshaller.JAXB_FRAGMENT, Boolean.TRUE); 64 | marshaller.marshal(request, writer); 65 | } catch (Exception e) 66 | { 67 | LOGGER.error("Error marshalling Request", e); 68 | } 69 | 70 | return writer.toString(); 71 | } 72 | 73 | /** 74 | * This creates the XACML response from file on classpath 75 | * 76 | * @param responseFileLocation 77 | * path to the response file (with Spring-supported URL prefixes: 'classpath:', etc.) 78 | * @return the XML/JAXB Response or null if any error 79 | * @throws JAXBException 80 | * error reading XACML 3.0 Request from the file at {@code responseFileLocation} 81 | * @throws FileNotFoundException 82 | * no file found at {@code responseFileLocation} 83 | */ 84 | public static Response createResponse(String responseFileLocation) throws JAXBException, FileNotFoundException 85 | { 86 | /** 87 | * Get absolute path/URL to response file in a portable way, using current class loader. As 88 | * per javadoc, the name of the resource passed to ClassLoader.getResource() is a 89 | * '/'-separated path name that identifies the resource. So let's build it. Note: do not use 90 | * File.separator as path separator, as it will be turned into backslash "\\" on Windows, 91 | * and will be URL-encoded (%5c) by the getResource() method (not considered path separator 92 | * by this method), and file will not be found as a result. 93 | */ 94 | URL responseFileURL = ResourceUtils.getURL(responseFileLocation); 95 | LOGGER.debug("Response file to read: {}", responseFileURL); 96 | Unmarshaller u = JAXBContext.newInstance(Request.class).createUnmarshaller(); 97 | Response response = (Response) u.unmarshal(responseFileURL); 98 | LOGGER.debug("XACML Response: {}", Utils.printResponse(response)); 99 | return response; 100 | } 101 | 102 | public static String printResponse(Response response) 103 | { 104 | StringWriter writer = new StringWriter(); 105 | try 106 | { 107 | Marshaller marshaller = JAXBContext.newInstance(Request.class).createMarshaller(); 108 | marshaller.setProperty(Marshaller.JAXB_FRAGMENT, Boolean.TRUE); 109 | marshaller.marshal(response, writer); 110 | } catch (Exception e) 111 | { 112 | LOGGER.error("Error marshalling Response", e); 113 | } 114 | 115 | return writer.toString(); 116 | } 117 | } 118 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/src/test/resources/logback-test.xml: -------------------------------------------------------------------------------- 1 | 2 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | %date{ISO8601} %-5level [%thread] %logger:%line: %msg%n 35 | 36 | 37 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 57 | 58 | 60 | 61 | 62 | 63 | 64 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/src/test/resources/requests/simple-request.xml: -------------------------------------------------------------------------------- 1 | TestCreateXacmlRequestTestCreateXacmlRequestTestCreateXacmlRequestTestCreateXacmlRequest -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/src/test/resources/responses/TestExtractResponseWithMultipleResponses.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Permit 5 | 7 | 9 | thales 10 | 11 | 12 | 13 | 15 | http://www.opencloudware.org 16 | 17 | 18 | 19 | 21 | HEAD 22 | 23 | 24 | 25 | 26 | Deny 27 | 29 | 31 | sagem 32 | 33 | 34 | 35 | 37 | http://www.thalesgroup.com 38 | 39 | 40 | 41 | 43 | HEAD 44 | 45 | 46 | 47 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/src/test/resources/responses/TestExtractResponseWithMultipleSameSubject.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Deny 5 | 7 | 9 | thales 10 | 11 | 12 | 13 | 15 | http://www.thalesgroup.com 16 | 17 | 18 | 19 | 21 | HEAD 22 | 23 | 24 | 25 | 26 | Permit 27 | 29 | 31 | thales 32 | 33 | 34 | 35 | 37 | http://www.thalesgroup.com 38 | 39 | 40 | 41 | 43 | POST 44 | 45 | 46 | 47 | 48 | Permit 49 | 51 | 53 | thales 54 | 55 | 56 | 57 | 59 | http://www.thalesgroup.com 60 | 61 | 62 | 63 | 65 | GET 66 | 67 | 68 | 69 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/src/test/resources/responses/TestExtractResponseWithOneResponse.xml: -------------------------------------------------------------------------------- 1 | PermitThalesIdhttp://www.opencloudware.orgHEAD -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/src/test/resources/responses/TestResponseFactoryGetResponseGroupBySubject.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Deny 5 | 7 | 9 | thales 10 | 11 | 12 | 13 | 15 | http://www.thalesgroup.com 16 | 17 | 18 | 19 | 21 | HEAD 22 | 23 | 24 | 25 | 26 | Permit 27 | 29 | 31 | thales 32 | 33 | 34 | 35 | 37 | http://www.thalesgroup.com 38 | 39 | 40 | 41 | 43 | POST 44 | 45 | 46 | 47 | 48 | Permit 49 | 51 | 53 | thales 54 | 55 | 56 | 57 | 59 | http://www.thalesgroup.com 60 | 61 | 62 | 63 | 65 | GET 66 | 67 | 68 | 69 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/src/test/resources/responses/domainIdTranslation-response.xml: -------------------------------------------------------------------------------- 1 | 4 | 5 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-core/src/test/resources/responses/simple-response.xml: -------------------------------------------------------------------------------- 1 | PermitThalesIdhttp://www.opencloudware.orgHEAD -------------------------------------------------------------------------------- /authzforce-xacmlsdk-model/license/thales-gpl.header.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) ${inceptionYear}-${currentYear} ${copyrightOwner}. 2 | 3 | This file is part of ${projectName}. 4 | 5 | ${projectName} is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | ${projectName} is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with ${projectName}. If not, see . 17 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-model/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4.0.0 3 | 4 | org.ow2.authzforce 5 | xacml-sdk 6 | 5.0.0 7 | 8 | 9 | UTF-8 10 | Thales Services - ThereSIS 11 | 2.0.5 12 | 1.6.6 13 | 14 | 2013 15 | xacml-sdk-model 16 | AuthZForce :: XACML SDK :: MODEL 17 | 18 | 19 | javax.xml.bind 20 | jaxb-api 21 | provided 22 | 23 | 24 | org.jdom 25 | jdom2 26 | ${jdom.version} 27 | 28 | 29 | 30 | 31 | org.ow2.authzforce 32 | ${artifactId.prefix}-xacml-model 33 | 34 | 35 | 36 | 37 | 38 | 39 | org.codehaus.gmaven 40 | gmaven-plugin 41 | 1.5 42 | 43 | 44 | 45 | execute 46 | 47 | 48 | 49 | import java.util.Date 50 | import java.text.MessageFormat 51 | def 52 | vartimestamp = MessageFormat.format("{0,date,yyyy}", new Date()) 53 | project.properties['currentYear'] = vartimestamp 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | com.mycila.maven-license-plugin 62 | maven-license-plugin 63 | 1.9.0 64 | 65 | 66 |
src/main/resources/fileHeader.apache2.txt
67 | 68 | 69 | ${project.inceptionYear} 70 | ${currentYear} 71 | ${copyrightOwner} 72 | 73 | true 74 | 75 | **/*.html 76 | **/*.xml 77 | **/*.txt 78 | **/*.ec 79 | **/*.log 80 | **/*.css 81 | **/*.js 82 | **/*.jsp 83 | **/*.md 84 | **/*.properties 85 | **/*.gitignore 86 | src/test/** 87 | src/main/resources/** 88 | 89 | 90 | src/main/java/com/thalesgroup/** 91 | src/main/java/com/sun/xacml/xacmlv3/** 92 | src/main/java/com/sun/cond/xacmlv3/** 93 | src/main/java/com/sun/ctx/xacmlv3/** 94 | src/main/java/com/sun/xacml/CacheManager.java 95 | src/main/java/com/sun/xacml/ObligationExpressions.java 96 | src/main/java/com/sun/xacml/combine/PermitUnlessDenyPolicyAlg 97 | src/main/java/com/sun/xacml/combine/PermitUnlessDenyRuleAlg 98 | src/main/java/com/sun/xacml/combine/DenyUnlessPermitPolicyAlg 99 | src/main/java/com/sun/xacml/combine/DenyUnlessPermitRuleAlg 100 | src/main/java/com/sun/xacml/finder/impl/MultipleResourceFinder.java 101 | 102 | 103 | 104 | 105 | 106 | format 107 | 108 | 109 | 110 | 111 | 112 | org.codehaus.mojo 113 | aspectj-maven-plugin 114 | 1.4 115 | 116 | 117 | default 118 | compile 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-model/src/main/java/org/ow2/authzforce/sdk/core/schema/Action.java: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (C) 2013-2014 Thales Services - ThereSIS - All rights reserved. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package org.ow2.authzforce.sdk.core.schema; 17 | 18 | import java.io.Serializable; 19 | import java.text.SimpleDateFormat; 20 | import java.util.Arrays; 21 | import java.util.Date; 22 | 23 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType; 24 | 25 | public final class Action extends Attribute { 26 | 27 | private static final XACMLAttributeId DEFDAULT_ATTRIBUTE_ID = XACMLAttributeId.XACML_ACTION_ACTION_ID; 28 | private static final String DEFAULT_ISSUER = "xacml-sdk-5.0.0"; 29 | 30 | public Action(final String value) { 31 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable)value), XACMLDatatypes.XACML_DATATYPE_STRING.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 32 | } 33 | 34 | public Action(final int value) { 35 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable)String.valueOf(value)), XACMLDatatypes.XACML_DATATYPE_INTEGER.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 36 | } 37 | 38 | public Action(final double value) { 39 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable)String.valueOf(value)), XACMLDatatypes.XACML_DATATYPE_DOUBLE.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 40 | } 41 | 42 | public Action(final boolean value) { 43 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable)String.valueOf(value)), XACMLDatatypes.XACML_DATATYPE_STRING.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 44 | } 45 | 46 | /** 47 | * 48 | * @param date /!\ WARNING: date format needs to be "YYY-MM-DD" /!\ 49 | */ 50 | public Action(final Date date) { 51 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable)new SimpleDateFormat("YYY-MM-DD").format(date)), XACMLDatatypes.XACML_DATATYPE_DATE.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-model/src/main/java/org/ow2/authzforce/sdk/core/schema/Attribute.java: -------------------------------------------------------------------------------- 1 | package org.ow2.authzforce.sdk.core.schema; 2 | 3 | import java.util.List; 4 | 5 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType; 6 | 7 | public class Attribute extends oasis.names.tc.xacml._3_0.core.schema.wd_17.Attribute { 8 | 9 | protected static final String DATE_FORMAT = "yyyy-MM-dd"; 10 | 11 | public Attribute(final List attributeValues, final String attributeId, final String issuer, final boolean includeInResult) { 12 | super(attributeValues, attributeId, issuer, includeInResult); 13 | } 14 | 15 | @Override 16 | public void setAttributeId(String value) { 17 | try { 18 | XACMLAttributeId.fromValue(value); 19 | 20 | } catch (IllegalArgumentException e) { 21 | } 22 | super.setAttributeId(value); 23 | } 24 | 25 | public static String getDateFormat() { 26 | return DATE_FORMAT; 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-model/src/main/java/org/ow2/authzforce/sdk/core/schema/Environment.java: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (C) 2013-2014 Thales Services - ThereSIS - All rights reserved. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package org.ow2.authzforce.sdk.core.schema; 17 | 18 | import java.io.Serializable; 19 | import java.text.SimpleDateFormat; 20 | import java.util.Arrays; 21 | import java.util.Date; 22 | 23 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType; 24 | 25 | public final class Environment extends Attribute { 26 | 27 | private static final XACMLAttributeId DEFDAULT_ATTRIBUTE_ID = XACMLAttributeId.XACML_1_0_ENVIRONMENT_ENVIRONMENT_ID; 28 | private static final String DEFAULT_ISSUER = "xacml-sdk-5.0.0"; 29 | 30 | public Environment(final String value) { 31 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable)value), XACMLDatatypes.XACML_DATATYPE_STRING.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 32 | } 33 | 34 | public Environment(final int value) { 35 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable)String.valueOf(value)), XACMLDatatypes.XACML_DATATYPE_INTEGER.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 36 | } 37 | 38 | public Environment(final double value) { 39 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable)String.valueOf(value)), XACMLDatatypes.XACML_DATATYPE_DOUBLE.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 40 | } 41 | 42 | public Environment(final boolean value) { 43 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable)String.valueOf(value)), XACMLDatatypes.XACML_DATATYPE_STRING.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 44 | } 45 | 46 | public Environment(final Date date) { 47 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable)new SimpleDateFormat(DATE_FORMAT).format(date)), XACMLDatatypes.XACML_DATATYPE_DATE.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-model/src/main/java/org/ow2/authzforce/sdk/core/schema/Request.java: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (C) 2013-2014 Thales Services - ThereSIS - All rights reserved. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | /** 17 | * 18 | */ 19 | package org.ow2.authzforce.sdk.core.schema; 20 | 21 | import java.io.StringWriter; 22 | import java.util.List; 23 | 24 | import javax.xml.bind.JAXBContext; 25 | import javax.xml.bind.JAXBException; 26 | import javax.xml.bind.Marshaller; 27 | 28 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.Attributes; 29 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.MultiRequests; 30 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestDefaults; 31 | 32 | /** 33 | * @author romain.ferrari[AT]thalesgroup.com 34 | * 35 | */ 36 | public class Request extends oasis.names.tc.xacml._3_0.core.schema.wd_17.Request { 37 | 38 | protected Request() { 39 | super(); 40 | } 41 | 42 | public Request(final RequestDefaults requestDefaults, final List attributes, final MultiRequests multiRequests, final boolean returnPolicyIdList, final boolean combinedDecision) { 43 | super(requestDefaults, attributes, multiRequests, returnPolicyIdList, combinedDecision); 44 | } 45 | 46 | /* 47 | * (non-Javadoc) 48 | * 49 | * @see com.thalesgroup.authzforce.sdk.xacml.utils.XacmlSdk#toString() 50 | */ 51 | @Override 52 | public String toString() { 53 | StringWriter stringRequest = new StringWriter(); 54 | try { 55 | Marshaller marshaller = JAXBContext.newInstance(oasis.names.tc.xacml._3_0.core.schema.wd_17.Request.class).createMarshaller(); 56 | marshaller.setProperty(Marshaller.JAXB_FRAGMENT, Boolean.TRUE); 57 | marshaller.marshal(this, stringRequest); 58 | } catch (JAXBException e) { 59 | e.printStackTrace(); 60 | } 61 | 62 | return stringRequest.toString(); 63 | } 64 | 65 | } 66 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-model/src/main/java/org/ow2/authzforce/sdk/core/schema/Resource.java: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (C) 2013-2014 Thales Services - ThereSIS - All rights reserved. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package org.ow2.authzforce.sdk.core.schema; 17 | 18 | import java.io.Serializable; 19 | import java.text.SimpleDateFormat; 20 | import java.util.Arrays; 21 | import java.util.Date; 22 | 23 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType; 24 | 25 | public final class Resource extends Attribute { 26 | 27 | private static final XACMLAttributeId DEFDAULT_ATTRIBUTE_ID = XACMLAttributeId.XACML_RESOURCE_RESOURCE_ID; 28 | private static final String DEFAULT_ISSUER = "xacml-sdk-5.0.0"; 29 | 30 | public Resource(final String value) { 31 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable)value), XACMLDatatypes.XACML_DATATYPE_STRING.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 32 | } 33 | 34 | public Resource(final int value) { 35 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable)String.valueOf(value)), XACMLDatatypes.XACML_DATATYPE_INTEGER.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 36 | } 37 | 38 | public Resource(final double value) { 39 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable)String.valueOf(value)), XACMLDatatypes.XACML_DATATYPE_DOUBLE.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 40 | } 41 | 42 | public Resource(final boolean value) { 43 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable)String.valueOf(value)), XACMLDatatypes.XACML_DATATYPE_STRING.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 44 | } 45 | 46 | /** 47 | * 48 | * @param date /!\ WARNING: date format needs to be "YYY-MM-DD" /!\ 49 | */ 50 | public Resource(final Date date) { 51 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable)new SimpleDateFormat("YYY-MM-DD").format(date)), XACMLDatatypes.XACML_DATATYPE_DATE.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-model/src/main/java/org/ow2/authzforce/sdk/core/schema/Response.java: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (C) 2013-2014 Thales Services - ThereSIS - All rights reserved. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package org.ow2.authzforce.sdk.core.schema; 17 | 18 | import java.util.ArrayList; 19 | import java.util.List; 20 | 21 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType; 22 | 23 | 24 | public class Response { 25 | 26 | private List attributes; 27 | private DecisionType decision; 28 | 29 | public List getAttributes() { 30 | if(null == attributes) { 31 | this.attributes = new ArrayList(); 32 | } 33 | return attributes; 34 | } 35 | public void setAttributes(List attributes) { 36 | this.attributes = attributes; 37 | } 38 | public String getSubjectId() { 39 | for (Attribute attribute : attributes) { 40 | if(attribute.getAttributeId().equals(XACMLAttributeId.XACML_SUBJECT_SUBJECT_ID.value())) { 41 | return String.valueOf(attribute.getAttributeValues().get(0).getContent().get(0)); 42 | } 43 | } 44 | return null; 45 | } 46 | public void setSubjectId(String subject) { 47 | Attribute attr = new Subject(subject); 48 | this.getAttributes().add(attr); 49 | } 50 | public void setResourceId(String resourceId) { 51 | Attribute attr = new Resource(resourceId); 52 | this.getAttributes().add(attr); 53 | } 54 | 55 | public void setActionId(String action) { 56 | Attribute attr = new Action(action); 57 | this.getAttributes().add(attr); 58 | } 59 | 60 | 61 | public String getResourceId() { 62 | for (Attribute attribute : attributes) { 63 | if(attribute.getAttributeId().equals(XACMLAttributeId.XACML_RESOURCE_RESOURCE_ID.value())) { 64 | return String.valueOf(attribute.getAttributeValues().get(0).getContent().get(0)); 65 | } 66 | } 67 | return null; 68 | } 69 | public String getActionId() { 70 | for (Attribute attribute : attributes) { 71 | if(attribute.getAttributeId().equals(XACMLAttributeId.XACML_ACTION_ACTION_ID.value())) { 72 | return String.valueOf(attribute.getAttributeValues().get(0).getContent().get(0)); 73 | } 74 | } 75 | return null; 76 | } 77 | 78 | public DecisionType getDecision() { 79 | return decision; 80 | } 81 | public void setDecision(DecisionType decision) { 82 | this.decision = decision; 83 | } 84 | } -------------------------------------------------------------------------------- /authzforce-xacmlsdk-model/src/main/java/org/ow2/authzforce/sdk/core/schema/Responses.java: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (C) 2013-2014 Thales Services - ThereSIS - All rights reserved. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package org.ow2.authzforce.sdk.core.schema; 17 | 18 | import java.util.ArrayList; 19 | import java.util.List; 20 | 21 | public class Responses { 22 | 23 | private List responses; 24 | 25 | public List getResponses() { 26 | if(null == responses) { 27 | responses = new ArrayList(); 28 | } 29 | return responses; 30 | } 31 | 32 | public void setResponses(List responses) { 33 | this.responses = responses; 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-model/src/main/java/org/ow2/authzforce/sdk/core/schema/Subject.java: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (C) 2013-2014 Thales Services - ThereSIS - All rights reserved. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package org.ow2.authzforce.sdk.core.schema; 17 | 18 | import java.io.Serializable; 19 | import java.text.SimpleDateFormat; 20 | import java.util.Arrays; 21 | import java.util.Date; 22 | 23 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType; 24 | 25 | public final class Subject extends Attribute { 26 | 27 | private static final XACMLAttributeId DEFDAULT_ATTRIBUTE_ID = XACMLAttributeId.XACML_SUBJECT_SUBJECT_ID; 28 | private static final String DEFAULT_ISSUER = "xacml-sdk-5.0.0"; 29 | 30 | public Subject(final String value) { 31 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable)value), XACMLDatatypes.XACML_DATATYPE_STRING.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 32 | } 33 | 34 | public Subject(final int value) { 35 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable)String.valueOf(value)), XACMLDatatypes.XACML_DATATYPE_INTEGER.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 36 | } 37 | 38 | public Subject(final double value) { 39 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable)String.valueOf(value)), XACMLDatatypes.XACML_DATATYPE_DOUBLE.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 40 | } 41 | 42 | public Subject(final boolean value) { 43 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable)String.valueOf(value)), XACMLDatatypes.XACML_DATATYPE_STRING.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 44 | } 45 | 46 | /** 47 | * 48 | * @param date /!\ WARNING: date format needs to be "YYY-MM-DD" /!\ 49 | */ 50 | public Subject(final Date date) { 51 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable)new SimpleDateFormat("YYY-MM-DD").format(date)), XACMLDatatypes.XACML_DATATYPE_DATE.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 52 | } 53 | } -------------------------------------------------------------------------------- /authzforce-xacmlsdk-model/src/main/java/org/ow2/authzforce/sdk/core/schema/SubjectKey.java: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (C) 2013-2014 Thales Services - ThereSIS - All rights reserved. 3 | *

4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | *

8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | *

10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package org.ow2.authzforce.sdk.core.schema; 17 | 18 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType; 19 | 20 | import java.io.Serializable; 21 | import java.util.Arrays; 22 | 23 | public final class SubjectKey extends Attribute { 24 | 25 | private static final XACMLAttributeId DEFDAULT_ATTRIBUTE_ID = XACMLAttributeId.XACML_SUBJECT_KEY_INFO; 26 | private static final String DEFAULT_ISSUER = "xacml-sdk-5.0.0"; 27 | 28 | public SubjectKey(final String value) { 29 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable) value), XACMLDatatypes.XACML_DATATYPE_STRING.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 30 | } 31 | } -------------------------------------------------------------------------------- /authzforce-xacmlsdk-model/src/main/java/org/ow2/authzforce/sdk/core/schema/SubjectRequestTime.java: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (C) 2013-2014 Thales Services - ThereSIS - All rights reserved. 3 | *

4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | *

8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | *

10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package org.ow2.authzforce.sdk.core.schema; 17 | 18 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType; 19 | 20 | import java.io.Serializable; 21 | import java.text.SimpleDateFormat; 22 | import java.util.Arrays; 23 | import java.util.Date; 24 | 25 | public final class SubjectRequestTime extends Attribute { 26 | 27 | private static final XACMLAttributeId DEFDAULT_ATTRIBUTE_ID = XACMLAttributeId.XACML_SUBJECT_REQUEST_TIME; 28 | private static final String DEFAULT_ISSUER = "xacml-sdk-5.0.0"; 29 | 30 | public SubjectRequestTime(final String value) { 31 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable) value), XACMLDatatypes.XACML_DATATYPE_STRING.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 32 | } 33 | 34 | 35 | public SubjectRequestTime(final long value) { 36 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable) String.valueOf(value)), XACMLDatatypes.XACML_DATATYPE_INTEGER.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 37 | } 38 | 39 | public SubjectRequestTime(final Date date) { 40 | super(Arrays.asList(new AttributeValueType(Arrays.asList((Serializable) new SimpleDateFormat(DATE_FORMAT).format(date)), XACMLDatatypes.XACML_DATATYPE_DATE.value(), null)), DEFDAULT_ATTRIBUTE_ID.value(), DEFAULT_ISSUER, true); 41 | } 42 | } -------------------------------------------------------------------------------- /authzforce-xacmlsdk-model/src/main/java/org/ow2/authzforce/sdk/core/schema/XACMLDatatypes.java: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (C) 2013-2014 Thales Services - ThereSIS - All rights reserved. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package org.ow2.authzforce.sdk.core.schema; 17 | 18 | public enum XACMLDatatypes { 19 | 20 | XACML_DATATYPE_STRING("http://www.w3.org/2001/XMLSchema#string"), 21 | XACML_DATATYPE_BOOLEAN("http://www.w3.org/2001/XMLSchema#boolean"), 22 | XACML_DATATYPE_INTEGER("http://www.w3.org/2001/XMLSchema#integer"), 23 | XACML_DATATYPE_DOUBLE("http://www.w3.org/2001/XMLSchema#double"), 24 | XACML_DATATYPE_TIME("http://www.w3.org/2001/XMLSchema#time"), 25 | XACML_DATATYPE_DATE("http://www.w3.org/2001/XMLSchema#date"), 26 | XACML_DATATYPE_DATETIME("http://www.w3.org/2001/XMLSchema#date-time"), 27 | XACML_DATATYPE_DAYTIME_DURATION("http://www.w3.org/TR/2002/WD-xquery-operators-20020816#dayTimeDuration"), 28 | XACML_DATATYPE_YEARMONTH_DURATION("http://www.w3.org/TR/2002/WD-xquery-operators-20020816#yearMonthDuration"), 29 | XACML_DATATYPE_ANY_URI("http://www.w3.org/2001/XMLSchema#anyURI"), 30 | XACML_DATATYPE_HEX_BINARY("http://www.w3.org/2001/XMLSchema#hexBinary"), 31 | XACML_DATATYPE_BASE64_BINARY("http://www.w3.org/2001/XMLSchema#base64Binary"), 32 | XACML_DATATYPE_RFC822_NAME("urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name"), 33 | XACML_DATATYPE_X500_NAME("urn:oasis:names:tc:xacml:1.0:data-type:x500Name"); 34 | 35 | private final String value; 36 | 37 | public String value() { 38 | return value; 39 | } 40 | 41 | private XACMLDatatypes(String v) { 42 | value = v; 43 | } 44 | 45 | public static XACMLDatatypes fromValue(String v) { 46 | for (XACMLDatatypes c: XACMLDatatypes.values()) { 47 | if (c.value.equals(v)) { 48 | return c; 49 | } 50 | } 51 | throw new IllegalArgumentException(v); 52 | } 53 | 54 | } 55 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-model/src/main/java/org/ow2/authzforce/sdk/core/schema/category/ActionCategory.java: -------------------------------------------------------------------------------- 1 | package org.ow2.authzforce.sdk.core.schema.category; 2 | 3 | import org.ow2.authzforce.xacml.identifiers.XACMLCategory; 4 | 5 | public class ActionCategory extends Category { 6 | 7 | public ActionCategory() { 8 | this.category = XACMLCategory.XACML_3_0_ACTION_CATEGORY_ACTION.value(); 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-model/src/main/java/org/ow2/authzforce/sdk/core/schema/category/Category.java: -------------------------------------------------------------------------------- 1 | package org.ow2.authzforce.sdk.core.schema.category; 2 | 3 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.Attribute; 4 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.Attributes; 5 | 6 | import java.util.ArrayList; 7 | import java.util.List; 8 | 9 | public class Category extends Attributes { 10 | 11 | /** 12 | * Add an attribute to the category 13 | */ 14 | public void addAttribute(final Attribute attr) { 15 | List attrs = new ArrayList(this.attributes == null ? super.getAttributes() : this.attributes); 16 | attrs.add(attr); 17 | 18 | this.attributes = attrs; 19 | } 20 | 21 | /** 22 | * Add an attribute to the category 23 | */ 24 | public void deleteAttribute(final Attribute attr) { 25 | List attrs = new ArrayList(this.attributes == null ? super.getAttributes() : this.attributes); 26 | attrs.remove(attr); 27 | this.attributes = attrs; 28 | } 29 | 30 | /** 31 | * This bypasses {@link #getAttributes()} logic that checks against a transient list. 32 | * This is useful because the normal {@link #getAttributes()} in combination with {@link #deleteAttribute(Attribute)} 33 | * or {@link #addAttribute(Attribute)} 34 | * would result in an inconsistent state {@code (attributes_RO != attributes)}. 35 | * 36 | * @return the attributes directly from {@link #attributes} list (i.e. not from {@link #attributes_RO}) 37 | */ 38 | @Override 39 | public List getAttributes() { 40 | return this.attributes; 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-model/src/main/java/org/ow2/authzforce/sdk/core/schema/category/EnvironmentCategory.java: -------------------------------------------------------------------------------- 1 | package org.ow2.authzforce.sdk.core.schema.category; 2 | 3 | import org.ow2.authzforce.xacml.identifiers.XACMLCategory; 4 | 5 | public class EnvironmentCategory extends Category { 6 | 7 | public EnvironmentCategory() { 8 | this.category = XACMLCategory.XACML_3_0_ENVIRONMENT_CATEGORY_ENVIRONMENT.value(); 9 | } 10 | } -------------------------------------------------------------------------------- /authzforce-xacmlsdk-model/src/main/java/org/ow2/authzforce/sdk/core/schema/category/ResourceCategory.java: -------------------------------------------------------------------------------- 1 | package org.ow2.authzforce.sdk.core.schema.category; 2 | 3 | import org.ow2.authzforce.xacml.identifiers.XACMLCategory; 4 | 5 | public class ResourceCategory extends Category { 6 | 7 | public ResourceCategory() { 8 | this.category = XACMLCategory.XACML_3_0_RESOURCE_CATEGORY_RESOURCE.value(); 9 | } 10 | 11 | } -------------------------------------------------------------------------------- /authzforce-xacmlsdk-model/src/main/java/org/ow2/authzforce/sdk/core/schema/category/SubjectCategory.java: -------------------------------------------------------------------------------- 1 | package org.ow2.authzforce.sdk.core.schema.category; 2 | 3 | import org.ow2.authzforce.xacml.identifiers.XACMLCategory; 4 | 5 | public class SubjectCategory extends Category { 6 | 7 | public SubjectCategory() { 8 | this.category = XACMLCategory.XACML_1_0_SUBJECT_CATEGORY_ACCESS_SUBJECT.value(); 9 | } 10 | 11 | } -------------------------------------------------------------------------------- /authzforce-xacmlsdk-model/src/main/resources/fileHeader.apache2.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) ${h_inceptionYear}-${h_currentYear} ${h_copyrightOwner} - All rights reserved. 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. -------------------------------------------------------------------------------- /authzforce-xacmlsdk-pap-api/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | xacml-sdk 5 | org.ow2.authzforce 6 | 5.0.0 7 | 8 | 4.0.0 9 | 10 | xacml-sdk-pap-api 11 | AuthZForce :: XACML SDK :: PAP API 12 | 13 | 14 | 15 | ${project.parent.groupId} 16 | xacml-sdk-pdp-api 17 | 18 | 19 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-pap-api/src/main/java/org/ow2/authzforce/sdk/AdminXacmlSdk.java: -------------------------------------------------------------------------------- 1 | package org.ow2.authzforce.sdk; 2 | 3 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySet; 4 | import org.ow2.authzforce.rest.api.xmlns.DomainProperties; 5 | import org.ow2.authzforce.sdk.exceptions.XacmlSdkException; 6 | import org.w3._2005.atom.Link; 7 | 8 | import java.util.List; 9 | 10 | public interface AdminXacmlSdk { 11 | List getDomains(String... domains); 12 | 13 | DomainProperties getDomain(String domain) throws XacmlSdkException; 14 | 15 | String addDomain(String description, String externalID) throws XacmlSdkException; 16 | 17 | void deleteDomain(String domain) throws XacmlSdkException; 18 | 19 | List getPoliciesNames(String domain) throws XacmlSdkException; 20 | 21 | PolicySet getPolicy(String domain, String version, String policyID) throws XacmlSdkException; 22 | 23 | Link addPolicy(String domain, PolicySet policySet) throws XacmlSdkException; 24 | 25 | void deletePolicy(String domain, String version, String policyID) throws XacmlSdkException; 26 | 27 | PolicySet createSimplePolicy(String domain, String policyID, String description, List data) throws XacmlSdkException; 28 | 29 | List getPolicies(String domain, String policyID) throws XacmlSdkException; 30 | } 31 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-pdp-api/license/thales-gpl.header.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) ${inceptionYear}-${currentYear} ${copyrightOwner}. 2 | 3 | This file is part of ${projectName}. 4 | 5 | ${projectName} is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | ${projectName} is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with ${projectName}. If not, see . 17 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-pdp-api/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4.0.0 3 | 4 | org.ow2.authzforce 5 | xacml-sdk 6 | 5.0.0 7 | 8 | 9 | UTF-8 10 | Thales Services - ThereSIS 11 | 12 | 2013 13 | xacml-sdk-pdp-api 14 | AuthZForce :: XACML SDK :: PDP API 15 | 16 | 17 | 18 | ${project.parent.groupId} 19 | xacml-sdk-common 20 | 21 | 22 | org.ow2.authzforce 23 | authzforce-ce-atom-model 24 | 7.5.1 25 | 26 | 27 | org.ow2.authzforce 28 | authzforce-ce-rest-api-model 29 | 5.7.0 30 | 31 | 32 | 33 | 34 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-pdp-api/src/main/java/org/ow2/authzforce/sdk/XacmlSdk.java: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (C) 2013-2013 Thales Services - ThereSIS - All rights reserved. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package org.ow2.authzforce.sdk; 17 | 18 | import java.util.List; 19 | 20 | import org.ow2.authzforce.sdk.core.schema.Responses; 21 | import org.ow2.authzforce.sdk.core.schema.category.ActionCategory; 22 | import org.ow2.authzforce.sdk.core.schema.category.EnvironmentCategory; 23 | import org.ow2.authzforce.sdk.core.schema.category.ResourceCategory; 24 | import org.ow2.authzforce.sdk.core.schema.category.SubjectCategory; 25 | import org.ow2.authzforce.sdk.exceptions.XacmlSdkException; 26 | 27 | public interface XacmlSdk { 28 | 29 | /** 30 | * This method is used to create the XML request based on the RequestType 31 | * 32 | * @return XML Request (String) 33 | */ 34 | public abstract String toString(); 35 | 36 | /** 37 | * 38 | * @param subject 39 | * @param resources 40 | * @param actions 41 | * @param environment 42 | * @return 43 | * @throws XacmlSdkException 44 | */ 45 | public abstract Responses getAuthZ(SubjectCategory subject, 46 | ResourceCategory resources, ActionCategory actions, 47 | EnvironmentCategory environment) throws XacmlSdkException; 48 | 49 | /** 50 | * 51 | * @param subject 52 | * @param resources 53 | * @param actions 54 | * @param environment 55 | * @return 56 | * @throws XacmlSdkException 57 | */ 58 | public abstract Responses getAuthZ(List subject, 59 | ResourceCategory resources, ActionCategory actions, 60 | EnvironmentCategory environment) throws XacmlSdkException; 61 | 62 | public abstract Responses getAuthZ(SubjectCategory subject, 63 | List resources, ActionCategory actions, 64 | EnvironmentCategory environment) throws XacmlSdkException; 65 | 66 | public abstract Responses getAuthZ(SubjectCategory subject, 67 | ResourceCategory resources, List actions, 68 | EnvironmentCategory environment) throws XacmlSdkException; 69 | 70 | public abstract Responses getAuthZ(SubjectCategory subject, 71 | ResourceCategory resources, ActionCategory actions, 72 | List environment) throws XacmlSdkException; 73 | 74 | } -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/license/thales-gpl.header.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) ${inceptionYear}-${currentYear} ${copyrightOwner}. 2 | 3 | This file is part of ${projectName}. 4 | 5 | ${projectName} is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | ${projectName} is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with ${projectName}. If not, see . 17 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4.0.0 3 | 4 | UTF-8 5 | Thales Services - ThereSIS 6 | 2.0.5 7 | 1.6.6 8 | 9 | 10 | org.ow2.authzforce 11 | authzforce-ce-parent 12 | 3.3.7 13 | 14 | 15 | 2013 16 | xacml-sdk-samples 17 | 3.0.0 18 | AuthZForce :: XACML SDK :: SAMPLES 19 | SDK allowing to create Xacml request and parse responses 20 | 21 | 22 | ch.qos.logback 23 | logback-classic 24 | 1.0.7 25 | 26 | 27 | 28 | 29 | org.ow2.authzforce 30 | xacml-sdk-pdp-rest-impl 31 | 5.0.0 32 | 33 | 34 | ${project.groupId} 35 | authzforce-ce-xacml-model 36 | 3.3.7 37 | 38 | 39 | 40 | 41 | org.testcontainers 42 | testcontainers 43 | 1.11.3 44 | 45 | 46 | org.springframework 47 | spring-context 48 | 4.1.6.RELEASE 49 | compile 50 | 51 | 52 | org.ow2.authzforce 53 | xacml-sdk-pap-api 54 | 5.0.0 55 | compile 56 | 57 | 58 | org.ow2.authzforce 59 | xacml-sdk-pap-rest-impl 60 | 5.0.0 61 | compile 62 | 63 | 64 | 65 | 66 | 67 | 68 | org.apache.maven.plugins 69 | maven-assembly-plugin 70 | 2.4 71 | 72 | 73 | src/main/resources/bin.xml 74 | 75 | 76 | 77 | 78 | org.apache.maven.plugins 79 | maven-source-plugin 80 | 2.4 81 | 82 | 83 | attach-sources 84 | verify 85 | 86 | jar-no-fork 87 | 88 | 89 | 90 | 91 | 92 | maven-compiler-plugin 93 | 2.3.2 94 | 95 | 1.8 96 | 1.8 97 | 1.8 98 | 99 | 100 | 101 | 102 | 103 | 104 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/main/java/META-INF/MANIFEST.MF: -------------------------------------------------------------------------------- 1 | Manifest-Version: 1.0 2 | Class-Path: 3 | 4 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/main/java/org/ow2/authzforce/sdk/pap/SimplePolicyCRUD.java: -------------------------------------------------------------------------------- 1 | package org.ow2.authzforce.sdk.pap; 2 | 3 | 4 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySet; 5 | import org.ow2.authzforce.rest.api.xmlns.DomainProperties; 6 | import org.ow2.authzforce.sdk.AdminXacmlSdk; 7 | import org.ow2.authzforce.sdk.impl.AdminXacmlSdkImpl; 8 | import org.ow2.authzforce.sdk.utils.ServerSetup; 9 | import org.slf4j.Logger; 10 | import org.slf4j.LoggerFactory; 11 | import org.w3._2005.atom.Link; 12 | 13 | import java.net.URI; 14 | import java.util.Arrays; 15 | import java.util.Collections; 16 | import java.util.List; 17 | 18 | public class SimplePolicyCRUD { 19 | private static final Logger log = LoggerFactory.getLogger(SimplePolicyCRUD.class); 20 | 21 | private static final String DOMAIN = "myTestDomain1"; 22 | 23 | public static void main(String[] args) throws Exception { 24 | URI baseURL = ServerSetup.getRootURL(ServerSetup.getServer()); 25 | AdminXacmlSdk client = new AdminXacmlSdkImpl(baseURL); 26 | 27 | log.warn("***********domain CRUD operations***********"); 28 | log.error("(C)reate"); 29 | List domains = client.getDomains(); 30 | log.info("{} domains found: {}", domains.size(), domains.stream().map(Link::getHref).toArray()); 31 | String newDomainID = client.addDomain("test domain", DOMAIN); 32 | 33 | log.error("(R)ead"); 34 | domains = client.getDomains(); 35 | log.info("{} domains found: {}", domains.size(), domains.stream().map(Link::getHref).toArray()); 36 | 37 | DomainProperties domainProperties = client.getDomain(newDomainID); 38 | log.info("Friendly domain name: {}", domainProperties.getExternalId()); 39 | 40 | log.error("(U)pdate"); 41 | client.addDomain("test domain", DOMAIN); 42 | 43 | // Delete of domain deferred to end of test (cannot do CRUD operations on missing domain) 44 | 45 | log.warn("***********policy CRUD operations***********"); 46 | log.error("(C)reate"); 47 | PolicySet set = client.createSimplePolicy(newDomainID, "myTestPolicy", "Test policy", Collections.emptyList()); 48 | client.addPolicy(newDomainID, set); 49 | log.info("The description of this policy is {}", client.getPolicy(newDomainID, null, "myTestPolicy").getDescription()); 50 | log.error("(R)ead"); 51 | log.info("policies in {} are {}", newDomainID, client.getPoliciesNames(newDomainID).stream().map(Link::getHref).toArray()); 52 | 53 | log.info("getPolicy domain only"); 54 | log.debug(client.getPolicy(newDomainID, null, null).toString()); 55 | 56 | log.info("getPolicy domain + policyID"); 57 | log.debug(client.getPolicy(newDomainID, null, "myTestPolicy").toString()); 58 | 59 | log.info("getPolicy domain + policyID + version"); 60 | log.debug(client.getPolicy(newDomainID, "1.0.0", "myTestPolicy").toString()); 61 | 62 | log.info("getPolicies domain only"); 63 | log.debug(Arrays.toString(client.getPolicies(newDomainID, null).toArray())); 64 | 65 | log.info("getPolicies domain + policy ID"); 66 | log.debug(Arrays.toString(client.getPolicies(newDomainID, "myTestPolicy").toArray())); 67 | 68 | log.error("(U)pdate"); 69 | set = client.createSimplePolicy(newDomainID, "myTestPolicy", "Test policy", Collections.emptyList()); 70 | client.addPolicy(newDomainID, set); 71 | log.error("(D)elete"); 72 | client.deletePolicy(newDomainID, null, "myTestPolicy"); 73 | 74 | client.deleteDomain(newDomainID); 75 | } 76 | } 77 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/main/java/org/ow2/authzforce/sdk/pdp/CustomHeadersRequest.java: -------------------------------------------------------------------------------- 1 | package org.ow2.authzforce.sdk.pdp; 2 | 3 | import java.net.URI; 4 | 5 | import org.apache.cxf.jaxrs.impl.MetadataMap; 6 | import org.ow2.authzforce.sdk.utils.PapService; 7 | import org.ow2.authzforce.sdk.utils.ServerSetup; 8 | import org.slf4j.Logger; 9 | import org.slf4j.LoggerFactory; 10 | 11 | import org.ow2.authzforce.sdk.core.schema.Action; 12 | import org.ow2.authzforce.sdk.core.schema.Environment; 13 | import org.ow2.authzforce.sdk.core.schema.Resource; 14 | import org.ow2.authzforce.sdk.core.schema.Response; 15 | import org.ow2.authzforce.sdk.core.schema.Responses; 16 | import org.ow2.authzforce.sdk.core.schema.Subject; 17 | import org.ow2.authzforce.sdk.core.schema.category.ActionCategory; 18 | import org.ow2.authzforce.sdk.core.schema.category.EnvironmentCategory; 19 | import org.ow2.authzforce.sdk.core.schema.category.ResourceCategory; 20 | import org.ow2.authzforce.sdk.core.schema.category.SubjectCategory; 21 | import org.ow2.authzforce.sdk.exceptions.XacmlSdkException; 22 | import org.ow2.authzforce.sdk.impl.XacmlSdkImpl; 23 | 24 | public class CustomHeadersRequest { 25 | 26 | private static final Logger LOGGER = LoggerFactory.getLogger(CustomHeadersRequest.class); 27 | 28 | 29 | private static final String SUBJECT = "ThalesId"; 30 | private static final String RESOURCE = "http://www.opencloudware.org"; 31 | private static final String ACTION = "HEAD"; 32 | 33 | private static final String TEST_HEADER_KEY = "SDK-SAMPLE"; 34 | 35 | public static void main(String[] args) throws XacmlSdkException { 36 | SubjectCategory subjectCat = new SubjectCategory(); 37 | ResourceCategory resourceCat = new ResourceCategory(); 38 | ActionCategory actionCategory = new ActionCategory(); 39 | EnvironmentCategory environmentCategory = new EnvironmentCategory(); 40 | 41 | subjectCat.addAttribute(new Subject(SUBJECT)); 42 | resourceCat.addAttribute(new Resource(RESOURCE)); 43 | actionCategory.addAttribute(new Action(ACTION)); 44 | environmentCategory.addAttribute(new Environment("TEST_CustomHeaders")); 45 | 46 | MetadataMap headers = new MetadataMap(); 47 | headers.add(TEST_HEADER_KEY, "TEST_CustomHeaders"); 48 | 49 | URI PDP_ENDPOINT = ServerSetup.getRootURL(ServerSetup.getServer()); 50 | String DOMAIN_ID = PapService.setupBasicDomain(PDP_ENDPOINT,"CustomHeadersRequest1"); 51 | XacmlSdkImpl myXacml = new XacmlSdkImpl(PDP_ENDPOINT, DOMAIN_ID, headers); 52 | Responses responses = null; 53 | try { 54 | responses = myXacml.getAuthZ(subjectCat, resourceCat, actionCategory, environmentCategory); 55 | } catch (XacmlSdkException e) { 56 | LOGGER.error(e.getLocalizedMessage()); 57 | LOGGER.error(e.getCause().getLocalizedMessage()); 58 | } 59 | if (responses != null) { 60 | for (Response response : responses.getResponses()) { 61 | LOGGER.info(response.getActionId() + " on " + response.getResourceId() + ": " 62 | + response.getDecision().value() + " for " + response.getSubjectId()); 63 | } 64 | } 65 | } 66 | } 67 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/main/java/org/ow2/authzforce/sdk/pdp/MultiValuedAttributeRequest.java: -------------------------------------------------------------------------------- 1 | package org.ow2.authzforce.sdk.pdp; 2 | 3 | import java.net.URI; 4 | import java.text.SimpleDateFormat; 5 | 6 | import org.ow2.authzforce.sdk.core.schema.Action; 7 | import org.ow2.authzforce.sdk.core.schema.Environment; 8 | import org.ow2.authzforce.sdk.core.schema.Resource; 9 | import org.ow2.authzforce.sdk.core.schema.Response; 10 | import org.ow2.authzforce.sdk.core.schema.Responses; 11 | import org.ow2.authzforce.sdk.core.schema.Subject; 12 | import org.ow2.authzforce.sdk.core.schema.category.ActionCategory; 13 | import org.ow2.authzforce.sdk.core.schema.category.EnvironmentCategory; 14 | import org.ow2.authzforce.sdk.core.schema.category.ResourceCategory; 15 | import org.ow2.authzforce.sdk.core.schema.category.SubjectCategory; 16 | import org.ow2.authzforce.sdk.exceptions.XacmlSdkException; 17 | import org.ow2.authzforce.sdk.impl.XacmlSdkImpl; 18 | import org.ow2.authzforce.sdk.utils.PapService; 19 | import org.ow2.authzforce.sdk.utils.ServerSetup; 20 | import org.ow2.authzforce.xacml.identifiers.XACMLAttributeId; 21 | import org.slf4j.Logger; 22 | import org.slf4j.LoggerFactory; 23 | 24 | 25 | public class MultiValuedAttributeRequest { 26 | 27 | private static final Logger LOGGER = LoggerFactory.getLogger(SimpleAuthorizationRequest.class); 28 | 29 | 30 | private static final String SUBJECT = "ThalesId"; 31 | private static final String RESOURCE = "http://www.opencloudware.org"; 32 | private static final String ACTION = "HEAD"; 33 | 34 | public static void main(String[] args) throws XacmlSdkException { 35 | SubjectCategory subjectCat = new SubjectCategory(); 36 | ResourceCategory resourceCat = new ResourceCategory(); 37 | ActionCategory actionCategory = new ActionCategory(); 38 | EnvironmentCategory environmentCategory = new EnvironmentCategory(); 39 | 40 | Subject nameAttr = new Subject(new SimpleDateFormat("YYY-MM-DD").format(System.currentTimeMillis())); 41 | nameAttr.setAttributeId(XACMLAttributeId.XACML_SUBJECT_REQUEST_TIME.value()); 42 | 43 | subjectCat.addAttribute(new Subject(SUBJECT)); 44 | subjectCat.addAttribute(nameAttr); 45 | resourceCat.addAttribute(new Resource(RESOURCE)); 46 | actionCategory.addAttribute(new Action(ACTION)); 47 | environmentCategory.addAttribute(new Environment("TEST_MultiValuedAttributed")); 48 | 49 | URI PDP_ENDPOINT = ServerSetup.getRootURL(ServerSetup.getServer()); 50 | String DOMAIN_ID = PapService.setupBasicDomain(PDP_ENDPOINT,"MultiValuedAttributeRequest"); 51 | XacmlSdkImpl myXacml = new XacmlSdkImpl(PDP_ENDPOINT, DOMAIN_ID, null); 52 | Responses responses = null; 53 | try { 54 | responses = myXacml.getAuthZ(subjectCat, resourceCat, actionCategory, environmentCategory); 55 | } catch (XacmlSdkException e) { 56 | LOGGER.error(e.getLocalizedMessage()); 57 | LOGGER.error(e.getCause().getLocalizedMessage()); 58 | } 59 | if (responses != null) { 60 | for (Response response : responses.getResponses()) { 61 | LOGGER.info(response.getActionId() + " on " + response.getResourceId() + ": " 62 | + response.getDecision().value() + " for " + response.getSubjectId()); 63 | } 64 | } 65 | } 66 | 67 | } 68 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/main/java/org/ow2/authzforce/sdk/pdp/MultipleDecisionProfileRequest.java: -------------------------------------------------------------------------------- 1 | package org.ow2.authzforce.sdk.pdp; 2 | 3 | import java.net.URI; 4 | import java.util.Arrays; 5 | 6 | import org.ow2.authzforce.sdk.core.schema.Action; 7 | import org.ow2.authzforce.sdk.core.schema.Environment; 8 | import org.ow2.authzforce.sdk.core.schema.Resource; 9 | import org.ow2.authzforce.sdk.core.schema.Response; 10 | import org.ow2.authzforce.sdk.core.schema.Responses; 11 | import org.ow2.authzforce.sdk.core.schema.Subject; 12 | import org.ow2.authzforce.sdk.core.schema.category.ActionCategory; 13 | import org.ow2.authzforce.sdk.core.schema.category.EnvironmentCategory; 14 | import org.ow2.authzforce.sdk.core.schema.category.ResourceCategory; 15 | import org.ow2.authzforce.sdk.core.schema.category.SubjectCategory; 16 | import org.ow2.authzforce.sdk.exceptions.XacmlSdkException; 17 | import org.ow2.authzforce.sdk.impl.XacmlSdkImpl; 18 | import org.ow2.authzforce.sdk.utils.PapService; 19 | import org.ow2.authzforce.sdk.utils.ServerSetup; 20 | import org.slf4j.Logger; 21 | import org.slf4j.LoggerFactory; 22 | 23 | public class MultipleDecisionProfileRequest { 24 | 25 | private static final Logger LOGGER = LoggerFactory.getLogger(MultipleDecisionProfileRequest.class); 26 | 27 | private static final String SUBJECT = "ThalesId"; 28 | private static final String RESOURCE = "http://www.opencloudware.org"; 29 | private static final String RESOURCE_2 = "http://www.google.fr"; 30 | private static final String ACTION = "HEAD"; 31 | 32 | 33 | public static void main(String[] args) throws XacmlSdkException { 34 | SubjectCategory subjectCat = new SubjectCategory(); 35 | ResourceCategory resourceCat = new ResourceCategory(); 36 | ResourceCategory resourceCat2 = new ResourceCategory(); 37 | ActionCategory actionCategory = new ActionCategory(); 38 | EnvironmentCategory environmentCategory = new EnvironmentCategory(); 39 | 40 | subjectCat.addAttribute(new Subject(SUBJECT)); 41 | resourceCat.addAttribute(new Resource(RESOURCE)); 42 | resourceCat2.addAttribute(new Resource(RESOURCE_2)); 43 | actionCategory.addAttribute(new Action(ACTION)); 44 | environmentCategory.addAttribute(new Environment("TEST_MultipleDecisionProfileRequest")); 45 | 46 | URI PDP_ENDPOINT = ServerSetup.getRootURL(ServerSetup.getServer()); 47 | String DOMAIN_ID = PapService.setupBasicDomain(PDP_ENDPOINT,"MultipleDecisionProfileRequest"); 48 | XacmlSdkImpl myXacml = new XacmlSdkImpl(PDP_ENDPOINT,DOMAIN_ID, null); 49 | Responses responses = null; 50 | try { 51 | responses = myXacml.getAuthZ(subjectCat, Arrays.asList(resourceCat, resourceCat2), actionCategory, environmentCategory); 52 | } catch (XacmlSdkException e) { 53 | LOGGER.error(e.getLocalizedMessage()); 54 | LOGGER.error(e.getCause().getLocalizedMessage()); 55 | } 56 | if(responses != null) { 57 | for (Response response : responses.getResponses()) { 58 | LOGGER.info(response.getActionId() + " on " 59 | + response.getResourceId() + ": " 60 | + response.getDecision().value() + " for " 61 | + response.getSubjectId()); 62 | } 63 | } 64 | } 65 | 66 | } 67 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/main/java/org/ow2/authzforce/sdk/pdp/SimpleAuthorizationRequest.java: -------------------------------------------------------------------------------- 1 | package org.ow2.authzforce.sdk.pdp; 2 | 3 | import java.net.URI; 4 | 5 | import org.ow2.authzforce.sdk.core.schema.Action; 6 | import org.ow2.authzforce.sdk.core.schema.Environment; 7 | import org.ow2.authzforce.sdk.core.schema.Resource; 8 | import org.ow2.authzforce.sdk.core.schema.Response; 9 | import org.ow2.authzforce.sdk.core.schema.Responses; 10 | import org.ow2.authzforce.sdk.core.schema.Subject; 11 | import org.ow2.authzforce.sdk.core.schema.category.ActionCategory; 12 | import org.ow2.authzforce.sdk.core.schema.category.EnvironmentCategory; 13 | import org.ow2.authzforce.sdk.core.schema.category.ResourceCategory; 14 | import org.ow2.authzforce.sdk.core.schema.category.SubjectCategory; 15 | import org.ow2.authzforce.sdk.exceptions.XacmlSdkException; 16 | import org.ow2.authzforce.sdk.impl.XacmlSdkImpl; 17 | import org.ow2.authzforce.sdk.utils.PapService; 18 | import org.ow2.authzforce.sdk.utils.ServerSetup; 19 | import org.slf4j.Logger; 20 | import org.slf4j.LoggerFactory; 21 | 22 | public class SimpleAuthorizationRequest { 23 | 24 | private static final Logger LOGGER = LoggerFactory.getLogger(SimpleAuthorizationRequest.class); 25 | 26 | 27 | private static final String SUBJECT = "ThalesId"; 28 | private static final String RESOURCE = "http://www.opencloudware.org"; 29 | private static final String ACTION = "HEAD"; 30 | 31 | public static void main(String[] args) throws XacmlSdkException { 32 | SubjectCategory subjectCat = new SubjectCategory(); 33 | ResourceCategory resourceCat = new ResourceCategory(); 34 | ActionCategory actionCategory = new ActionCategory(); 35 | EnvironmentCategory environmentCategory = new EnvironmentCategory(); 36 | 37 | subjectCat.addAttribute(new Subject(SUBJECT)); 38 | resourceCat.addAttribute(new Resource(RESOURCE)); 39 | actionCategory.addAttribute(new Action(ACTION)); 40 | environmentCategory.addAttribute(new Environment("TEST_SimpleAuthorizationRequest")); 41 | URI PDP_ENDPOINT = ServerSetup.getRootURL(ServerSetup.getServer()); 42 | String DOMAIN_ID = PapService.setupBasicDomain(PDP_ENDPOINT,"SimpleAuthorizationRequest"); 43 | XacmlSdkImpl myXacml = new XacmlSdkImpl(PDP_ENDPOINT, DOMAIN_ID, null); 44 | Responses responses = null; 45 | try { 46 | responses = myXacml.getAuthZ(subjectCat, resourceCat, actionCategory, environmentCategory); 47 | } catch (XacmlSdkException e) { 48 | LOGGER.error(e.getLocalizedMessage()); 49 | LOGGER.error(e.getCause().getLocalizedMessage()); 50 | } 51 | if (null != responses) { 52 | for (Response response : responses.getResponses()) { 53 | LOGGER.info(response.getActionId() + " on " + response.getResourceId() + ": " 54 | + response.getDecision().value() + " for " + response.getSubjectId()); 55 | } 56 | } 57 | } 58 | 59 | } 60 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/main/java/org/ow2/authzforce/sdk/utils/PapService.java: -------------------------------------------------------------------------------- 1 | package org.ow2.authzforce.sdk.utils; 2 | 3 | import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySet; 4 | import org.ow2.authzforce.sdk.AdminXacmlSdk; 5 | import org.ow2.authzforce.sdk.exceptions.XacmlSdkException; 6 | import org.ow2.authzforce.sdk.impl.AdminXacmlSdkImpl; 7 | 8 | import java.net.URI; 9 | import java.util.Collections; 10 | import java.util.UUID; 11 | 12 | public class PapService { 13 | public static String setupBasicDomain(URI serverURI, String externalID) throws XacmlSdkException { 14 | AdminXacmlSdk sdk = new AdminXacmlSdkImpl(serverURI); 15 | String domainID = sdk.addDomain("test_domain", externalID); 16 | PolicySet policySet = sdk.createSimplePolicy(domainID, UUID.randomUUID().toString(), "test policy", Collections.emptyList()); 17 | sdk.addPolicy(domainID, policySet); 18 | return domainID; 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/main/java/org/ow2/authzforce/sdk/utils/ServerSetup.java: -------------------------------------------------------------------------------- 1 | package org.ow2.authzforce.sdk.utils; 2 | 3 | import org.testcontainers.containers.GenericContainer; 4 | import org.testcontainers.containers.wait.strategy.Wait; 5 | 6 | import javax.ws.rs.core.UriBuilder; 7 | import java.net.URI; 8 | 9 | public class ServerSetup { 10 | private static final String IMAGE_NAME = "authzforce/server:release-8.1.0"; 11 | private static final int PORT = 8080; 12 | 13 | public static GenericContainer getServer() { 14 | GenericContainer server = new GenericContainer(IMAGE_NAME) 15 | .withExposedPorts(PORT) 16 | .waitingFor(Wait.forLogMessage(".*Server startup.*",1)); 17 | 18 | server.start(); 19 | return server; 20 | } 21 | 22 | public static URI getRootURL(GenericContainer server) { 23 | return UriBuilder.fromUri("/authzforce-ce") 24 | .scheme("http") 25 | .host(server.getContainerIpAddress()) 26 | .port(server.getMappedPort(PORT)) 27 | .build(); 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/main/resources/META-INF/spring/beans.xml: -------------------------------------------------------------------------------- 1 | 2 | 22 | 30 | 31 | 32 | classpath:/xsd/authz-api.xsd 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/main/resources/fileHeader.apache2.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) ${h_inceptionYear}-${h_currentYear} ${h_copyrightOwner} - All rights reserved. 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/main/resources/logback.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | LOGBACK %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/main/resources/samples/multi-resources-request.xml: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | 8 | T0101841 9 | 10 | 11 | 12 | 14 | 10.222.148.108 15 | 16 | 17 | 18 | 20 | sonar.dev.theresis.org 21 | 22 | 23 | 24 | 26 | GET 27 | 28 | 29 | 30 | 32 | Mon Jan 14 15:25:44 CET 2013 33 | 34 | 35 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/main/resources/samples/request.xml: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | 8 | T0101841 9 | 10 | 11 | 12 | 14 | 10.222.148.108 15 | 16 | 17 | 18 | 20 | GET 21 | 22 | 23 | 24 | 26 | Mon Jan 14 15:27:32 CET 2013 27 | 28 | 29 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/main/resources/samples/response.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 5 | NotApplicable 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/test/resources/conf/authzforce-ext.xsd: -------------------------------------------------------------------------------- 1 | 21 | 23 | 24 | 25 | Base data model for XACML PDP extensions such as 26 | attribute/policy/resource finder or cache modules. 27 | Extend data types defined here to provide XML 28 | definitions for such extensions. 29 | 30 | 31 | 32 | 33 | PDP extension base type to identify all types of PDP extensions. 34 | 35 | 36 | 37 | 38 | Instance ID, i.e. uniquely identifies the XML element of this extension type 39 | in the PDP configuration; especially to distinguish from other elements/instances of the same 40 | type. 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | Attribute Finder base type. All 'Attribute Finder Modules' should extend this 49 | type. 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | Attribute Finder base type. All 'Policy Finder Modules' should extend this 60 | type. 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | Policy to be enforced when reaching the maximum allowed number of cached 71 | elements in memory. 72 | 73 | 74 | 75 | 76 | 77 | Least Recently Used 78 | 79 | 80 | 81 | 82 | First In First Out 83 | 84 | 85 | 86 | 87 | Less Frequently Used 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | PDP decision cache base type. All decision caches should extend this 96 | type. 97 | For 98 | infinite/eternal lifetype of cached elements, set: timeToLiveSec = timeToIdleSec = 0. 99 | 100 | 101 | 102 | 103 | 104 | 105 | The maximum number of seconds an element can exist in the cache regardless 106 | of use. The element expires at this limit and will no longer be returned from the cache. The 107 | default value is 0, which means no timeToLive (TTL) eviction takes place (infinite lifetime). 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | The maximum number of seconds an element can exist in the cache without 119 | being accessed. The element expires at this limit and will no longer be returned from the 120 | cache. The default value is 0, which means no timeToIdle (TTI) eviction takes place (infinite 121 | lifetime). 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 132 | 133 | the maximum number of elements in memory, before they are evicted. Value 134 | zero means unlimited. 135 | 136 | 137 | 138 | 140 | 141 | 142 | Policy that will be enforced upon reaching the maxElementsInMemory limit. 143 | Default policy is LRU. 144 | 145 | 146 | 147 | 148 | 149 | 150 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/test/resources/conf/catalog.xml: -------------------------------------------------------------------------------- 1 | 2 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/test/resources/conf/domain.tmpl/attributeFinders.xml: -------------------------------------------------------------------------------- 1 | 2 | 22 | 23 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/test/resources/conf/domain.tmpl/pdp.xml: -------------------------------------------------------------------------------- 1 | 21 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/test/resources/conf/domain.tmpl/policySet.xml: -------------------------------------------------------------------------------- 1 | 2 | 22 | 25 | 26 | 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/test/resources/conf/domain.tmpl/refPolicySets.xml: -------------------------------------------------------------------------------- 1 | 2 | 22 | 23 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/test/resources/conf/domains.xml: -------------------------------------------------------------------------------- 1 | 2 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/test/resources/conf/logback.xml: -------------------------------------------------------------------------------- 1 | 2 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | %date{ISO8601} %-5level [%thread] %logger:%line: %msg%n 35 | 36 | 37 | 39 | 40 | 41 | ${catalina.base}/logs/authzforce/error.log 42 | 43 | %date{ISO8601}|%-5level|%thread|%logger:%line|%msg|%n 44 | 45 | 46 | 47 | 1 48 | ${catalina.base}/logs/authzforce/error.log.%i 49 | 50 | 51 | 100KB 52 | 53 | 54 | 55 | ${catalina.base}/logs/authzforce/access.log 56 | 57 | 1 58 | ${catalina.base}/logs/authzforce/access.log.%i 59 | 60 | 61 | 100KB 62 | 63 | 64 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 84 | 85 | 87 | 88 | 89 | 90 | 91 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/test/resources/conf/properties.xml: -------------------------------------------------------------------------------- 1 | 2 | 22 | 23 | Domain1 24 | The Domain 1 25 | 26 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/test/resources/data/domains/5e022256-6d0f-4eb8-aa9d-77db3d4ad141/attributeFinders.xml: -------------------------------------------------------------------------------- 1 | 2 | 22 | 23 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/test/resources/data/domains/5e022256-6d0f-4eb8-aa9d-77db3d4ad141/pdp.xml: -------------------------------------------------------------------------------- 1 | 21 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/test/resources/data/domains/5e022256-6d0f-4eb8-aa9d-77db3d4ad141/policySet.xml: -------------------------------------------------------------------------------- 1 | 2 | 22 | 25 | 26 | 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/test/resources/data/domains/5e022256-6d0f-4eb8-aa9d-77db3d4ad141/properties.xml: -------------------------------------------------------------------------------- 1 | TestDomain 21 | -------------------------------------------------------------------------------- /authzforce-xacmlsdk-samples/src/test/resources/data/domains/5e022256-6d0f-4eb8-aa9d-77db3d4ad141/refPolicySets.xml: -------------------------------------------------------------------------------- 1 | 2 | 22 | 23 | -------------------------------------------------------------------------------- /license/thales-gpl.header.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) ${inceptionYear}-${currentYear} ${copyrightOwner}. 2 | 3 | This file is part of ${projectName}. 4 | 5 | ${projectName} is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | ${projectName} is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with ${projectName}. If not, see . 17 | -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4.0.0 3 | 4 | org.ow2.authzforce 5 | authzforce-ce-parent 6 | 3.3.7 7 | 8 | 9 | UTF-8 10 | Thales Services - ThereSIS 11 | 2.0.5 12 | 1.7.25 13 | 3.2.5 14 | 2.2 15 | 16 | 2013 17 | xacml-sdk 18 | AuthZForce :: XACML SDK 19 | 5.0.0 20 | SDK allowing to create Xacml request and parse responses 21 | pom 22 | 23 | ./authzforce-xacmlsdk-model 24 | ./authzforce-xacmlsdk-common 25 | ./authzforce-xacmlsdk-pdp-api 26 | ./authzforce-xacmlsdk-core 27 | ./authzforce-xacmlsdk-pap-api 28 | ./authzforce-xacmlsdk-admin 29 | ./xacml-sdk-distribution 30 | authzforce-xacmlsdk-samples 31 | 32 | 33 | scm:git:${git.url.base}/xacmlsdk.git 34 | scm:git:${git.url.base}/xacmlsdk.git 35 | HEAD 36 | ${git.url.base}/xacmlsdk 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | org.apache.maven.plugins 45 | maven-assembly-plugin 46 | 2.4 47 | 48 | 49 | src/main/resources/bin.xml 50 | 51 | 52 | 53 | 54 | org.apache.maven.plugins 55 | maven-source-plugin 56 | 2.4 57 | 58 | 59 | attach-sources 60 | verify 61 | 62 | jar-no-fork 63 | 64 | 65 | 66 | 67 | 68 | maven-compiler-plugin 69 | 2.3.2 70 | 71 | 1.8 72 | 1.8 73 | 1.8 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | org.testcontainers 83 | testcontainers 84 | 1.11.3 85 | 86 | 87 | org.apache.cxf 88 | cxf-rt-features-logging 89 | 3.3.2 90 | 91 | 92 | com.github.zafarkhaja 93 | java-semver 94 | 0.9.0 95 | 96 | 97 | ch.qos.logback 98 | logback-classic 99 | 1.1.2 100 | 101 | 102 | 103 | org.apache.cxf 104 | cxf-rt-rs-client 105 | ${cxf.version} 106 | 107 | 108 | 109 | 110 | javax.xml.bind 111 | jaxb-api 112 | ${jaxb.version} 113 | 114 | 115 | javax.xml.bind 116 | jaxb-impl 117 | ${jaxb.version} 118 | 119 | 120 | javax.xml.bind 121 | jaxb-core 122 | ${jaxb.version} 123 | 124 | 125 | javax.ws.rs 126 | javax.ws.rs-api 127 | 2.1 128 | 129 | 130 | 131 | 132 | ${project.groupId} 133 | ${artifactId.prefix}-xacml-model 134 | 3.3.7 135 | 136 | 137 | ${project.parent.groupId} 138 | ${artifactId.prefix}-server-rest-service 139 | 4.4.1 140 | 141 | 142 | ${project.parent.groupId} 143 | ${artifactId.prefix}-rest-api-model 144 | 5.7.0 145 | 146 | 147 | 148 | ${project.parent.groupId} 149 | xacml-sdk-common 150 | ${project.version} 151 | 152 | 153 | ${project.parent.groupId} 154 | xacml-sdk-model 155 | ${project.version} 156 | 157 | 158 | ${project.parent.groupId} 159 | xacml-sdk-pdp-api 160 | ${project.version} 161 | 162 | 163 | ${project.parent.groupId} 164 | xacml-sdk-pdp-rest-impl 165 | ${project.version} 166 | 167 | 168 | ${project.parent.groupId} 169 | xacml-sdk-pap-api 170 | ${project.version} 171 | 172 | 173 | ${project.parent.groupId} 174 | xacml-sdk-pap-rest-impl 175 | ${project.version} 176 | 177 | 178 | 179 | 180 | -------------------------------------------------------------------------------- /xacml-sdk-distribution/license/thales-gpl.header.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) ${inceptionYear}-${currentYear} ${copyrightOwner}. 2 | 3 | This file is part of ${projectName}. 4 | 5 | ${projectName} is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | ${projectName} is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with ${projectName}. If not, see . 17 | -------------------------------------------------------------------------------- /xacml-sdk-distribution/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4.0.0 3 | 4 | org.ow2.authzforce 5 | xacml-sdk 6 | 5.0.0 7 | 8 | xacml-sdk-distribution 9 | pom 10 | AuthZForce :: XACML SDK :: DISTRIBUTION 11 | 12 | 13 | 14 | ${project.parent.groupId} 15 | xacml-sdk-pdp-rest-impl 16 | 17 | 18 | ${project.parent.groupId} 19 | xacml-sdk-pap-rest-impl 20 | 21 | 22 | 23 | 24 | 25 | org.apache.maven.plugins 26 | maven-assembly-plugin 27 | 28 | 29 | jar-with-dependencies 30 | 31 | 32 | 33 | 34 | simple-command 35 | package 36 | 37 | single 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | -------------------------------------------------------------------------------- /xacml-sdk-distribution/src/main/resources/bin.xml: -------------------------------------------------------------------------------- 1 | 4 | bin 5 | 6 | dir 7 | 8 | false 9 | 10 | 11 | 12 | *:jar 13 | 14 | 15 | 16 | 17 | --------------------------------------------------------------------------------