├── .gitignore ├── LICENSE ├── README.md ├── abac-pep-spring-security ├── build.gradle └── src │ ├── main │ ├── java │ │ └── com │ │ │ └── github │ │ │ └── joffryferrater │ │ │ └── pep │ │ │ ├── BeanConfiguration.java │ │ │ ├── PdpConfiguration.java │ │ │ ├── client │ │ │ └── PdpClient.java │ │ │ └── security │ │ │ ├── AbacMethodSecurityExpression.java │ │ │ ├── AbacMethodSecurityExpressionHandler.java │ │ │ └── AbacWebSecurityExpressionHandler.java │ └── resources │ │ └── application.properties │ └── test │ ├── java │ └── com │ │ └── github │ │ └── joffryferrater │ │ └── pep │ │ ├── TestBase.java │ │ ├── client │ │ └── PdpClientTest.java │ │ └── security │ │ └── AbacMethodSecurityExpressionTest.java │ └── resources │ └── application.properties ├── build.gradle ├── diagram.png ├── gradle └── wrapper │ ├── gradle-wrapper.jar │ └── gradle-wrapper.properties ├── gradlew ├── gradlew.bat ├── settings.gradle └── xacml-resource-models ├── build.gradle └── src └── main └── java └── com └── github └── joffryferrater ├── request ├── AccessSubjectCategory.java ├── ActionCategory.java ├── Attribute.java ├── Attributes.java ├── Category.java ├── Constants.java ├── EnvironmentCategory.java ├── Request.java ├── ResourceCategory.java └── XacmlRequest.java └── response ├── Attribute.java ├── AttributeAssignment.java ├── Attributes.java ├── IdReference.java ├── ObligationOrAdvice.java ├── PolicyIdentifier.java ├── Response.java ├── Result.java ├── Status.java └── StatusCode.java /.gitignore: -------------------------------------------------------------------------------- 1 | .gradle 2 | /build/ 3 | **/build/** 4 | **/out/** 5 | xacml-resource-models/build/ 6 | !gradle/wrapper/gradle-wrapper.jar 7 | 8 | ### STS ### 9 | 10 | .apt_generated 11 | .classpath 12 | .factorypath 13 | .project 14 | .settings 15 | .springBeans 16 | .sts4-cache 17 | 18 | ### IntelliJ IDEA ### 19 | .idea 20 | *.iws 21 | *.iml 22 | *.ipr 23 | /out/ 24 | 25 | ### NetBeans ### 26 | /nbproject/private/ 27 | /build/ 28 | /nbbuild/ 29 | /dist/ 30 | /nbdist/ 31 | /.nb-gradle/ 32 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Attribute Based Access Control for Spring Security 2 | ![alt text](https://github.com/jferrater/abac-spring-security/blob/master/diagram.png)
3 | ## What is Attribute Based Access Control (ABAC) 4 | Here is an [article](https://www.axiomatics.com/blog/intro-to-attribute-based-access-control-abac/) to get started with Attribute Based Access Control.
and the XACML reference architecture [here](https://www.axiomatics.com/blog/xacml-reference-architecture/).
5 | 6 | ## About this Project 7 | The Attribute Based Access Control (ABAC) for Spring Security is a Policy Enforcment Point (PEP) implementation which provides both method and web expressions to secure Spring Boot applications based on attributes evaluated against a policy from a Policy Decision Point (PDP) server. 8 | The expressions are called ``#abac.evaluate(Category... categories)`` and ``#abac.evaluateAttributes(String... attributes)`` which send authorization request based on [Json Profile of XACML 3.0 Specification](http://docs.oasis-open.org/xacml/xacml-json-http/v1.0/xacml-json-http-v1.0.html) 9 | 10 | When using ``#abac.evaluateAttributes(String... attributes)``, the array of Strings must follow the format below:
11 | ``access-subject::``
12 | ``resource::``
13 | ``action::``
14 | ``environment::``
15 | 16 | When using ``#abac.evaluate(Category... categories)`` where the arguments is an array of Category objects, the following expressions may be used as arguments:
17 | ``#abac.accessSubjectAttribute(, {})``
18 | ``#abac.resourceAttribute(, {})``
19 | ``#abac.actionAttribute(, {})``
20 | ``#abac.environmentAttribute(, {})``
21 | 22 | ## How to use 23 | 1. Build and publish this project to maven local: ``$ ./gradlew clean build publishToMavenLocal`` 24 | 2. Add the two published artifacts from maven local together with the Spring Security to your Spring Boot project dependency. Example for gradle project:
25 | ``compile('org.springframework.boot:spring-boot-starter-security')``
26 | ``compile('com.github.joffryferrater:abac-pep-spring-security:0.5.1')``
27 | ``compile('com.github.joffryferrater:xacml-resource-models:0.5.1')``
28 | 3. Add the PDP server information in the application.properties file using the properties below: 29 | ````properties 30 | pdp.server.authorize-endpoint=http://localhost:8083/authorize 31 | pdp.server.username=pdp-user 32 | pdp.server.password=password 33 | pdp.server.print-authorization-request=true 34 | ```` 35 | The ``pdp.server.print-authorization-request`` property is useful for debugging purposes. It prints the authorization request on the console.
36 | ````bash 37 | 01-01-2019 17:46:56.120 [http-nio-8888-exec-6] INFO com.github.joffryferrater.pep.client.PdpClient.printAuthorizationRequest - Authorization Request --> {"Request":{"Resource":[{"Attribute":[{"AttributeId":"Attributes.resource.endpoint","Value":["helloWorld/someId"]}]}]}} 38 | 4. Include ``org.github.joffryferrater.pep`` in the scanBasePackages of your Spring Boot app. See example below:
39 | ```java 40 | import org.springframework.boot.SpringApplication; 41 | import org.springframework.boot.autoconfigure.SpringBootApplication; 42 | 43 | @SpringBootApplication( 44 | scanBasePackages={ 45 | "com.github.joffryferrater.sampleappwithxacmlpepspringsecurity", 46 | "com.github.joffryferrater.pep" //Scans the abac-spring-security configurations 47 | }) 48 | public class SampleAppWithXacmlPepSpringSecurityApplication { 49 | 50 | public static void main(String[] args) { 51 | SpringApplication.run(SampleAppWithXacmlPepSpringSecurityApplication.class, args); 52 | } 53 | } 54 | ```` 55 |
5. Create a global method security and web security configurations. 56 | 57 | ##### An example of using Method Security expression: 58 | ````java 59 | import com.github.joffryferrater.pep.security.AbacMethodSecurityExpressionHandler; 60 | import org.springframework.context.annotation.Configuration; 61 | import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler; 62 | import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; 63 | import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration; 64 | 65 | @Configuration 66 | @EnableGlobalMethodSecurity(prePostEnabled = true) 67 | public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration { 68 | 69 | @Override 70 | protected MethodSecurityExpressionHandler createExpressionHandler() { 71 | return new AbacMethodSecurityExpressionHandler(); 72 | } 73 | } 74 | ```` 75 | Here we created a GlobalMethodSecurityConfiguration where we use ``AbacMethodSecurityExpressionHandler()`` which is provided by this project in order to use the expression ``#abac.evaluate`` and ``#abac.evaluateAttributes`` in ``@PreAuthorize`` annotation.
76 | 77 | Annotate the resource to be protected by ``@PreAuthorize(#abac.evaluate({))``. Example below: 78 | ````java 79 | import java.security.Principal; 80 | import org.springframework.security.access.prepost.PreAuthorize; 81 | import org.springframework.web.bind.annotation.GetMapping; 82 | import org.springframework.web.bind.annotation.PathVariable; 83 | import org.springframework.web.bind.annotation.RestController; 84 | 85 | @RestController 86 | public class SampleResource { 87 | private static final String HELLOWORLD_ACCESS = "#abac.evaluate(" 88 | + "{#abac.resourceAttribute('Attributes.resource.endpoint', {'helloWorld'}), " 89 | + "#abac.accessSubjectAttribute('urn:oasis:names:tc:xacml:1.0:subject:subject-id', {#principal.name})})"; 90 | private static final String HELLOWORLD_ID_ACCESS = "#abac.evaluateAttributes({'resource:Attributes.resource.endpoint:helloWorld/'+#id})"; 91 | 92 | @GetMapping("/helloWorld") 93 | @PreAuthorize(HELLOWORLD_ACCESS) 94 | public String printHelloWorld(Principal principal) { 95 | return "hello world"; 96 | } 97 | 98 | @GetMapping("/helloWorld/{id}") 99 | @PreAuthorize(HELLOWORLD_ID_ACCESS) 100 | public String getHelloWorldId(@PathVariable String id) { 101 | return "hello world id is: " + id; 102 | } 103 | 104 | /** 105 | * 106 | * Secured by Web Security expression, see @link{#WebSecurityConfig} 107 | */ 108 | @GetMapping("/securedPath") 109 | public String getSecuredPath() { 110 | return "This is the /securedPath "; 111 | } 112 | } 113 | ```` 114 | In the example above, the ``/helloWorld`` resource is protected with ``@PreAuthorize`` annotation with the abac expression. The ``#abac.evaluate`` send the following authorization request to a PDP server.
115 | `````json 116 | { 117 | "Request": { 118 | "AccessSubject": [{ 119 | "Attribute": [{ 120 | "AttributeId": "urn:oasis:names:tc:xacml:1.0:subject:subject-id", 121 | "Value": ["Alice"] 122 | }] 123 | }], 124 | "Resource": [{ 125 | "Attribute": [{ 126 | "AttributeId": "Attributes.resource.endpoint", 127 | "Value": ["helloWorld"] 128 | }] 129 | }] 130 | } 131 | } 132 | ````` 133 | where the value Alice is the current user name and the value helloWorld is the protected resource.
134 | 135 | ##### An example of using Web Security expression: 136 | ````java 137 | import com.github.joffryferrater.pep.security.AbacWebSecurityExpressionHandler; 138 | import org.springframework.context.annotation.Bean; 139 | import org.springframework.context.annotation.Configuration; 140 | import org.springframework.http.HttpMethod; 141 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; 142 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 143 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 144 | 145 | @Configuration 146 | @EnableWebSecurity 147 | public class WebSecurityConfig extends WebSecurityConfigurerAdapter { 148 | 149 | private static final String SECURED_PATH_ACCESS = "#abac.evaluateAttributes('resource:Attributes.resource.endpoint:securedPath', 'action:Attributes.action-id:read')"; 150 | 151 | @Autowired 152 | private ApplicationContext applicationContext; 153 | 154 | @Override 155 | protected void configure(HttpSecurity http) throws Exception { 156 | http.csrf().disable() 157 | .formLogin() 158 | .and() 159 | .authorizeRequests() 160 | .expressionHandler(webSecurityExpressionHandler()) 161 | .antMatchers(HttpMethod.GET, "/securedPath").access(SECURED_PATH_ACCESS) 162 | .anyRequest().authenticated(); 163 | 164 | } 165 | 166 | private AbacWebSecurityExpressionHandler webSecurityExpressionHandler() { 167 | return this.applicationContext.getBean(AbacWebSecurityExpressionHandler.class); 168 | } 169 | 170 | } 171 | 172 | ```` 173 | Here we created a Web Security Configuration and we set the expression handler as ``AbacWebSecurityExpressionHandler`` which is also provided by this project in order to use ``#abac.evaluate`` and ``#abac.evaluateAttributes`` expressions in ``access()`` as access expressions for securing the resource /securedPath. 174 | 175 | #### See sample project here: https://github.com/jferrater/sample-app-with-abac-spring-security 176 | -------------------------------------------------------------------------------- /abac-pep-spring-security/build.gradle: -------------------------------------------------------------------------------- 1 | buildscript { 2 | ext { 3 | springBootVersion = '2.0.2.RELEASE' 4 | } 5 | repositories { 6 | mavenCentral() 7 | } 8 | } 9 | 10 | plugins { 11 | id 'java' 12 | id 'maven' 13 | id 'maven-publish' 14 | } 15 | 16 | apply plugin: 'eclipse' 17 | 18 | dependencies { 19 | compile project(":xacml-resource-models") 20 | 21 | compile group: 'org.springframework.boot', name: 'spring-boot-starter', version: springBootVersion 22 | compile group: 'org.springframework.boot', name: 'spring-boot-starter-web', version: springBootVersion 23 | compile group: 'org.springframework.boot', name: 'spring-boot-starter-security', version: springBootVersion 24 | 25 | compileOnly group: 'org.springframework.boot', name: 'spring-boot-configuration-processor', version: springBootVersion 26 | 27 | testCompile group: 'junit', name: 'junit', version: '4.12' 28 | testCompile group: 'org.springframework.boot', name: 'spring-boot-starter-test', version: springBootVersion 29 | } 30 | 31 | compileJava.dependsOn(processResources) 32 | 33 | publishing { 34 | publications { 35 | jar(MavenPublication) { 36 | from components.java 37 | } 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /abac-pep-spring-security/src/main/java/com/github/joffryferrater/pep/BeanConfiguration.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.pep; 2 | 3 | import com.github.joffryferrater.pep.client.PdpClient; 4 | import org.springframework.boot.web.client.RestTemplateBuilder; 5 | import org.springframework.context.annotation.Bean; 6 | import org.springframework.context.annotation.Configuration; 7 | 8 | @Configuration 9 | public class BeanConfiguration { 10 | 11 | @Bean 12 | public PdpConfiguration pdpConfiguration() { 13 | return new PdpConfiguration(); 14 | } 15 | 16 | @Bean 17 | public PdpClient pdpClient(RestTemplateBuilder restTemplateBuilder) { 18 | restTemplateBuilder.setConnectTimeout(5000); 19 | final PdpConfiguration pdpConfiguration = pdpConfiguration(); 20 | final String username = pdpConfiguration.getUsername(); 21 | final String password = pdpConfiguration.getPassword(); 22 | if (username != null && password != null) { 23 | restTemplateBuilder.basicAuthorization(username, password); 24 | } 25 | return new PdpClient(restTemplateBuilder, pdpConfiguration()); 26 | } 27 | } 28 | 29 | -------------------------------------------------------------------------------- /abac-pep-spring-security/src/main/java/com/github/joffryferrater/pep/PdpConfiguration.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.pep; 2 | 3 | import org.springframework.boot.context.properties.ConfigurationProperties; 4 | import org.springframework.stereotype.Component; 5 | 6 | @ConfigurationProperties(prefix = "pdp.server") 7 | @Component 8 | public class PdpConfiguration { 9 | 10 | private String authorizeEndpoint; 11 | private String username; 12 | private String password; 13 | private boolean printAuthorizationRequest; 14 | 15 | public boolean isPrintAuthorizationRequest() { 16 | return printAuthorizationRequest; 17 | } 18 | 19 | public void setPrintAuthorizationRequest(boolean printAuthorizationRequest) { 20 | this.printAuthorizationRequest = printAuthorizationRequest; 21 | } 22 | 23 | public String getUsername() { 24 | return username; 25 | } 26 | 27 | public void setUsername(String username) { 28 | this.username = username; 29 | } 30 | 31 | public String getPassword() { 32 | return password; 33 | } 34 | 35 | public void setPassword(String password) { 36 | this.password = password; 37 | } 38 | 39 | public String getAuthorizeEndpoint() { 40 | return authorizeEndpoint; 41 | } 42 | 43 | public void setAuthorizeEndpoint(String authorizeEndpoint) { 44 | this.authorizeEndpoint = authorizeEndpoint; 45 | } 46 | 47 | 48 | } 49 | -------------------------------------------------------------------------------- /abac-pep-spring-security/src/main/java/com/github/joffryferrater/pep/client/PdpClient.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.pep.client; 2 | 3 | import com.fasterxml.jackson.core.JsonProcessingException; 4 | import com.fasterxml.jackson.databind.ObjectMapper; 5 | import com.github.joffryferrater.pep.PdpConfiguration; 6 | import com.github.joffryferrater.request.XacmlRequest; 7 | import com.github.joffryferrater.response.Response; 8 | import org.slf4j.Logger; 9 | import org.slf4j.LoggerFactory; 10 | import org.springframework.boot.web.client.RestTemplateBuilder; 11 | import org.springframework.http.HttpEntity; 12 | import org.springframework.http.HttpHeaders; 13 | import org.springframework.stereotype.Service; 14 | import org.springframework.web.client.RestTemplate; 15 | 16 | @Service 17 | public class PdpClient { 18 | 19 | private static final Logger LOGGER = LoggerFactory.getLogger(PdpClient.class); 20 | 21 | private final RestTemplate restTemplate; 22 | private PdpConfiguration pdpConfiguration; 23 | 24 | public PdpClient(RestTemplateBuilder restTemplateBuilder, PdpConfiguration pdpConfiguration) { 25 | this.restTemplate = restTemplateBuilder.build(); 26 | this.pdpConfiguration = pdpConfiguration; 27 | } 28 | 29 | public Response sendXacmlJsonRequest(XacmlRequest xacmlRequest) { 30 | printAuthorizationRequest(xacmlRequest); 31 | HttpHeaders headers = createHeaders(); 32 | HttpEntity entity = new HttpEntity<>(xacmlRequest, headers); 33 | final String url = pdpConfiguration.getAuthorizeEndpoint(); 34 | return restTemplate.postForObject(url, entity, Response.class); 35 | } 36 | 37 | private HttpHeaders createHeaders() { 38 | HttpHeaders headers = new HttpHeaders(); 39 | headers.add("Content-Type", "application/xacml+json"); 40 | headers.add("Accept", "application/json"); 41 | return headers; 42 | } 43 | 44 | private void printAuthorizationRequest(XacmlRequest xacmlRequest) { 45 | if (pdpConfiguration.isPrintAuthorizationRequest()) { 46 | ObjectMapper objectMapper = new ObjectMapper(); 47 | try { 48 | final String requestInString = objectMapper.writeValueAsString(xacmlRequest); 49 | LOGGER.info("Authorization Request --> {}", requestInString); 50 | } catch (JsonProcessingException e) { 51 | //Do nothing 52 | } 53 | } 54 | } 55 | } 56 | 57 | -------------------------------------------------------------------------------- /abac-pep-spring-security/src/main/java/com/github/joffryferrater/pep/security/AbacMethodSecurityExpression.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.pep.security; 2 | 3 | import com.github.joffryferrater.pep.client.PdpClient; 4 | import com.github.joffryferrater.request.AccessSubjectCategory; 5 | import com.github.joffryferrater.request.ActionCategory; 6 | import com.github.joffryferrater.request.Attribute; 7 | import com.github.joffryferrater.request.Category; 8 | import com.github.joffryferrater.request.EnvironmentCategory; 9 | import com.github.joffryferrater.request.Request; 10 | import com.github.joffryferrater.request.ResourceCategory; 11 | import com.github.joffryferrater.request.XacmlRequest; 12 | import com.github.joffryferrater.response.Response; 13 | import java.util.ArrayList; 14 | import java.util.Collections; 15 | import java.util.List; 16 | import org.slf4j.Logger; 17 | import org.slf4j.LoggerFactory; 18 | 19 | public class AbacMethodSecurityExpression { 20 | 21 | private static final Logger LOGGER = LoggerFactory.getLogger(AbacMethodSecurityExpression.class); 22 | 23 | private final PdpClient pdpClient; 24 | 25 | public AbacMethodSecurityExpression(PdpClient pdpClient) { 26 | this.pdpClient = pdpClient; 27 | } 28 | 29 | public boolean evaluateAttributes(String... attributes) { 30 | List accessSubjectCategories = new ArrayList<>(); 31 | List resourceCategories = new ArrayList<>(); 32 | List actionCategories = new ArrayList<>(); 33 | List environmentCategories = new ArrayList<>(); 34 | for (String attribute : attributes) { 35 | String[] expression = attribute.split(":", 3); 36 | addAccessSubjectAttribute(accessSubjectCategories, expression); 37 | addResourceAttribute(resourceCategories, expression); 38 | addActionAttribute(actionCategories, expression); 39 | addEnvironmentAttribute(environmentCategories, expression); 40 | } 41 | return evaluateAuthorizationRequest(accessSubjectCategories, resourceCategories, actionCategories, 42 | environmentCategories); 43 | } 44 | 45 | private boolean evaluateAuthorizationRequest(List accessSubjectCategories, 46 | List resourceCategories, List actionCategories, 47 | List environmentCategories) { 48 | Request request = buildRequest(resourceCategories, accessSubjectCategories, actionCategories, 49 | environmentCategories); 50 | final Response pdpResponse = getAuthorizationResponse(request); 51 | return isPermitted(pdpResponse); 52 | } 53 | 54 | private void addAccessSubjectAttribute(List accessSubjectCategories, String[] expression) { 55 | if ("access-subject".equals(expression[0])) { 56 | AccessSubjectCategory accessSubjectCategory = accessSubjectAttribute(expression[1], 57 | Collections.singletonList(expression[2])); 58 | accessSubjectCategories.add(accessSubjectCategory); 59 | } 60 | } 61 | 62 | private void addResourceAttribute(List resourceCategories, String[] expression) { 63 | if ("resource".equals(expression[0])) { 64 | ResourceCategory resourceCategory = resourceAttribute(expression[1], 65 | Collections.singletonList(expression[2])); 66 | resourceCategories.add(resourceCategory); 67 | } 68 | } 69 | 70 | private void addActionAttribute(List actionCategories, String[] expression) { 71 | if ("action".equals(expression[0])) { 72 | ActionCategory actionCategory = actionAttribute(expression[1], Collections.singletonList(expression[2])); 73 | actionCategories.add(actionCategory); 74 | } 75 | } 76 | 77 | private void addEnvironmentAttribute(List environmentCategories, String[] expression) { 78 | if ("environment".equals(expression[0])) { 79 | EnvironmentCategory environmentCategory = environmentAttribute(expression[1], 80 | Collections.singletonList(expression[2])); 81 | environmentCategories.add(environmentCategory); 82 | } 83 | } 84 | 85 | public boolean evaluate(Category... categories) { 86 | List resourceCategories = new ArrayList<>(); 87 | List accessSubjectCategories = new ArrayList<>(); 88 | List actionCategories = new ArrayList<>(); 89 | List environmentCategories = new ArrayList<>(); 90 | for (Category category : categories) { 91 | if (category instanceof ResourceCategory) { 92 | ResourceCategory resourceCategory = (ResourceCategory) category; 93 | resourceCategories.add(resourceCategory); 94 | } 95 | if (category instanceof AccessSubjectCategory) { 96 | AccessSubjectCategory accessSubjectCategory = (AccessSubjectCategory) category; 97 | accessSubjectCategories.add(accessSubjectCategory); 98 | } 99 | if (category instanceof ActionCategory) { 100 | ActionCategory actionCategory = (ActionCategory) category; 101 | actionCategories.add(actionCategory); 102 | } 103 | if (category instanceof EnvironmentCategory) { 104 | EnvironmentCategory environmentCategory = (EnvironmentCategory) category; 105 | environmentCategories.add(environmentCategory); 106 | } 107 | 108 | } 109 | return evaluateAuthorizationRequest(accessSubjectCategories, resourceCategories, actionCategories, 110 | environmentCategories); 111 | } 112 | 113 | public ResourceCategory resourceAttribute(String attributeId, List values) { 114 | ResourceCategory resourceCategory = new ResourceCategory(); 115 | final Attribute attribute = new Attribute(); 116 | attribute.setAttributeId(attributeId); 117 | attribute.setValue(values); 118 | resourceCategory.setAttributes(Collections.singletonList(attribute)); 119 | return resourceCategory; 120 | } 121 | 122 | public ActionCategory actionAttribute(String attributeId, List values) { 123 | ActionCategory actionCategory = new ActionCategory(); 124 | final Attribute attribute = new Attribute(); 125 | attribute.setAttributeId(attributeId); 126 | attribute.setValue(values); 127 | actionCategory.setAttributes(Collections.singletonList(attribute)); 128 | return actionCategory; 129 | } 130 | 131 | public AccessSubjectCategory accessSubjectAttribute(String attributeId, List values) { 132 | AccessSubjectCategory accessSubjectCategory = new AccessSubjectCategory(); 133 | Attribute attribute = new Attribute(); 134 | attribute.setAttributeId(attributeId); 135 | attribute.setValue(values); 136 | accessSubjectCategory.setAttributes(Collections.singletonList(attribute)); 137 | return accessSubjectCategory; 138 | } 139 | 140 | public EnvironmentCategory environmentAttribute(String attributeId, List values) { 141 | EnvironmentCategory environmentCategory = new EnvironmentCategory(); 142 | Attribute attribute = new Attribute(); 143 | attribute.setAttributeId(attributeId); 144 | attribute.setValue(values); 145 | environmentCategory.setAttributes(Collections.singletonList(attribute)); 146 | return environmentCategory; 147 | } 148 | 149 | private Request buildRequest(List resourceCategories, 150 | List accessSubjectCategories, List actionCategories, 151 | List environmentCategories) { 152 | Request request = new Request(); 153 | request.setResourceCategory(resourceCategories); 154 | request.setAccessSubjectCategory(accessSubjectCategories); 155 | request.setActionCategory(actionCategories); 156 | request.setEnvironmentCategory(environmentCategories); 157 | return request; 158 | } 159 | 160 | private Response getAuthorizationResponse(Request request) { 161 | XacmlRequest xacmlRequest = new XacmlRequest(request); 162 | return pdpClient.sendXacmlJsonRequest(xacmlRequest); 163 | } 164 | 165 | private boolean isPermitted(Response response) { 166 | final boolean isPermitted = "Permit".equals(response.getResults().get(0).getDecision()); 167 | LOGGER.debug("isPermitted: {}", isPermitted); 168 | return isPermitted; 169 | } 170 | } 171 | -------------------------------------------------------------------------------- /abac-pep-spring-security/src/main/java/com/github/joffryferrater/pep/security/AbacMethodSecurityExpressionHandler.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.pep.security; 2 | 3 | import com.github.joffryferrater.pep.client.PdpClient; 4 | import org.aopalliance.intercept.MethodInvocation; 5 | import org.springframework.beans.factory.annotation.Autowired; 6 | import org.springframework.context.annotation.Configuration; 7 | import org.springframework.expression.spel.support.StandardEvaluationContext; 8 | import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler; 9 | import org.springframework.security.core.Authentication; 10 | 11 | @Configuration 12 | public class AbacMethodSecurityExpressionHandler extends DefaultMethodSecurityExpressionHandler { 13 | 14 | @Autowired 15 | private PdpClient pdpClient; 16 | 17 | @Override 18 | public StandardEvaluationContext createEvaluationContextInternal(Authentication auth, MethodInvocation mi) { 19 | StandardEvaluationContext evaluationContext = super.createEvaluationContextInternal(auth, mi); 20 | evaluationContext.setVariable("abac", new AbacMethodSecurityExpression(pdpClient)); 21 | return evaluationContext; 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /abac-pep-spring-security/src/main/java/com/github/joffryferrater/pep/security/AbacWebSecurityExpressionHandler.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.pep.security; 2 | 3 | import com.github.joffryferrater.pep.client.PdpClient; 4 | import org.springframework.beans.factory.annotation.Autowired; 5 | import org.springframework.context.annotation.Configuration; 6 | import org.springframework.expression.spel.support.StandardEvaluationContext; 7 | import org.springframework.security.core.Authentication; 8 | import org.springframework.security.web.FilterInvocation; 9 | import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler; 10 | 11 | @Configuration 12 | public class AbacWebSecurityExpressionHandler extends DefaultWebSecurityExpressionHandler { 13 | 14 | @Autowired 15 | private PdpClient pdpClient; 16 | 17 | @Override 18 | protected StandardEvaluationContext createEvaluationContextInternal(Authentication authentication, 19 | FilterInvocation invocation) { 20 | StandardEvaluationContext evaluationContext = super.createEvaluationContextInternal(authentication, invocation); 21 | evaluationContext.setVariable("abac", new AbacMethodSecurityExpression(pdpClient)); 22 | return evaluationContext; 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /abac-pep-spring-security/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | logging.level.root=warn 2 | logging.pattern.console=%d{dd-MM-yyyy HH:mm:ss.SSS} %magenta([%thread]) %highlight(%-5level) %logger.%M - %msg%n 3 | logging.level.com.github.joffryferrater=warn -------------------------------------------------------------------------------- /abac-pep-spring-security/src/test/java/com/github/joffryferrater/pep/TestBase.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.pep; 2 | 3 | import static org.springframework.test.web.client.match.MockRestRequestMatchers.header; 4 | import static org.springframework.test.web.client.match.MockRestRequestMatchers.method; 5 | import static org.springframework.test.web.client.match.MockRestRequestMatchers.requestTo; 6 | import static org.springframework.test.web.client.response.MockRestResponseCreators.withSuccess; 7 | 8 | import com.fasterxml.jackson.core.JsonProcessingException; 9 | import com.fasterxml.jackson.databind.ObjectMapper; 10 | import com.github.joffryferrater.pep.client.PdpClient; 11 | import com.github.joffryferrater.response.Response; 12 | import com.github.joffryferrater.response.Result; 13 | import java.util.Collections; 14 | import org.springframework.beans.factory.annotation.Autowired; 15 | import org.springframework.boot.test.autoconfigure.web.client.RestClientTest; 16 | import org.springframework.http.HttpMethod; 17 | import org.springframework.http.MediaType; 18 | import org.springframework.test.web.client.MockRestServiceServer; 19 | 20 | @RestClientTest(PdpClient.class) 21 | public class TestBase { 22 | 23 | @Autowired 24 | private PdpConfiguration configuration; 25 | 26 | @Autowired 27 | private MockRestServiceServer server; 28 | @Autowired 29 | private ObjectMapper objectMapper; 30 | 31 | protected Result mockResult(String decision) { 32 | Result pdpResponse = new Result(); 33 | pdpResponse.setDecision(decision); 34 | return pdpResponse; 35 | } 36 | 37 | protected void setExpectedPdpResponse(Result result) throws JsonProcessingException { 38 | Response pdpResponse = new Response(Collections.singletonList(result)); 39 | String responseInString = objectMapper.writeValueAsString(pdpResponse); 40 | this.server.expect(requestTo(configuration.getAuthorizeEndpoint())) 41 | .andExpect(method(HttpMethod.POST)) 42 | .andExpect(header("Content-Type", "application/xacml+json")) 43 | .andRespond(withSuccess(responseInString, MediaType.APPLICATION_JSON)); 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /abac-pep-spring-security/src/test/java/com/github/joffryferrater/pep/client/PdpClientTest.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.pep.client; 2 | 3 | import static org.hamcrest.MatcherAssert.assertThat; 4 | import static org.hamcrest.Matchers.is; 5 | 6 | import com.fasterxml.jackson.core.JsonProcessingException; 7 | import com.github.joffryferrater.pep.BeanConfiguration; 8 | import com.github.joffryferrater.pep.TestBase; 9 | import com.github.joffryferrater.request.AccessSubjectCategory; 10 | import com.github.joffryferrater.request.Attribute; 11 | import com.github.joffryferrater.request.Request; 12 | import com.github.joffryferrater.request.XacmlRequest; 13 | import com.github.joffryferrater.response.Response; 14 | import com.github.joffryferrater.response.Result; 15 | import java.io.IOException; 16 | import java.util.ArrayList; 17 | import java.util.Collections; 18 | import java.util.List; 19 | import org.junit.Before; 20 | import org.junit.Test; 21 | import org.junit.runner.RunWith; 22 | import org.springframework.beans.factory.annotation.Autowired; 23 | import org.springframework.boot.test.context.ConfigFileApplicationContextInitializer; 24 | import org.springframework.test.context.ContextConfiguration; 25 | import org.springframework.test.context.junit4.SpringRunner; 26 | 27 | @RunWith(SpringRunner.class) 28 | @ContextConfiguration(classes = BeanConfiguration.class, initializers = ConfigFileApplicationContextInitializer.class) 29 | public class PdpClientTest extends TestBase { 30 | 31 | @Autowired 32 | private PdpClient target; 33 | 34 | @Before 35 | public void setUp() throws JsonProcessingException { 36 | Result result = mockResult("Permit"); 37 | setExpectedPdpResponse(result); 38 | } 39 | 40 | @Test 41 | public void shouldReturnPdpResponse() throws IOException { 42 | Request request = new Request(); 43 | List accessSubjectCategoryList = new ArrayList<>(); 44 | AccessSubjectCategory accessSubject = new AccessSubjectCategory(); 45 | final Attribute attribute = new Attribute(); 46 | attribute.setAttributeId("access-subject-id"); 47 | attribute.setValue(Collections.singletonList("Joffry")); 48 | accessSubject.setAttributes(Collections.singletonList(attribute)); 49 | accessSubjectCategoryList.add(accessSubject); 50 | request.setAccessSubjectCategory(accessSubjectCategoryList); 51 | Response response = target.sendXacmlJsonRequest(new XacmlRequest(request)); 52 | 53 | assertThat(response.getResults().get(0).getDecision(), is("Permit")); 54 | } 55 | 56 | } -------------------------------------------------------------------------------- /abac-pep-spring-security/src/test/java/com/github/joffryferrater/pep/security/AbacMethodSecurityExpressionTest.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.pep.security; 2 | 3 | import static org.hamcrest.CoreMatchers.is; 4 | import static org.hamcrest.CoreMatchers.notNullValue; 5 | import static org.junit.Assert.assertThat; 6 | 7 | import com.fasterxml.jackson.core.JsonProcessingException; 8 | import com.github.joffryferrater.pep.BeanConfiguration; 9 | import com.github.joffryferrater.pep.TestBase; 10 | import com.github.joffryferrater.pep.client.PdpClient; 11 | import com.github.joffryferrater.request.AccessSubjectCategory; 12 | import com.github.joffryferrater.request.ActionCategory; 13 | import com.github.joffryferrater.request.Attribute; 14 | import com.github.joffryferrater.request.Category; 15 | import com.github.joffryferrater.request.EnvironmentCategory; 16 | import com.github.joffryferrater.request.ResourceCategory; 17 | import com.github.joffryferrater.response.Result; 18 | import java.util.Collections; 19 | import org.junit.Before; 20 | import org.junit.Test; 21 | import org.junit.runner.RunWith; 22 | import org.springframework.beans.factory.annotation.Autowired; 23 | import org.springframework.boot.test.context.ConfigFileApplicationContextInitializer; 24 | import org.springframework.test.context.ContextConfiguration; 25 | import org.springframework.test.context.junit4.SpringRunner; 26 | 27 | @RunWith(SpringRunner.class) 28 | @ContextConfiguration(classes = BeanConfiguration.class, initializers = ConfigFileApplicationContextInitializer.class) 29 | public class AbacMethodSecurityExpressionTest extends TestBase { 30 | 31 | private AbacMethodSecurityExpression target; 32 | 33 | @Autowired 34 | PdpClient pdpClient; 35 | 36 | @Before 37 | public void setUp() { 38 | target = new AbacMethodSecurityExpression(pdpClient){}; 39 | } 40 | 41 | @Test 42 | public void evaluateShouldReturnTrue() throws JsonProcessingException { 43 | final Result mockResult = mockResult("Permit"); 44 | setExpectedPdpResponse(mockResult); 45 | 46 | final boolean result = target.evaluate(categories()); 47 | assertThat(result, is(true)); 48 | } 49 | 50 | @Test 51 | public void evaluateShouldReturnTrueForAttributesStringArray() throws JsonProcessingException { 52 | final Result mockResult = mockResult("Permit"); 53 | setExpectedPdpResponse(mockResult); 54 | 55 | final boolean result = target.evaluateAttributes("access-subject:id:value", "resource:id:value", "action:id:value", 56 | "environment:id:value"); 57 | assertThat(result, is(true)); 58 | } 59 | 60 | @Test 61 | public void shouldReturnAccessSubjectCategoryWithOneAttribute() { 62 | final AccessSubjectCategory result = target 63 | .accessSubjectAttribute("id", Collections.singletonList("value")); 64 | 65 | assertThat(result, is(notNullValue())); 66 | assertThat(result.getAttributes().size(), is(1)); 67 | } 68 | 69 | @Test 70 | public void shouldReturnResourceCategoryWithOneAttribute() { 71 | final ResourceCategory result = target.resourceAttribute("id", Collections.singletonList("value")); 72 | 73 | assertThat(result, is(notNullValue())); 74 | assertThat(result.getAttributes().size(), is(1)); 75 | } 76 | 77 | @Test 78 | public void shouldReturnActionCategoryWithOneAttribute() { 79 | final ActionCategory result = target.actionAttribute("id", Collections.singletonList("value")); 80 | 81 | assertThat(result, is(notNullValue())); 82 | assertThat(result.getAttributes().size(), is(1)); 83 | } 84 | 85 | @Test 86 | public void shouldReturnEnvironmentCategoryWithOneAttribute() { 87 | final EnvironmentCategory result = target.environmentAttribute("id", Collections.singletonList("value")); 88 | 89 | assertThat(result, is(notNullValue())); 90 | assertThat(result.getAttributes().size(), is(1)); 91 | } 92 | 93 | private Category[] categories() { 94 | ResourceCategory resourceCategory = new ResourceCategory(); 95 | final Attribute attribute = new Attribute(); 96 | attribute.setAttributeId("Attributes.resource.endpoint"); 97 | attribute.setValue(Collections.singletonList("helloWorld")); 98 | resourceCategory.setAttributes(Collections.singletonList(attribute)); 99 | AccessSubjectCategory accessSubjectCategory = new AccessSubjectCategory(); 100 | Attribute attribute2 = new Attribute(); 101 | attribute2.setAttributeId("urn:oasis:names:tc:xacml:1.0:subject:subject-id"); 102 | attribute2.setValue(Collections.singletonList("user")); 103 | accessSubjectCategory.setAttributes(Collections.singletonList(attribute2)); 104 | return new Category[]{resourceCategory, accessSubjectCategory}; 105 | } 106 | } -------------------------------------------------------------------------------- /abac-pep-spring-security/src/test/resources/application.properties: -------------------------------------------------------------------------------- 1 | pdp.server.authorizeEndpoint=http://localhost:8080/asm-pdp/authorize 2 | pdp.server.username=admin 3 | pdp.server.password=password 4 | logging.level.root=warn 5 | logging.pattern.console=%d{dd-MM-yyyy HH:mm:ss.SSS} %magenta([%thread]) %highlight(%-5level) %logger.%M - %msg%n 6 | logging.level.com.github.joffryferrater=debug -------------------------------------------------------------------------------- /build.gradle: -------------------------------------------------------------------------------- 1 | defaultTasks "clean", ":abac-pep-spring-security:build" 2 | 3 | allprojects { 4 | apply plugin: 'java' 5 | 6 | sourceCompatibility = 1.8 7 | targetCompatibility = 1.8 8 | 9 | group = 'com.github.joffryferrater' 10 | version = '0.5.1' 11 | 12 | repositories { 13 | mavenLocal() 14 | mavenCentral() 15 | } 16 | } -------------------------------------------------------------------------------- /diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chakra-coder/abac-spring-security/9e1d4ad175f728b1dad26352e2034dd900a1a604/diagram.png -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chakra-coder/abac-spring-security/9e1d4ad175f728b1dad26352e2034dd900a1a604/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | #Wed May 23 14:49:40 CEST 2018 2 | distributionBase=GRADLE_USER_HOME 3 | distributionPath=wrapper/dists 4 | zipStoreBase=GRADLE_USER_HOME 5 | zipStorePath=wrapper/dists 6 | distributionUrl=https\://services.gradle.org/distributions/gradle-4.5.1-all.zip 7 | -------------------------------------------------------------------------------- /gradlew: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | ############################################################################## 4 | ## 5 | ## Gradle start up script for UN*X 6 | ## 7 | ############################################################################## 8 | 9 | # Attempt to set APP_HOME 10 | # Resolve links: $0 may be a link 11 | PRG="$0" 12 | # Need this for relative symlinks. 13 | while [ -h "$PRG" ] ; do 14 | ls=`ls -ld "$PRG"` 15 | link=`expr "$ls" : '.*-> \(.*\)$'` 16 | if expr "$link" : '/.*' > /dev/null; then 17 | PRG="$link" 18 | else 19 | PRG=`dirname "$PRG"`"/$link" 20 | fi 21 | done 22 | SAVED="`pwd`" 23 | cd "`dirname \"$PRG\"`/" >/dev/null 24 | APP_HOME="`pwd -P`" 25 | cd "$SAVED" >/dev/null 26 | 27 | APP_NAME="Gradle" 28 | APP_BASE_NAME=`basename "$0"` 29 | 30 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 31 | DEFAULT_JVM_OPTS="" 32 | 33 | # Use the maximum available, or set MAX_FD != -1 to use that value. 34 | MAX_FD="maximum" 35 | 36 | warn ( ) { 37 | echo "$*" 38 | } 39 | 40 | die ( ) { 41 | echo 42 | echo "$*" 43 | echo 44 | exit 1 45 | } 46 | 47 | # OS specific support (must be 'true' or 'false'). 48 | cygwin=false 49 | msys=false 50 | darwin=false 51 | nonstop=false 52 | case "`uname`" in 53 | CYGWIN* ) 54 | cygwin=true 55 | ;; 56 | Darwin* ) 57 | darwin=true 58 | ;; 59 | MINGW* ) 60 | msys=true 61 | ;; 62 | NONSTOP* ) 63 | nonstop=true 64 | ;; 65 | esac 66 | 67 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar 68 | 69 | # Determine the Java command to use to start the JVM. 70 | if [ -n "$JAVA_HOME" ] ; then 71 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 72 | # IBM's JDK on AIX uses strange locations for the executables 73 | JAVACMD="$JAVA_HOME/jre/sh/java" 74 | else 75 | JAVACMD="$JAVA_HOME/bin/java" 76 | fi 77 | if [ ! -x "$JAVACMD" ] ; then 78 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 79 | 80 | Please set the JAVA_HOME variable in your environment to match the 81 | location of your Java installation." 82 | fi 83 | else 84 | JAVACMD="java" 85 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 86 | 87 | Please set the JAVA_HOME variable in your environment to match the 88 | location of your Java installation." 89 | fi 90 | 91 | # Increase the maximum file descriptors if we can. 92 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then 93 | MAX_FD_LIMIT=`ulimit -H -n` 94 | if [ $? -eq 0 ] ; then 95 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 96 | MAX_FD="$MAX_FD_LIMIT" 97 | fi 98 | ulimit -n $MAX_FD 99 | if [ $? -ne 0 ] ; then 100 | warn "Could not set maximum file descriptor limit: $MAX_FD" 101 | fi 102 | else 103 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 104 | fi 105 | fi 106 | 107 | # For Darwin, add options to specify how the application appears in the dock 108 | if $darwin; then 109 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 110 | fi 111 | 112 | # For Cygwin, switch paths to Windows format before running java 113 | if $cygwin ; then 114 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 115 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 116 | JAVACMD=`cygpath --unix "$JAVACMD"` 117 | 118 | # We build the pattern for arguments to be converted via cygpath 119 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 120 | SEP="" 121 | for dir in $ROOTDIRSRAW ; do 122 | ROOTDIRS="$ROOTDIRS$SEP$dir" 123 | SEP="|" 124 | done 125 | OURCYGPATTERN="(^($ROOTDIRS))" 126 | # Add a user-defined pattern to the cygpath arguments 127 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 128 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 129 | fi 130 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 131 | i=0 132 | for arg in "$@" ; do 133 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 134 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 135 | 136 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 137 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 138 | else 139 | eval `echo args$i`="\"$arg\"" 140 | fi 141 | i=$((i+1)) 142 | done 143 | case $i in 144 | (0) set -- ;; 145 | (1) set -- "$args0" ;; 146 | (2) set -- "$args0" "$args1" ;; 147 | (3) set -- "$args0" "$args1" "$args2" ;; 148 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;; 149 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 150 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 151 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 152 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 153 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 154 | esac 155 | fi 156 | 157 | # Escape application args 158 | save ( ) { 159 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done 160 | echo " " 161 | } 162 | APP_ARGS=$(save "$@") 163 | 164 | # Collect all arguments for the java command, following the shell quoting and substitution rules 165 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" 166 | 167 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong 168 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then 169 | cd "$(dirname "$0")" 170 | fi 171 | 172 | exec "$JAVACMD" "$@" 173 | -------------------------------------------------------------------------------- /gradlew.bat: -------------------------------------------------------------------------------- 1 | @if "%DEBUG%" == "" @echo off 2 | @rem ########################################################################## 3 | @rem 4 | @rem Gradle startup script for Windows 5 | @rem 6 | @rem ########################################################################## 7 | 8 | @rem Set local scope for the variables with windows NT shell 9 | if "%OS%"=="Windows_NT" setlocal 10 | 11 | set DIRNAME=%~dp0 12 | if "%DIRNAME%" == "" set DIRNAME=. 13 | set APP_BASE_NAME=%~n0 14 | set APP_HOME=%DIRNAME% 15 | 16 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 17 | set DEFAULT_JVM_OPTS= 18 | 19 | @rem Find java.exe 20 | if defined JAVA_HOME goto findJavaFromJavaHome 21 | 22 | set JAVA_EXE=java.exe 23 | %JAVA_EXE% -version >NUL 2>&1 24 | if "%ERRORLEVEL%" == "0" goto init 25 | 26 | echo. 27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 28 | echo. 29 | echo Please set the JAVA_HOME variable in your environment to match the 30 | echo location of your Java installation. 31 | 32 | goto fail 33 | 34 | :findJavaFromJavaHome 35 | set JAVA_HOME=%JAVA_HOME:"=% 36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 37 | 38 | if exist "%JAVA_EXE%" goto init 39 | 40 | echo. 41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 42 | echo. 43 | echo Please set the JAVA_HOME variable in your environment to match the 44 | echo location of your Java installation. 45 | 46 | goto fail 47 | 48 | :init 49 | @rem Get command-line arguments, handling Windows variants 50 | 51 | if not "%OS%" == "Windows_NT" goto win9xME_args 52 | 53 | :win9xME_args 54 | @rem Slurp the command line arguments. 55 | set CMD_LINE_ARGS= 56 | set _SKIP=2 57 | 58 | :win9xME_args_slurp 59 | if "x%~1" == "x" goto execute 60 | 61 | set CMD_LINE_ARGS=%* 62 | 63 | :execute 64 | @rem Setup the command line 65 | 66 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 67 | 68 | @rem Execute Gradle 69 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% 70 | 71 | :end 72 | @rem End local scope for the variables with windows NT shell 73 | if "%ERRORLEVEL%"=="0" goto mainEnd 74 | 75 | :fail 76 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 77 | rem the _cmd.exe /c_ return code! 78 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 79 | exit /b 1 80 | 81 | :mainEnd 82 | if "%OS%"=="Windows_NT" endlocal 83 | 84 | :omega 85 | -------------------------------------------------------------------------------- /settings.gradle: -------------------------------------------------------------------------------- 1 | rootProject.name = 'abac-spring-security' 2 | include 'xacml-resource-models' 3 | include 'abac-pep-spring-security' 4 | 5 | -------------------------------------------------------------------------------- /xacml-resource-models/build.gradle: -------------------------------------------------------------------------------- 1 | plugins { 2 | id 'java' 3 | id 'maven' 4 | id 'maven-publish' 5 | } 6 | 7 | dependencies { 8 | compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.9.0' 9 | compile group: 'commons-lang', name: 'commons-lang', version: '2.6' 10 | 11 | testCompile group: 'junit', name: 'junit', version: '4.12' 12 | } 13 | 14 | publishing { 15 | publications { 16 | jar(MavenPublication) { 17 | from components.java 18 | } 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /xacml-resource-models/src/main/java/com/github/joffryferrater/request/AccessSubjectCategory.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.request; 2 | 3 | public class AccessSubjectCategory extends Category { 4 | 5 | @Override 6 | public String getCategoryId() { 7 | return "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"; 8 | } 9 | } -------------------------------------------------------------------------------- /xacml-resource-models/src/main/java/com/github/joffryferrater/request/ActionCategory.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.request; 2 | 3 | public class ActionCategory extends Category { 4 | 5 | @Override 6 | public String getCategoryId() { 7 | return "urn:oasis:names:tc:xacml:3.0:attribute-category:action"; 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /xacml-resource-models/src/main/java/com/github/joffryferrater/request/Attribute.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.request; 2 | 3 | import com.fasterxml.jackson.annotation.JsonInclude; 4 | import com.fasterxml.jackson.annotation.JsonInclude.Include; 5 | import com.fasterxml.jackson.annotation.JsonProperty; 6 | import com.fasterxml.jackson.annotation.JsonPropertyOrder; 7 | import java.util.ArrayList; 8 | import java.util.List; 9 | 10 | @JsonInclude(Include.NON_EMPTY) 11 | @JsonPropertyOrder({ "AttributeId", "Value", "DataType" }) 12 | public class Attribute { 13 | 14 | @JsonProperty("AttributeId") 15 | private String attributeId; 16 | @JsonProperty("Value") 17 | private List value = new ArrayList<>(); 18 | @JsonProperty("DataType") 19 | private String dataType; 20 | 21 | public Attribute() { 22 | //Empty constructor for Jackson 23 | } 24 | 25 | public Attribute(String attributeId, List value, String dataType) { 26 | this.attributeId = attributeId; 27 | this.value = value; 28 | this.dataType = dataType; 29 | } 30 | 31 | public String getAttributeId() { 32 | return attributeId; 33 | } 34 | 35 | public void setAttributeId(String attributeId) { 36 | this.attributeId = attributeId; 37 | } 38 | 39 | public List getValue() { 40 | return value; 41 | } 42 | 43 | public void setValue(List value) { 44 | this.value = value; 45 | } 46 | 47 | public String getDataType() { 48 | return dataType; 49 | } 50 | 51 | public void setDataType(String dataType) { 52 | this.dataType = dataType; 53 | } 54 | } -------------------------------------------------------------------------------- /xacml-resource-models/src/main/java/com/github/joffryferrater/request/Attributes.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.request; 2 | 3 | import com.fasterxml.jackson.annotation.JsonInclude; 4 | import com.fasterxml.jackson.annotation.JsonInclude.Include; 5 | import com.fasterxml.jackson.annotation.JsonProperty; 6 | import java.util.ArrayList; 7 | import java.util.List; 8 | 9 | @JsonInclude(Include.NON_EMPTY) 10 | public class Attributes { 11 | 12 | @JsonProperty(value = "CategoryId") 13 | private String categoryId; 14 | @JsonProperty(value = "Id") 15 | private String id; 16 | @JsonProperty(value = "Content") 17 | private String content; 18 | @JsonProperty(value = "Attribute") 19 | List attributes = new ArrayList<>(); 20 | 21 | public Attributes() { 22 | //Empty constructor for Jackson 23 | } 24 | 25 | public Attributes(String categoryId, String id, String content, 26 | List attributes) { 27 | this.categoryId = categoryId; 28 | this.id = id; 29 | this.content = content; 30 | this.attributes = attributes; 31 | } 32 | 33 | public Attributes(List attributes) { 34 | this.attributes = attributes; 35 | } 36 | 37 | public String getCategoryId() { 38 | return categoryId; 39 | } 40 | 41 | public void setCategoryId(String categoryId) { 42 | this.categoryId = categoryId; 43 | } 44 | 45 | public String getId() { 46 | return id; 47 | } 48 | 49 | public void setId(String id) { 50 | this.id = id; 51 | } 52 | 53 | public String getContent() { 54 | return content; 55 | } 56 | 57 | public void setContent(String content) { 58 | this.content = content; 59 | } 60 | 61 | public List getAttributes() { 62 | return attributes; 63 | } 64 | 65 | public void setAttributes(List attributes) { 66 | this.attributes = attributes; 67 | } 68 | } 69 | -------------------------------------------------------------------------------- /xacml-resource-models/src/main/java/com/github/joffryferrater/request/Category.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.request; 2 | 3 | import com.fasterxml.jackson.annotation.JsonInclude; 4 | import com.fasterxml.jackson.annotation.JsonInclude.Include; 5 | 6 | @JsonInclude(Include.NON_DEFAULT) 7 | public abstract class Category extends Attributes{ 8 | 9 | @Override 10 | public abstract String getCategoryId(); 11 | } 12 | -------------------------------------------------------------------------------- /xacml-resource-models/src/main/java/com/github/joffryferrater/request/Constants.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.request; 2 | 3 | public class Constants { 4 | 5 | public static final String RESOURCE = "Resource"; 6 | public static final String ACCESS_SUBJECT = "AccessSubject"; 7 | public static final String ACTION = "Action"; 8 | public static final String ENVIRONMENT = "Environment"; 9 | } 10 | -------------------------------------------------------------------------------- /xacml-resource-models/src/main/java/com/github/joffryferrater/request/EnvironmentCategory.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.request; 2 | 3 | public class EnvironmentCategory extends Category { 4 | 5 | @Override 6 | public String getCategoryId() { 7 | return "urn:oasis:names:tc:xacml:3.0:attribute-category:environment"; 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /xacml-resource-models/src/main/java/com/github/joffryferrater/request/Request.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.request; 2 | 3 | import static com.github.joffryferrater.request.Constants.ACCESS_SUBJECT; 4 | import static com.github.joffryferrater.request.Constants.ACTION; 5 | import static com.github.joffryferrater.request.Constants.ENVIRONMENT; 6 | import static com.github.joffryferrater.request.Constants.RESOURCE; 7 | 8 | import com.fasterxml.jackson.annotation.JsonInclude; 9 | import com.fasterxml.jackson.annotation.JsonInclude.Include; 10 | import com.fasterxml.jackson.annotation.JsonProperty; 11 | import com.fasterxml.jackson.annotation.JsonPropertyOrder; 12 | import java.util.ArrayList; 13 | import java.util.List; 14 | 15 | @JsonInclude(Include.NON_EMPTY) 16 | @JsonPropertyOrder({ 17 | ACCESS_SUBJECT, 18 | ACTION, 19 | RESOURCE, 20 | ENVIRONMENT 21 | }) 22 | public class Request { 23 | 24 | @JsonProperty(ACCESS_SUBJECT) 25 | private List accessSubjectCategory = new ArrayList<>(); 26 | 27 | @JsonProperty(ACTION) 28 | private List actionCategory = new ArrayList<>(); 29 | 30 | @JsonProperty(ENVIRONMENT) 31 | private List environmentCategory = new ArrayList<>(); 32 | 33 | @JsonProperty(RESOURCE) 34 | private List resourceCategory = new ArrayList<>(); 35 | 36 | public List getAccessSubjectCategory() { 37 | return accessSubjectCategory; 38 | } 39 | 40 | public void setAccessSubjectCategory( 41 | List accessSubjectCategory) { 42 | this.accessSubjectCategory = new ArrayList<>(accessSubjectCategory); 43 | } 44 | 45 | public List getActionCategory() { 46 | return actionCategory; 47 | } 48 | 49 | public void setActionCategory(List actionCategory) { 50 | this.actionCategory = new ArrayList<>(actionCategory); 51 | } 52 | 53 | public List getEnvironmentCategory() { 54 | return environmentCategory; 55 | } 56 | 57 | public void setEnvironmentCategory(List environmentCategory) { 58 | this.environmentCategory = new ArrayList<>(environmentCategory); 59 | } 60 | 61 | public List getResourceCategory() { 62 | return resourceCategory; 63 | } 64 | 65 | public void setResourceCategory(List resourceCategory) { 66 | this.resourceCategory = new ArrayList<>(resourceCategory); 67 | } 68 | } -------------------------------------------------------------------------------- /xacml-resource-models/src/main/java/com/github/joffryferrater/request/ResourceCategory.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.request; 2 | 3 | public class ResourceCategory extends Category { 4 | 5 | @Override 6 | public String getCategoryId() { 7 | return "urn:oasis:names:tc:xacml:3.0:attribute-category:resource"; 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /xacml-resource-models/src/main/java/com/github/joffryferrater/request/XacmlRequest.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.request; 2 | 3 | import com.fasterxml.jackson.annotation.JsonInclude; 4 | import com.fasterxml.jackson.annotation.JsonInclude.Include; 5 | import com.fasterxml.jackson.annotation.JsonProperty; 6 | 7 | @JsonInclude(Include.NON_NULL) 8 | public class XacmlRequest { 9 | 10 | @JsonProperty("Request") 11 | private Request request; 12 | 13 | public XacmlRequest() { 14 | //Empty constructor for Jackson 15 | } 16 | 17 | public XacmlRequest(Request request) { 18 | this.request = request; 19 | } 20 | 21 | public Request getRequest() { 22 | return request; 23 | } 24 | 25 | public void setRequest(Request request) { 26 | this.request = request; 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /xacml-resource-models/src/main/java/com/github/joffryferrater/response/Attribute.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.response; 2 | 3 | import com.fasterxml.jackson.annotation.JsonInclude; 4 | import com.fasterxml.jackson.annotation.JsonProperty; 5 | 6 | @JsonInclude(JsonInclude.Include.NON_DEFAULT) 7 | public class Attribute { 8 | 9 | @JsonProperty("AttributeId") 10 | private String attributeId; 11 | @JsonProperty("Value") 12 | private Object[] value; 13 | @JsonProperty("Issuer") 14 | private String issuer; 15 | @JsonProperty("DataType") 16 | private String dataType; 17 | @JsonProperty("IncludeInResult") 18 | private boolean includeInResult = false; 19 | 20 | public String getAttributeId() { 21 | return attributeId; 22 | } 23 | 24 | public void setAttributeId(String attributeId) { 25 | this.attributeId = attributeId; 26 | } 27 | 28 | public Object[] getValue() { 29 | return value; 30 | } 31 | 32 | public void setValue(Object[] value) { 33 | this.value = value; 34 | } 35 | 36 | public String getIssuer() { 37 | return issuer; 38 | } 39 | 40 | public void setIssuer(String issuer) { 41 | this.issuer = issuer; 42 | } 43 | 44 | public String getDataType() { 45 | return dataType; 46 | } 47 | 48 | public void setDataType(String dataType) { 49 | this.dataType = dataType; 50 | } 51 | 52 | public boolean isIncludeInResult() { 53 | return includeInResult; 54 | } 55 | 56 | public void setIncludeInResult(boolean includeInResult) { 57 | this.includeInResult = includeInResult; 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /xacml-resource-models/src/main/java/com/github/joffryferrater/response/AttributeAssignment.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.response; 2 | 3 | import com.fasterxml.jackson.annotation.JsonInclude; 4 | import com.fasterxml.jackson.annotation.JsonProperty; 5 | import java.net.URI; 6 | 7 | @JsonInclude(JsonInclude.Include.NON_NULL) 8 | public class AttributeAssignment { 9 | 10 | @JsonProperty("AttributeId") 11 | private URI attributeId; 12 | 13 | @JsonProperty("Value") 14 | private Object value; 15 | 16 | @JsonProperty("Category") 17 | private URI category; 18 | 19 | @JsonProperty("DataType") 20 | private URI dataType; 21 | 22 | @JsonProperty("Issuer") 23 | private String issuer; 24 | 25 | public URI getAttributeId() { 26 | return attributeId; 27 | } 28 | 29 | public void setAttributeId(URI id) { 30 | attributeId = id; 31 | } 32 | 33 | public Object getValue() { 34 | return value; 35 | } 36 | 37 | public void setValue(Object value) { 38 | this.value = value; 39 | } 40 | 41 | public URI getCategory() { 42 | return category; 43 | } 44 | 45 | public void setCategory(URI category) { 46 | this.category = category; 47 | } 48 | 49 | public URI getDataType() { 50 | return dataType; 51 | } 52 | 53 | public void setDataType(URI dataType) { 54 | this.dataType = dataType; 55 | } 56 | 57 | public String getIssuer() { 58 | return issuer; 59 | } 60 | 61 | public void setIssuer(String issuer) { 62 | this.issuer = issuer; 63 | } 64 | 65 | } -------------------------------------------------------------------------------- /xacml-resource-models/src/main/java/com/github/joffryferrater/response/Attributes.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.response; 2 | 3 | import com.fasterxml.jackson.annotation.JsonInclude; 4 | import com.fasterxml.jackson.annotation.JsonProperty; 5 | 6 | @JsonInclude(JsonInclude.Include.NON_DEFAULT) 7 | public class Attributes { 8 | 9 | @JsonProperty(value = "CategoryId") 10 | private String categoryId; 11 | @JsonProperty(value = "Id") 12 | private String id; 13 | @JsonProperty(value = "Content") 14 | private String content; 15 | @JsonProperty(value = "Attribute") 16 | Attribute[] attributes; 17 | 18 | public String getCategoryId() { 19 | return categoryId; 20 | } 21 | 22 | public void setCategoryId(String categoryId) { 23 | this.categoryId = categoryId; 24 | } 25 | 26 | public String getId() { 27 | return id; 28 | } 29 | 30 | public void setId(String id) { 31 | this.id = id; 32 | } 33 | 34 | public String getContent() { 35 | return content; 36 | } 37 | 38 | public void setContent(String content) { 39 | this.content = content; 40 | } 41 | 42 | public Attribute[] getAttributes() { 43 | return attributes; 44 | } 45 | 46 | public void setAttributes(Attribute[] attributes) { 47 | this.attributes = attributes; 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /xacml-resource-models/src/main/java/com/github/joffryferrater/response/IdReference.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.response; 2 | 3 | import com.fasterxml.jackson.annotation.JsonInclude; 4 | import com.fasterxml.jackson.annotation.JsonProperty; 5 | import java.net.URI; 6 | 7 | @JsonInclude(JsonInclude.Include.NON_NULL) 8 | public class IdReference { 9 | 10 | @JsonProperty(value = "Id") 11 | private URI id; 12 | 13 | @JsonProperty(value = "Version") 14 | private String version; 15 | 16 | public URI getId() { 17 | return id; 18 | } 19 | 20 | public void setId(URI id) { 21 | this.id = id; 22 | } 23 | 24 | public String getVersion() { 25 | return version; 26 | } 27 | 28 | public void setVersion(String version) { 29 | this.version = version; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /xacml-resource-models/src/main/java/com/github/joffryferrater/response/ObligationOrAdvice.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.response; 2 | 3 | import com.fasterxml.jackson.annotation.JsonInclude; 4 | import com.fasterxml.jackson.annotation.JsonProperty; 5 | import java.net.URI; 6 | import java.util.ArrayList; 7 | import java.util.List; 8 | 9 | @JsonInclude(JsonInclude.Include.NON_EMPTY) 10 | public class ObligationOrAdvice { 11 | 12 | @JsonProperty(value = "Id") 13 | private URI id; 14 | 15 | @JsonProperty(value = "AttributeAssignment") 16 | private List attributeAssignment = new ArrayList<>(); 17 | 18 | public URI getId() { 19 | return id; 20 | } 21 | 22 | public void setId(URI id) { 23 | this.id = id; 24 | } 25 | 26 | public List getAttributeAssignment() { 27 | return attributeAssignment; 28 | } 29 | 30 | public void setAttributeAssignment(List attributeAssignment) { 31 | this.attributeAssignment = attributeAssignment; 32 | } 33 | 34 | } -------------------------------------------------------------------------------- /xacml-resource-models/src/main/java/com/github/joffryferrater/response/PolicyIdentifier.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.response; 2 | 3 | import com.fasterxml.jackson.annotation.JsonInclude; 4 | import com.fasterxml.jackson.annotation.JsonProperty; 5 | import java.util.ArrayList; 6 | import java.util.List; 7 | 8 | @JsonInclude(JsonInclude.Include.NON_EMPTY) 9 | public class PolicyIdentifier { 10 | 11 | @JsonProperty(value = "PolicyIdReference") 12 | private List policyIdReference = new ArrayList<>(); 13 | 14 | @JsonProperty(value = "PolicySetIdReference") 15 | private List policySetIdReference = new ArrayList<>(); 16 | 17 | public List getPolicyIdReference() { 18 | return policyIdReference; 19 | } 20 | 21 | public void setPolicyIdReference(List policyIdReference) { 22 | this.policyIdReference = policyIdReference; 23 | } 24 | 25 | public List getPolicySetIdReference() { 26 | return policySetIdReference; 27 | } 28 | 29 | public void setPolicySetIdReference(List policySetIdReference) { 30 | this.policySetIdReference = policySetIdReference; 31 | } 32 | 33 | } 34 | -------------------------------------------------------------------------------- /xacml-resource-models/src/main/java/com/github/joffryferrater/response/Response.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.response; 2 | 3 | import com.fasterxml.jackson.annotation.JsonInclude; 4 | import com.fasterxml.jackson.annotation.JsonInclude.Include; 5 | import com.fasterxml.jackson.annotation.JsonProperty; 6 | import java.util.List; 7 | 8 | @JsonInclude(Include.NON_EMPTY) 9 | public class Response { 10 | 11 | @JsonProperty("Response") 12 | private List results; 13 | 14 | public Response() { 15 | //Empty constructor needed by Jackson 16 | } 17 | 18 | public Response(List results) { 19 | this.results = results; 20 | } 21 | 22 | public List getResults() { 23 | return results; 24 | } 25 | 26 | public void setResults(List results) { 27 | this.results = results; 28 | } 29 | } -------------------------------------------------------------------------------- /xacml-resource-models/src/main/java/com/github/joffryferrater/response/Result.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.response; 2 | 3 | import com.fasterxml.jackson.annotation.JsonInclude; 4 | import com.fasterxml.jackson.annotation.JsonInclude.Include; 5 | import com.fasterxml.jackson.annotation.JsonProperty; 6 | import java.util.List; 7 | 8 | @JsonInclude(Include.NON_EMPTY) 9 | public class Result { 10 | 11 | @JsonProperty(value = "Decision") 12 | private String decision; 13 | 14 | @JsonProperty(value = "Status") 15 | private Status status; 16 | 17 | @JsonProperty(value = "Obligations") 18 | private List obligations; 19 | 20 | @JsonProperty(value = "AssociatedAdvice") 21 | private List advice; 22 | 23 | @JsonProperty(value = "Category") 24 | private List attributes; 25 | 26 | @JsonProperty(value = "PolicyIdentifierList") 27 | private List policyIdentifierList; 28 | 29 | public String getDecision() { 30 | return decision; 31 | } 32 | 33 | public void setDecision(String decision) { 34 | this.decision = decision; 35 | } 36 | 37 | public Status getStatus() { 38 | return status; 39 | } 40 | 41 | public void setStatus(Status status) { 42 | this.status = status; 43 | } 44 | 45 | public List getObligations() { 46 | return obligations; 47 | } 48 | 49 | public void setObligations(List obligations) { 50 | this.obligations = obligations; 51 | } 52 | 53 | public List getAdvice() { 54 | return advice; 55 | } 56 | 57 | public void setAdvice(List advice) { 58 | this.advice = advice; 59 | } 60 | 61 | public List getAttributes() { 62 | return attributes; 63 | } 64 | 65 | public void setAttributes(List attributes) { 66 | this.attributes = attributes; 67 | } 68 | 69 | public List getPolicyIdentifierList() { 70 | return policyIdentifierList; 71 | } 72 | 73 | public void setPolicyIdentifierList(List policyIdentifierList) { 74 | this.policyIdentifierList = policyIdentifierList; 75 | } 76 | } 77 | -------------------------------------------------------------------------------- /xacml-resource-models/src/main/java/com/github/joffryferrater/response/Status.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.response; 2 | 3 | import com.fasterxml.jackson.annotation.JsonInclude; 4 | import com.fasterxml.jackson.annotation.JsonProperty; 5 | 6 | @JsonInclude(JsonInclude.Include.NON_DEFAULT) 7 | public class Status { 8 | 9 | @JsonProperty(value = "StatusMessage") 10 | private String statusMessage; 11 | 12 | @JsonProperty(value = "StatusDetail") 13 | private String statusDetail; 14 | 15 | @JsonProperty(value = "StatusCode") 16 | private StatusCode statusCode; 17 | 18 | public String getStatusMessage() { 19 | return statusMessage; 20 | } 21 | 22 | public void setStatusMessage(String statusMessage) { 23 | this.statusMessage = statusMessage; 24 | } 25 | 26 | public String getStatusDetail() { 27 | return statusDetail; 28 | } 29 | 30 | public void setStatusDetail(String statusDetail) { 31 | this.statusDetail = statusDetail; 32 | } 33 | 34 | public StatusCode getStatusCode() { 35 | return statusCode; 36 | } 37 | 38 | public void setStatusCode(StatusCode statusCode) { 39 | this.statusCode = statusCode; 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /xacml-resource-models/src/main/java/com/github/joffryferrater/response/StatusCode.java: -------------------------------------------------------------------------------- 1 | package com.github.joffryferrater.response; 2 | 3 | import com.fasterxml.jackson.annotation.JsonInclude; 4 | import com.fasterxml.jackson.annotation.JsonProperty; 5 | import java.net.URI; 6 | import java.util.ArrayList; 7 | import java.util.List; 8 | 9 | @JsonInclude(JsonInclude.Include.NON_NULL) 10 | public class StatusCode { 11 | 12 | @JsonProperty(value = "Value") 13 | private URI value; 14 | 15 | @JsonProperty(value = "StatusCode") 16 | private List statusCodes = new ArrayList<>(); 17 | 18 | public URI getValue() { 19 | return value; 20 | } 21 | 22 | public void setValue(URI value) { 23 | this.value = value; 24 | } 25 | 26 | public List getStatusCodes() { 27 | return statusCodes; 28 | } 29 | 30 | public void setStatusCodes(List statusCodes) { 31 | this.statusCodes = statusCodes; 32 | } 33 | 34 | } --------------------------------------------------------------------------------