GenericBreakGlass
/
GenericBreakGlass-XACML
Archived
2
0
Fork 0
Code Issues Pull Requests Releases Activity

Initial commit.

This commit is contained in:
Achim D. Brucker 2015-05-31 11:09:17 +02:00
parent 9e46082e2d
commit 998a7eb2e1
34 changed files with 1986 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
src/eu.aniketos.securebpmn.xacml.api/pom.xml Normal file
View File

@ -0,0 +1,76 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>eu.aniketos.securebpmn.xacml</groupId>
<artifactId>eu.aniketos.securebpmn.xacml.parent</artifactId>
<version>1.0</version>
<relativePath>../eu.aniketos.securebpmn.xacml.parent/pom.xml</relativePath>
</parent>
<artifactId>eu.aniketos.securebpmn.xacml.api</artifactId>
<version>0.1</version>
<packaging>jar</packaging>
<name>SecureBPMN XACML - Core API</name>
<url>http://maven.apache.org</url>
<properties>
<cxf-version>2.5.1</cxf-version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<build>
<finalName>${artifactId}</finalName>
<plugins>
<!-- Java 1.5 -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.5</source>
<target>1.5</target>
</configuration>
</plugin>
<!-- Java2WS -->
<plugin>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-java2ws-plugin</artifactId>
<!-- version>${cxf-version}</version -->
<version>${cxf-version}</version>
<dependencies>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
<!-- version>${cxf-version}</version -->
<version>${cxf-version}</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-simple</artifactId>
<!-- version>${cxf-version}</version -->
<version>${cxf-version}</version>
</dependency>
</dependencies>
<executions>
<execution>
<id>process-classes</id>
<phase>process-classes</phase>
<configuration>
<className>eu.aniketos.securebpmn.xacml.api.autho.IPDP</className>
<genWsdl>true</genWsdl>
<verbose>true</verbose>
</configuration>
<goals>
<goal>java2ws</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>[4.8,)</version>
<scope>test</scope>
</dependency>
</dependencies>
</project>

61
src/eu.aniketos.securebpmn.xacml.api/pom_pdpwsdl_gen.xml Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>eu.aniketos.securebpmn.xacml</groupId>
<artifactId>eu.aniketos.securebpmn.xacml.parent</artifactId>
<version>1.0</version>
<relativePath>../eu.aniketos.securebpmn.xacml.parent/pom.xml</relativePath>
</parent>
<artifactId>pdp-wsdlclient</artifactId>
<packaging>jar</packaging>
<version>0.1</version>
<name>pdp</name>
<url>http://maven.apache.org</url>
<build>
<finalName>${artifactId}</finalName>
<sourceDirectory>target/generated/cxf/src</sourceDirectory>
<outputDirectory>target/generated/cxf/bin</outputDirectory>
<plugins>
<!-- Java 1.5 -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.5</source>
<target>1.5</target>
</configuration>
</plugin>
<!-- generate java files from wsdl -->
<plugin>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-codegen-plugin</artifactId>
<executions>
<execution>
<id>generate-sources</id>
<phase>generate-sources</phase>
<configuration>
<sourceRoot>${project.build.directory}/generated/cxf/src</sourceRoot>
<wsdlOptions>
<wsdlOption>
<wsdl>${project.build.directory}/generated/wsdl/IPDP.wsdl</wsdl>
</wsdlOption>
</wsdlOptions>
</configuration>
<goals>
<goal>wsdl2java</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
</dependencies>
</project>

29
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/ErrorType.java Normal file
View File

@ -0,0 +1,29 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api;
import javax.xml.bind.annotation.XmlType;
/**
*
* Defines the main type of the SecurityError
*/
@XmlType(namespace="http://aniketos.eu/")
public enum ErrorType {
AUTHENTICATION_FAILED,
AUTHORIZATION_FAILED,
CONFIGURATION_ERROR
}

39
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/ReasonType.java Normal file
View File

@ -0,0 +1,39 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api;
import javax.xml.bind.annotation.XmlType;
/**
* Defines a more detailed reason for the error
*
*/
@XmlType(namespace="http://aniketos.eu/")
public enum ReasonType {
SSO_ENGINE_ERROR,
MISSING_CAS_TICKET,
MISSING_USER,
INVALID_CAS_TICKET,
INVALID_USERNAME_PASSWORD,
CAS_TICKET_WRONG_SERVICE,
INVALID_PARAMETERS,
PDE_ENGINE_ERROR,
BREAK_GLASS,
UNDEFINED_POLICY,
INVALID_XACML,
DENY
}

199
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/SecurityError.java Normal file
View File

@ -0,0 +1,199 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api;
import javax.xml.ws.WebFault;
@WebFault(targetNamespace="aniketos.eu/") //, name="SecurityError" name="eu.aniketos.SecurityError", faultBean="eu.aniketos.SecurityError
public class SecurityError extends Exception {
private static final long serialVersionUID = 1031874369988364332L;
protected ErrorType error;
protected ReasonType reason;
protected String message;
protected long evaluationId;
private static final String[] error_messages = {
"Authentication failed",
"Authorization failed",
"Configuration error"
};
private static final String[] reason_messages = {
"SSO Engine error",
"Missing Security Token",
"Missing authenticated user",
"Invalid Security Token",
"Invalid Username or Password",
"Security Token not valid for requested service",
"Invalid parameters",
"PDE Engine error",
"Access requires break-glass",
"No policy defined for requested resource",
"Invalid XACML Defintion",
"User is not permitted to access the requested resource"
};
/**
* Creating a new SecurityError, message is generated from error and reason
*
* @param error
* @param reason
*/
public SecurityError(ErrorType error, ReasonType reason) {
super(generateMessage(error, reason));
this.message = super.getMessage();
this.error = error;
this.reason = reason;
}
/**
* Creating a new SecurityError, message is generated from error and reason, enhanced with additionalMessage
*
* @param error
* @param reason
* @param additionalMessage
*/
public SecurityError(ErrorType error, ReasonType reason, String additionalMessage) {
super(generateMessage(error, reason, additionalMessage));
this.message = super.getMessage();
this.error = error;
this.reason = reason;
}
/**
* Creating a new SecurityError, message is generated from error and reason
*
* @param error
* @param reason
* @param exception
*/
public SecurityError(ErrorType error, ReasonType reason, Throwable exception) {
super(generateMessage(error, reason), exception);
this.message = super.getMessage();
this.error = error;
this.reason = reason;
}
/**
* Creating a new SecurityError, message is generated from error and reason, enhanced with additionalMessage
*
* @param error
* @param reason
* @param additionalMessage
* @param exception
*/
public SecurityError(ErrorType error, ReasonType reason, String additionalMessage, Throwable exception) {
super(generateMessage(error, reason, additionalMessage), exception);
this.message = super.getMessage();
this.error = error;
this.reason = reason;
}
/**
* Creating a new Security Error with a free defined message. Should only be used to create a new SecurityError in Proxies, wrapping a received error
* @param message
* @param error
* @param reason
*/
public SecurityError(String message, ErrorType error, ReasonType reason) {
super(message);
this.message = super.getMessage();
this.error = error;
this.reason = reason;
}
/**
* returns the main error type for this SecurityError
*
* @return
*/
public ErrorType getError() {
return error;
}
/**
* should not be used to create a new message; is required for web service interfaces
* @param error
*/
public void setError(ErrorType error) {
this.error = error;
}
/**
* returns the more detailed reason for this SecurityError
*
* @return
*/
public ReasonType getReason() {
return reason;
}
/**
* should not be used to create a new message; is required for web service interfaces
* @param reason
*/
public void setReason(ReasonType reason) {
this.reason = reason;
}
@Override
public String getMessage() {
return this.message;
}
/**
* DO NOT USE! Required for SCA
* @param message
*/
public void setMessage(String message) {
//required for SCA? i.e., finding "message" as attribute with getters and setters
this.message = message;
}
public long getEvaluationId() {
return evaluationId;
}
public void setEvaluationId(long evaluationId) {
this.evaluationId = evaluationId;
}
// /**
// * DO NOT USE! Required for SCA
// *
// */
// public SecurityError() {
//
// }
private static String generateMessage(ErrorType error, ReasonType reason) {
return error_messages[error.ordinal()] + ": " + reason_messages[reason.ordinal()];
}
private static String generateMessage(ErrorType error, ReasonType reason, String additionalMessage) {
return generateMessage(error, reason) + " (" + additionalMessage + ")";
}
}

99
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/autho/AttributeIdentifier.java Normal file
View File

@ -0,0 +1,99 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.autho;
import java.net.URI;
/**
*
* Allows to identify attributes by its defining URIs, e.g., as key for hash tables
* <br/>
* As attributes within xacml cannot be uniquely identified using their java objects, this
* class can be used as such a unique identification
*
*/
public class AttributeIdentifier {
protected URI category, attributeType, attributeId, issuer;
public AttributeIdentifier(URI category, URI attributeType, URI attributeId, URI issuer) {
if ( category == null || attributeId == null || attributeType == null ) {
throw new RuntimeException("category, type and ID must not be null!");
}
this.category = category;
this.attributeType = attributeType;
this.attributeId = attributeId;
this.issuer = issuer;
}
public AttributeIdentifier() {
//needed for web service stuff.. should not be used otherwise
}
@Override
public int hashCode() {
if ( issuer == null ) {
return category.hashCode() + attributeId.hashCode() + attributeType.hashCode();
} else {
return category.hashCode() + attributeId.hashCode() + attributeType.hashCode() + issuer.hashCode();
}
}
@Override
public boolean equals(Object o) {
if ( o instanceof AttributeIdentifier) {
AttributeIdentifier a = (AttributeIdentifier) o;
if ( this.category.equals(a.category) &&
this.attributeType.equals(a.attributeType) &&
this.attributeId.equals(a.attributeId) &&
((this.issuer == null && a.issuer == null) || this.issuer.equals(a.issuer))) {
return true;
} else {
return false;
}
} else {
return false;
}
}
@Override
public String toString() {
return "[category]" + category + "[category];[type]" + attributeType + "[type];[id]" + attributeId + "[id];[issuer]" + issuer + "[issuer]";
}
public URI getCategory() {
return category;
}
public URI getAttributeType() {
return attributeType;
}
public URI getAttributeId() {
return attributeId;
}
public URI getIssuer() {
return issuer;
}
}

83
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/autho/AuthoAttribute.java Normal file
View File

@ -0,0 +1,83 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.autho;
import java.net.URI;
import javax.xml.bind.annotation.XmlType;
@XmlType(namespace="http://aniketos.eu/autho")
public class AuthoAttribute {
public static final URI OBLIGATION_CATEGORY = URI.create("urn:category:obligation");
enum STATUS {
MISSING,
RESOLVED,
RESOLUTION_ERROR
}
private Long id;
protected AttributeIdentifier attrId;
protected String value;
protected boolean underRevision;
//TODO save, if -) within initial request -) requested through
public static final int INITIAL_REQUST = 0x1, ATTR_RESOLVER = 0x2;
public AuthoAttribute() {
// needed for web service stuff
}
public AuthoAttribute(AttributeIdentifier attrId, String value) {
this.attrId = attrId;
this.value = value;
}
public AuthoAttribute(URI categoryId, URI attributeId, URI dataType, String value) {
this.attrId = new AttributeIdentifier(categoryId, dataType, attributeId, null);
this.value = value;
}
public AttributeIdentifier getAttributeIdentifier() {
return this.attrId;
}
public void setAttributeIdentifier(AttributeIdentifier attrId) {
this.attrId = attrId;
}
public String getValue() {
return value;
}
public void setValue(String value) {
this.value = value;
}
public void setId(Long id) {
this.id = id;
}
public Long getId() {
return id;
}
}

46
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/autho/AuthoInfo.java Normal file
View File

@ -0,0 +1,46 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.autho;
import java.util.List;
import eu.aniketos.securebpmn.api.idm.IdInfo;
public class AuthoInfo extends IdInfo {
public AuthoInfo() {
}
public AuthoInfo(IdInfo idInfo) {
super(idInfo); //TODO copy arguments
}
//List of attributes assigned to the user, e.g., roles, etc.
//for usual, this information is obtained by the IDM
protected List<AuthoAttribute> userAttributes;
protected String IDManager;
// String getProxyGrantingTicket();
// String getAuthenticatedUser();
// SecurityError getException();
// boolean hasError();
// ErrorType getError();
// ReasonType getReason();
}

56
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/autho/AuthoObligation.java Normal file
View File

@ -0,0 +1,56 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.autho;
import java.net.URI;
import java.util.Collection;
import javax.xml.bind.annotation.XmlType;
@XmlType(namespace="http://aniketos.eu/autho")
public class AuthoObligation {
private Long id;
private String type;
private Collection<AuthoAttribute> parameters;
public AuthoObligation() {
}
public AuthoObligation(URI type) {
this.type = type.toString();
}
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
public String getType() {
return type;
}
public void setType(String type) {
this.type = type;
}
public Collection<AuthoAttribute> getParameters() {
return parameters;
}
public void setParameters(Collection<AuthoAttribute> parameters) {
this.parameters = parameters;
}
}

155
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/autho/AuthoResult.java Normal file
View File

@ -0,0 +1,155 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.autho;
import java.util.List;
import javax.xml.bind.annotation.XmlType;
import eu.aniketos.securebpmn.api.idm.IdInfo;
@XmlType(namespace="http://eu.aniketos/autho")
public class AuthoResult {
// public enum DECISION {
// DECISION_PERMIT,
// DECISION_DENY,
// DECISION_INDETERMINATE,
// DECISION_NOT_APPLICABLE,
// INVALID_DECISION;
//
// private String[] messages = { "Permit", "Deny",
// "Indeterminate",
// "NotApplicable", "Invalid" };
//
// public String getMessage() {
// return messages[this.ordinal()];
// }
//
// public static DECISION getFromInt(int decision) {
// switch (decision) {
// case 0:
// return DECISION_PERMIT;
// case 1:
// return DECISION_DENY;
// case 2:
// return DECISION_INDETERMINATE;
// case 3:
// return DECISION_NOT_APPLICABLE;
// case 5:
// return INVALID_DECISION;
// }
// return null;
// }
// }
private Long evaluationId;
private Long id;
/**
* The user for which the evaluation was done. Especially needed, if the
* pep provides the raw AuthInfo to the PDP
*/
private IdInfo idInfo;
private Decision decision;
private List<String> statusCode;
private String statusMessage;
private List<AuthoAttribute> missingAttributes;
private List<AuthoObligation> obligations;
public String toString() {
StringBuffer buff =new StringBuffer(decision.toString());
buff.append(", statusCodes: ");
for (String code : statusCode) {
buff.append(code); buff.append(", ");
}
buff.append(", statusMessage: "); buff.append(statusMessage);
buff.append(" obligations: "); buff.append(obligations == null ? "null" : obligations.size());
return buff.toString();
}
public IdInfo getIdInfo() {
return idInfo;
}
public void setIdInfo(IdInfo idInfo) {
this.idInfo = idInfo;
}
public Decision getDecision() {
return decision;
}
public void setDecision(Decision decision) {
this.decision = decision;
}
public List<AuthoAttribute> getMissingAttributes() {
return missingAttributes;
}
public void setMissingAttributes(List<AuthoAttribute> missingAttributes) {
this.missingAttributes = missingAttributes;
}
public List<AuthoObligation> getObligations() {
return obligations;
}
public void setObligations(List<AuthoObligation> obligations) {
this.obligations = obligations;
}
public void setEvaluationId(Long evaluationId) {
this.evaluationId = evaluationId;
}
public Long getEvaluationId() {
return evaluationId;
}
public void setId(Long id) {
this.id = id;
}
public Long getId() {
return id;
}
public List<String> getStatusCode() {
return statusCode;
}
public void setStatusCode(List<String> statusCode) {
this.statusCode = statusCode;
}
public String getStatusMessage() {
return statusMessage;
}
public void setStatusMessage(String statusMessage) {
this.statusMessage = statusMessage;
}
}

52
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/autho/Decision.java Normal file
View File

@ -0,0 +1,52 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.autho;
import javax.xml.bind.annotation.XmlType;
@XmlType(namespace="http://aniketos.eu/autho")
public enum Decision {
DECISION_PERMIT,
DECISION_DENY,
DECISION_INDETERMINATE,
DECISION_NOT_APPLICABLE,
INVALID_DECISION;
private String[] messages = { "Permit", "Deny",
"Indeterminate",
"NotApplicable", "Invalid" };
public String getMessage() {
return messages[this.ordinal()];
}
public static Decision getFromInt(int decision) {
switch (decision) {
case 0:
return DECISION_PERMIT;
case 1:
return DECISION_DENY;
case 2:
return DECISION_INDETERMINATE;
case 3:
return DECISION_NOT_APPLICABLE;
case 5:
return INVALID_DECISION;
}
return null;
}
}

75
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/autho/DesignatorAttribute.java Normal file
View File

@ -0,0 +1,75 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.autho;
import java.net.URI;
import java.util.List;
import java.util.Vector;
/**
*
* Attribtues resolved at runtime by the com.sun.xacml.attr.AttributeDesignator
*
*/
public class DesignatorAttribute {
protected AttributeIdentifier attrId;
protected List<String> values;
public DesignatorAttribute(AttributeIdentifier attrId) {
this.attrId = attrId;
}
public DesignatorAttribute(URI attributeId, URI dataType, URI categoryId) {
this.attrId = new AttributeIdentifier(categoryId, dataType, attributeId, null);
}
public AttributeIdentifier getAttrId() {
return attrId;
}
public void setAttrId(AttributeIdentifier attrId) {
this.attrId = attrId;
}
public List<String> getValues() {
return values;
}
public void setValues(List<String> values) {
this.values = values;
}
public void addBagValue(String bagValue) {
if ( values == null ) {
values = new Vector<String>();
}
values.add(bagValue);
}
public List<String> getBagValues() {
return this.values;
}
public boolean isSingleValue() {
return values!= null && values.size() == 1 ? true : false;
}
public boolean isEmptyValue() {
return values == null ? true : false;
}
}

24
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/autho/IAuthoManager.java Normal file
View File

@ -0,0 +1,24 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.autho;
import eu.aniketos.securebpmn.api.idm.IdInfo;
public interface IAuthoManager {
AuthoInfo getIdentityInformation(IdInfo idInfo);
}

36
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/autho/IContextProvider.java Normal file
View File

@ -0,0 +1,36 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.autho;
import java.util.List;
public interface IContextProvider {
/**
* resolves one attribute
*
* writes the result to attr and returns it as string
*
* @param attr
* @return
*/
String resolveAttribute(AuthoAttribute attr);
/**
* resolves a set of attributes, returns number of errors
* @param attr
* @return
*/
int resolveAttributes(List<AuthoAttribute> attr);
}

28
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/autho/IObligationService.java Normal file
View File

@ -0,0 +1,28 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.autho;
import java.util.List;
public interface IObligationService {
public boolean supportsObligation(AuthoObligation obligation);
public boolean fulfillObligation(AuthoObligation obligation);
public boolean fulfillObligation(List<AuthoObligation> obligation);
}

42
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/autho/IPDP.java Normal file
View File

@ -0,0 +1,42 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.autho;
import java.util.List;
import javax.jws.WebParam;
import javax.jws.WebService;
import eu.aniketos.securebpmn.api.SecurityError;
import eu.aniketos.securebpmn.api.idm.IdInfo;
@WebService(targetNamespace="aniketos.eu/autho")
public interface IPDP {
String evaluateXACML(@WebParam(name="xacmlRequ")String xacmlRequest) throws SecurityError;
AuthoResult evaluate(@WebParam(name="idInfo") IdInfo idInfo,
@WebParam(name="resource") String resource,
@WebParam(name="action")String action,
@WebParam(name="attributes") List<AuthoAttribute> attributes) throws SecurityError;
String getXACMLPEPConfig();
boolean logBreakGlassAccess(@WebParam(name="evaluationId") long evaluationId, @WebParam(name="justification") String justification);
void notifyStateChange(@WebParam(name="evaluationId") long evaluationId) throws SecurityError;
}

37
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/autho/IPDPManagement.java Normal file
View File

@ -0,0 +1,37 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.autho;
import java.util.List;
public interface IPDPManagement {
long loadPolicyVersion(long version);
boolean setEmergencyLeve(long level, boolean active);
// role management
List<String> getRoles(String userId);
void addRole(String userId, String role);
void removeRole(String userId, String role);
//patient - physician relationship
}

35
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/autho/IPDPStateManagement.java Normal file
View File

@ -0,0 +1,35 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.autho;
import eu.aniketos.securebpmn.api.SecurityError;
import eu.aniketos.securebpmn.api.log.AccessControlRequest;
/**
*
* This interface allows the PDP to pass an access control request
* to the PDP State module and update the pdp state according to the
* executed action
*
*/
public interface IPDPStateManagement {
/**
* update the PDPState according to the access control request
* @param execRequest
*/
void updatePDPState(AccessControlRequest execRequest) throws SecurityError;
}

63
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/idm/AuthInfo.java Normal file
View File

@ -0,0 +1,63 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.idm;
/**
* contains (technology neutral) authentication information information, e.g.,
* <ul>
* <li>SAML Token</li>
* <li>CAS Token</li>
* <li>OpenID Token</li>
* </ul>
*
*/
public class AuthInfo {
protected String authProviderId;
protected String token;
protected IdInfo idInfo;
public AuthInfo() {
}
public AuthInfo(String authProviderId, String token) {
this.authProviderId = authProviderId;
this.token = token;
}
protected AuthInfo(IdInfo idInfo) {
this.idInfo = idInfo;
}
public String getAuthProviderId() {
return authProviderId;
}
public void setAuthProviderId(String authProviderId) {
this.authProviderId = authProviderId;
}
public String getToken() {
return token;
}
public void setToken(String token) {
this.token = token;
}
}

38
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/idm/IIDProvider.java Normal file
View File

@ -0,0 +1,38 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.idm;
/**
*
* Resovles the AuthInfo with aim of a ID Provider
*
*
*/
public interface IIDProvider {
/**
* Resolved the AuthInfo t
*
* @param authInfo
* @return
*/
IdInfo authenticate(AuthInfo authInfo);
boolean isValidInfo(String info);
AuthInfo createAuthInfo(String info);
String getProviderID();
}

23
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/idm/IIDProviderFactory.java Normal file
View File

@ -0,0 +1,23 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.idm;
import java.net.URL;
public interface IIDProviderFactory {
IIDProvider getClient(URL casServer, URL service);
IIDProviderProxy getProxyClient(URL casServer, URL service);
}

26
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/idm/IIDProviderProxy.java Normal file
View File

@ -0,0 +1,26 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.idm;
import java.net.URL;
public interface IIDProviderProxy extends IIDProvider {
IdInfo authenticate(AuthInfo authInfo, boolean proxy);
String getProxyTicket(IdInfo idInfo, URL targetService);
}

55
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/idm/ITicketProvider.java Normal file
View File

@ -0,0 +1,55 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.idm;
import java.net.URL;
import eu.aniketos.securebpmn.api.SecurityError;
public interface ITicketProvider {
/**
* This method logs in at the SSO Engine (i.e., the CAS Server)
* <br/>
* In case of <b>any error</b> (e.g., ConnectException, IOException) which result out of an
* incorrect infrastructure, this functions returns null, which signals "not logged in"
*
* @param username used to login at the SSO Engine (i.e., CAS Server)
* @param password used to login at the SSO Engine (i.e., CAS Server)
* @return the value of the Ticket Granting Cookie. <b>CAUTION</b> If the return value is null,
* the login has not been successful, it has to be called login again!
*/
public String login(String username, String password) throws SecurityError;
/**
* This function is used for every (Web Service) Call that is done in the SoKNOS system, as for each of these
* call a Service Ticket (CAS Ticket) is required.
*
* @param service The URL of the service for which the service ticket is required
* @return
* @throws InvalidCASTicketException This exception is thrown, if there is no valid CAS Ticket available (i.e.,
* the user is not logged in or the CAS session expired, etc.)
*/
public AuthInfo getServiceTicket(URL service) throws SecurityError;
/**
* Invalidates any existing active session. If no active session is available, no error is thrown. If
* this function is called, for further getServiceTicket() calls a (re)login is required
*
* @return <b>true</b>, if logout has been successful or no active session was found and <b>false</b>,
* if any error occured (e.g., network error)
*/
public boolean logout();
}

22
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/idm/ITicketProviderFactory.java Normal file
View File

@ -0,0 +1,22 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.idm;
import java.net.URL;
public interface ITicketProviderFactory {
ITicketProvider getTicketProvider(URL idProvder);
}

94
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/idm/IdInfo.java Normal file
View File

@ -0,0 +1,94 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.idm;
import java.util.List;
import javax.xml.bind.annotation.XmlType;
/**
*
* Contains authentication information (ID Provider) and authorization
* relevant information (identity management) about the user
*
*/
@XmlType(namespace="http://idm.aniketos.eu/")
public class IdInfo {
//the resolved userID
protected String userId; // Required
//ID Provider which was used to resolve the userID
protected String IdProvider; // Required
//List of services which are in the call chain to the current instance
protected List<String> callChain; // Optional, technology dependant, e.g., CAS
public IdInfo(String userId) {
this.userId = userId;
}
public IdInfo(String userId, String IdProvider, List<String> callChaind) {
this.userId = userId;
this.IdProvider = IdProvider;
this.callChain = callChaind;
}
protected IdInfo(IdInfo copy) {
this.userId = copy.userId;
this.IdProvider = copy.IdProvider;
this.callChain = copy.callChain;
}
protected IdInfo() {
}
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public String getIdProvider() {
return IdProvider;
}
public void setIdProvider(String idProvider) {
IdProvider = idProvider;
}
public List<String> getCallChain() {
return callChain;
}
public void setCallChain(List<String> callChain) {
this.callChain = callChain;
}
}

216
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/log/AccessControlRequest.java Normal file
View File

@ -0,0 +1,216 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.log;
import java.net.URI;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import eu.aniketos.securebpmn.api.autho.AuthoAttribute;
import eu.aniketos.securebpmn.api.autho.AuthoObligation;
import eu.aniketos.securebpmn.api.autho.AuthoResult;
import eu.aniketos.securebpmn.api.autho.DesignatorAttribute;
import eu.aniketos.securebpmn.api.idm.IdInfo;
public class AccessControlRequest extends LogEntry {
private Long evaluationId;
private long policyVersion;
private Date execTime;
//request part
private IdInfo idInfo;
private URI resource;
private String action;
private Collection<AuthoAttribute> attributes;
//RequestCtx
private Object request;
private String xacmlRequest;
private AuthoResult result;
private List<AuthoObligation> obligations;
private List<DesignatorAttribute> designAttrs;
//ResponseCtx
private Object response;
private String xacmlResponse;
private long duration;
private String errorMessage;
public AccessControlRequest() {
super(null, Log_Type.ACCESS_REQUEST);
}
public AccessControlRequest(Long evaluationId, String xacmlRequest) {
super(new Date(), Log_Type.ACCESS_REQUEST);
this.evaluationId = evaluationId;
this.xacmlRequest = xacmlRequest;
}
public AccessControlRequest(Long evaluationId, IdInfo idInfo,
URI resource, String action, List<AuthoAttribute> attributes) {
super(new Date(), Log_Type.ACCESS_REQUEST);
this.evaluationId = evaluationId;
this.idInfo = idInfo;
this.resource = resource;
this.action = action;
this.attributes = attributes;
}
public void finished(Object request, Object response, String xacmlResponse,
Date execTime, long policyVersion,
List<DesignatorAttribute> designAttrs) {
duration = new Date().getTime() - getArrival().getTime();
this.setRequest(request);
this.setResponse(response);
this.execTime = execTime;
this.policyVersion = policyVersion;
this.xacmlResponse = xacmlResponse;
this.designAttrs = designAttrs;
}
public void finished(Object request, Object response, AuthoResult result,
Date execTime, long policyVersion,
List<DesignatorAttribute> designAttrs) {
duration = new Date().getTime() - getArrival().getTime();
this.setRequest(request);
this.setResponse(response);
this.execTime = execTime;
this.policyVersion = policyVersion;
this.result = result;
this.designAttrs = designAttrs;
}
public Long getEvaluationId() {
return evaluationId;
}
public void setEvaluationId(Long evaluationId) {
this.evaluationId = evaluationId;
}
public String getXacmlRequest() {
return xacmlRequest;
}
public void setXacmlRequest(String xacmlRequest) {
this.xacmlRequest = xacmlRequest;
}
public URI getResource() {
return resource;
}
public void setResource(URI resource) {
this.resource = resource;
}
public String getAction() {
return action;
}
public void setAction(String action) {
this.action = action;
}
public Collection<AuthoAttribute> getAttributes() {
return attributes;
}
public void setAttributes(Collection<AuthoAttribute> attributes) {
this.attributes = attributes;
}
public AuthoResult getResult() {
return result;
}
public void setResult(AuthoResult result) {
this.result = result;
}
public long getDuration() {
return duration;
}
public void setDuration(long duration) {
this.duration = duration;
}
public void setErrorMessage(String errorMessage) {
this.errorMessage = errorMessage;
}
public String getErrorMessage() {
return errorMessage;
}
public void setXacmlResponse(String xacmlResponse) {
this.xacmlResponse = xacmlResponse;
}
public String getXacmlResponse() {
return xacmlResponse;
}
public void setObligations(List<AuthoObligation> obligations) {
this.obligations = obligations;
}
public List<AuthoObligation> getObligations() {
return obligations;
}
public void setPolicyVersion(long policyVersion) {
this.policyVersion = policyVersion;
}
public long getPolicyVersion() {
return policyVersion;
}
public void setRequest(Object request) {
this.request = request;
}
public Object getRequest() {
return request;
}
public void setResponse(Object response) {
this.response = response;
}
public Object getResponse() {
return response;
}
public List<DesignatorAttribute> getDesignatorAttributes() {
return this.designAttrs;
}
public void setDesignatorAttributes(List<DesignatorAttribute> designAttrs) {
this.designAttrs = designAttrs;
}
public IdInfo getIdInfo() {
return idInfo;
}
public void setIdInfo(IdInfo idInfo) {
this.idInfo = idInfo;
}
public Date getExecTime() {
return execTime;
}
public void setExecTime(Date execTime) {
this.execTime = execTime;
}
}

59
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/log/EventNotification.java Normal file
View File

@ -0,0 +1,59 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.log;
import java.util.Date;
public class EventNotification extends LogEntry {
protected EventNotification(Date arrival, Log_Type type) {
super(arrival, type);
}
private Long id;
private Long evaluationId;
private Log_Type type;
private String message;
public Long getEvaluationId() {
return evaluationId;
}
public void setEvaluationId(Long evaluationId) {
this.evaluationId = evaluationId;
}
public Log_Type getType() {
return type;
}
public void setType(Log_Type type) {
this.type = type;
}
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
public void setId(Long id) {
this.id = id;
}
public Long getId() {
return id;
}
}

42
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/log/ILogStore.java Normal file
View File

@ -0,0 +1,42 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.log;
public interface ILogStore {
/**
* store the provided AccessControlRequest to the log store;
* this function should not block and return immediately, i.e.,
* the request should be put on a queue and handled by another
* thread
* @param requ
*/
void storeAccessControlRequest(AccessControlRequest requ);
boolean logBreakGlassAccess();
boolean shutdown();
/**
* returns a new unique ID; this ID should be used to create a new
* AccessControlRequest
* @return
*/
Long getNewEvaluationId();
AccessControlRequest getAccessControlRequest(Long evaluationId);
}

49
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/log/LogEntry.java Normal file
View File

@ -0,0 +1,49 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.log;
import java.util.Date;
public abstract class LogEntry {
public enum Log_Type {
ACCESS_REQUEST,
BREAK_GLASS
}
protected LogEntry(Date arrival, Log_Type type) {
this.arrival = arrival;
this.type = type;
}
private Date arrival;
// private byte[] chkSum;
//
// private Long previous;
private Log_Type type;
public Date getArrival() {
return arrival;
}
public void setArrival(Date arrival) {
this.arrival = arrival;
}
public Log_Type getLogtype() {
return type;
}
}

22
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/pep/IObligationContext.java Normal file
View File

@ -0,0 +1,22 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.pep;
import eu.aniketos.securebpmn.api.autho.AuthoObligation;
public interface IObligationContext {
public void fulfill(AuthoObligation obligation);
}

29
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/pep/IPEP.java Normal file
View File

@ -0,0 +1,29 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.pep;
import java.util.List;
import eu.aniketos.securebpmn.api.autho.AuthoAttribute;
import eu.aniketos.securebpmn.api.idm.IdInfo;
public interface IPEP {
boolean authorized(String subjectId, String resource, String action, List<AuthoAttribute> ctxAttrs);
boolean authorized(IdInfo idInfo, String resource, String action, List<AuthoAttribute> ctxAttrs);
}

22
src/eu.aniketos.securebpmn.xacml.api/src/main/java/eu/aniketos/securebpmn/api/pep/IPEPProxy.java Normal file
View File

@ -0,0 +1,22 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.api.pep;
import eu.aniketos.securebpmn.api.idm.IIDProviderProxy;
public interface IPEPProxy extends IIDProviderProxy {
}

53
src/eu.aniketos.securebpmn.xacml.api/src/test/java/eu/aniketos/securebpmn/xacml/api/AppTest.java Normal file
View File

@ -0,0 +1,53 @@
/* Copyright 2012-2015 SAP SE
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.aniketos.securebpmn.xacml.api;
import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;
/**
* Unit test for simple App.
*/
public class AppTest
extends TestCase
{
/**
* Create the test case
*
* @param testName name of the test case
*/
public AppTest( String testName )
{
super( testName );
}
/**
* @return the suite of tests being tested
*/
public static Test suite()
{
return new TestSuite( AppTest.class );
}
/**
* Rigourous Test :-)
*/
public void testApp()
{
assertTrue( true );
}
}

1
src/eu.aniketos.securebpmn.xacml.parent/pom.xml
View File

@ -12,6 +12,7 @@
<modules>
<module>../com.sun.xacml</module>
<module>../com.sun.xacml.support</module>
<module>../eu.aniketos.securebpmn.xacml.api</module>
</modules>
<build>
<plugins>