Initial commit.
This commit is contained in:
parent
9e46082e2d
commit
998a7eb2e1
|
@ -0,0 +1,76 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
<parent>
|
||||||
|
<groupId>eu.aniketos.securebpmn.xacml</groupId>
|
||||||
|
<artifactId>eu.aniketos.securebpmn.xacml.parent</artifactId>
|
||||||
|
<version>1.0</version>
|
||||||
|
<relativePath>../eu.aniketos.securebpmn.xacml.parent/pom.xml</relativePath>
|
||||||
|
</parent>
|
||||||
|
<artifactId>eu.aniketos.securebpmn.xacml.api</artifactId>
|
||||||
|
<version>0.1</version>
|
||||||
|
<packaging>jar</packaging>
|
||||||
|
<name>SecureBPMN XACML - Core API</name>
|
||||||
|
<url>http://maven.apache.org</url>
|
||||||
|
<properties>
|
||||||
|
<cxf-version>2.5.1</cxf-version>
|
||||||
|
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
||||||
|
</properties>
|
||||||
|
<build>
|
||||||
|
<finalName>${artifactId}</finalName>
|
||||||
|
<plugins>
|
||||||
|
<!-- Java 1.5 -->
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
|
<artifactId>maven-compiler-plugin</artifactId>
|
||||||
|
<configuration>
|
||||||
|
<source>1.5</source>
|
||||||
|
<target>1.5</target>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
|
<!-- Java2WS -->
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.cxf</groupId>
|
||||||
|
<artifactId>cxf-java2ws-plugin</artifactId>
|
||||||
|
<!-- version>${cxf-version}</version -->
|
||||||
|
<version>${cxf-version}</version>
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.apache.cxf</groupId>
|
||||||
|
<artifactId>cxf-rt-frontend-jaxws</artifactId>
|
||||||
|
<!-- version>${cxf-version}</version -->
|
||||||
|
<version>${cxf-version}</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.apache.cxf</groupId>
|
||||||
|
<artifactId>cxf-rt-frontend-simple</artifactId>
|
||||||
|
<!-- version>${cxf-version}</version -->
|
||||||
|
<version>${cxf-version}</version>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>process-classes</id>
|
||||||
|
<phase>process-classes</phase>
|
||||||
|
<configuration>
|
||||||
|
<className>eu.aniketos.securebpmn.xacml.api.autho.IPDP</className>
|
||||||
|
<genWsdl>true</genWsdl>
|
||||||
|
<verbose>true</verbose>
|
||||||
|
</configuration>
|
||||||
|
<goals>
|
||||||
|
<goal>java2ws</goal>
|
||||||
|
</goals>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>junit</groupId>
|
||||||
|
<artifactId>junit</artifactId>
|
||||||
|
<version>[4.8,)</version>
|
||||||
|
<scope>test</scope>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
</project>
|
|
@ -0,0 +1,61 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
<parent>
|
||||||
|
<groupId>eu.aniketos.securebpmn.xacml</groupId>
|
||||||
|
<artifactId>eu.aniketos.securebpmn.xacml.parent</artifactId>
|
||||||
|
<version>1.0</version>
|
||||||
|
<relativePath>../eu.aniketos.securebpmn.xacml.parent/pom.xml</relativePath>
|
||||||
|
</parent>
|
||||||
|
<artifactId>pdp-wsdlclient</artifactId>
|
||||||
|
<packaging>jar</packaging>
|
||||||
|
<version>0.1</version>
|
||||||
|
<name>pdp</name>
|
||||||
|
<url>http://maven.apache.org</url>
|
||||||
|
<build>
|
||||||
|
<finalName>${artifactId}</finalName>
|
||||||
|
<sourceDirectory>target/generated/cxf/src</sourceDirectory>
|
||||||
|
<outputDirectory>target/generated/cxf/bin</outputDirectory>
|
||||||
|
<plugins>
|
||||||
|
<!-- Java 1.5 -->
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
|
<artifactId>maven-compiler-plugin</artifactId>
|
||||||
|
<configuration>
|
||||||
|
<source>1.5</source>
|
||||||
|
<target>1.5</target>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
|
<!-- generate java files from wsdl -->
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.cxf</groupId>
|
||||||
|
<artifactId>cxf-codegen-plugin</artifactId>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>generate-sources</id>
|
||||||
|
<phase>generate-sources</phase>
|
||||||
|
<configuration>
|
||||||
|
<sourceRoot>${project.build.directory}/generated/cxf/src</sourceRoot>
|
||||||
|
<wsdlOptions>
|
||||||
|
<wsdlOption>
|
||||||
|
<wsdl>${project.build.directory}/generated/wsdl/IPDP.wsdl</wsdl>
|
||||||
|
</wsdlOption>
|
||||||
|
</wsdlOptions>
|
||||||
|
</configuration>
|
||||||
|
<goals>
|
||||||
|
<goal>wsdl2java</goal>
|
||||||
|
</goals>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>junit</groupId>
|
||||||
|
<artifactId>junit</artifactId>
|
||||||
|
<version>3.8.1</version>
|
||||||
|
<scope>test</scope>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
</project>
|
|
@ -0,0 +1,29 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api;
|
||||||
|
|
||||||
|
import javax.xml.bind.annotation.XmlType;
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* Defines the main type of the SecurityError
|
||||||
|
*/
|
||||||
|
@XmlType(namespace="http://aniketos.eu/")
|
||||||
|
public enum ErrorType {
|
||||||
|
AUTHENTICATION_FAILED,
|
||||||
|
AUTHORIZATION_FAILED,
|
||||||
|
CONFIGURATION_ERROR
|
||||||
|
}
|
|
@ -0,0 +1,39 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api;
|
||||||
|
|
||||||
|
import javax.xml.bind.annotation.XmlType;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Defines a more detailed reason for the error
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
@XmlType(namespace="http://aniketos.eu/")
|
||||||
|
public enum ReasonType {
|
||||||
|
SSO_ENGINE_ERROR,
|
||||||
|
MISSING_CAS_TICKET,
|
||||||
|
MISSING_USER,
|
||||||
|
INVALID_CAS_TICKET,
|
||||||
|
INVALID_USERNAME_PASSWORD,
|
||||||
|
CAS_TICKET_WRONG_SERVICE,
|
||||||
|
|
||||||
|
INVALID_PARAMETERS,
|
||||||
|
PDE_ENGINE_ERROR,
|
||||||
|
BREAK_GLASS,
|
||||||
|
UNDEFINED_POLICY,
|
||||||
|
INVALID_XACML,
|
||||||
|
DENY
|
||||||
|
}
|
|
@ -0,0 +1,199 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api;
|
||||||
|
|
||||||
|
import javax.xml.ws.WebFault;
|
||||||
|
|
||||||
|
|
||||||
|
@WebFault(targetNamespace="aniketos.eu/") //, name="SecurityError" name="eu.aniketos.SecurityError", faultBean="eu.aniketos.SecurityError
|
||||||
|
public class SecurityError extends Exception {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = 1031874369988364332L;
|
||||||
|
|
||||||
|
protected ErrorType error;
|
||||||
|
protected ReasonType reason;
|
||||||
|
|
||||||
|
protected String message;
|
||||||
|
|
||||||
|
protected long evaluationId;
|
||||||
|
|
||||||
|
private static final String[] error_messages = {
|
||||||
|
"Authentication failed",
|
||||||
|
"Authorization failed",
|
||||||
|
"Configuration error"
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
private static final String[] reason_messages = {
|
||||||
|
"SSO Engine error",
|
||||||
|
"Missing Security Token",
|
||||||
|
"Missing authenticated user",
|
||||||
|
"Invalid Security Token",
|
||||||
|
"Invalid Username or Password",
|
||||||
|
"Security Token not valid for requested service",
|
||||||
|
|
||||||
|
"Invalid parameters",
|
||||||
|
"PDE Engine error",
|
||||||
|
"Access requires break-glass",
|
||||||
|
"No policy defined for requested resource",
|
||||||
|
"Invalid XACML Defintion",
|
||||||
|
"User is not permitted to access the requested resource"
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creating a new SecurityError, message is generated from error and reason
|
||||||
|
*
|
||||||
|
* @param error
|
||||||
|
* @param reason
|
||||||
|
*/
|
||||||
|
public SecurityError(ErrorType error, ReasonType reason) {
|
||||||
|
super(generateMessage(error, reason));
|
||||||
|
this.message = super.getMessage();
|
||||||
|
this.error = error;
|
||||||
|
this.reason = reason;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creating a new SecurityError, message is generated from error and reason, enhanced with additionalMessage
|
||||||
|
*
|
||||||
|
* @param error
|
||||||
|
* @param reason
|
||||||
|
* @param additionalMessage
|
||||||
|
*/
|
||||||
|
public SecurityError(ErrorType error, ReasonType reason, String additionalMessage) {
|
||||||
|
super(generateMessage(error, reason, additionalMessage));
|
||||||
|
this.message = super.getMessage();
|
||||||
|
this.error = error;
|
||||||
|
this.reason = reason;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creating a new SecurityError, message is generated from error and reason
|
||||||
|
*
|
||||||
|
* @param error
|
||||||
|
* @param reason
|
||||||
|
* @param exception
|
||||||
|
*/
|
||||||
|
public SecurityError(ErrorType error, ReasonType reason, Throwable exception) {
|
||||||
|
super(generateMessage(error, reason), exception);
|
||||||
|
this.message = super.getMessage();
|
||||||
|
this.error = error;
|
||||||
|
this.reason = reason;
|
||||||
|
}
|
||||||
|
/**
|
||||||
|
* Creating a new SecurityError, message is generated from error and reason, enhanced with additionalMessage
|
||||||
|
*
|
||||||
|
* @param error
|
||||||
|
* @param reason
|
||||||
|
* @param additionalMessage
|
||||||
|
* @param exception
|
||||||
|
*/
|
||||||
|
public SecurityError(ErrorType error, ReasonType reason, String additionalMessage, Throwable exception) {
|
||||||
|
super(generateMessage(error, reason, additionalMessage), exception);
|
||||||
|
this.message = super.getMessage();
|
||||||
|
this.error = error;
|
||||||
|
this.reason = reason;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creating a new Security Error with a free defined message. Should only be used to create a new SecurityError in Proxies, wrapping a received error
|
||||||
|
* @param message
|
||||||
|
* @param error
|
||||||
|
* @param reason
|
||||||
|
*/
|
||||||
|
public SecurityError(String message, ErrorType error, ReasonType reason) {
|
||||||
|
super(message);
|
||||||
|
this.message = super.getMessage();
|
||||||
|
this.error = error;
|
||||||
|
this.reason = reason;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* returns the main error type for this SecurityError
|
||||||
|
*
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
|
public ErrorType getError() {
|
||||||
|
return error;
|
||||||
|
}
|
||||||
|
/**
|
||||||
|
* should not be used to create a new message; is required for web service interfaces
|
||||||
|
* @param error
|
||||||
|
*/
|
||||||
|
public void setError(ErrorType error) {
|
||||||
|
this.error = error;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* returns the more detailed reason for this SecurityError
|
||||||
|
*
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
|
public ReasonType getReason() {
|
||||||
|
return reason;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* should not be used to create a new message; is required for web service interfaces
|
||||||
|
* @param reason
|
||||||
|
*/
|
||||||
|
public void setReason(ReasonType reason) {
|
||||||
|
this.reason = reason;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getMessage() {
|
||||||
|
return this.message;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* DO NOT USE! Required for SCA
|
||||||
|
* @param message
|
||||||
|
*/
|
||||||
|
public void setMessage(String message) {
|
||||||
|
//required for SCA? i.e., finding "message" as attribute with getters and setters
|
||||||
|
this.message = message;
|
||||||
|
}
|
||||||
|
|
||||||
|
public long getEvaluationId() {
|
||||||
|
return evaluationId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setEvaluationId(long evaluationId) {
|
||||||
|
this.evaluationId = evaluationId;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// /**
|
||||||
|
// * DO NOT USE! Required for SCA
|
||||||
|
// *
|
||||||
|
// */
|
||||||
|
// public SecurityError() {
|
||||||
|
//
|
||||||
|
// }
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
private static String generateMessage(ErrorType error, ReasonType reason) {
|
||||||
|
return error_messages[error.ordinal()] + ": " + reason_messages[reason.ordinal()];
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
private static String generateMessage(ErrorType error, ReasonType reason, String additionalMessage) {
|
||||||
|
return generateMessage(error, reason) + " (" + additionalMessage + ")";
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,99 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.autho;
|
||||||
|
|
||||||
|
import java.net.URI;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* Allows to identify attributes by its defining URIs, e.g., as key for hash tables
|
||||||
|
* <br/>
|
||||||
|
* As attributes within xacml cannot be uniquely identified using their java objects, this
|
||||||
|
* class can be used as such a unique identification
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
public class AttributeIdentifier {
|
||||||
|
|
||||||
|
protected URI category, attributeType, attributeId, issuer;
|
||||||
|
|
||||||
|
public AttributeIdentifier(URI category, URI attributeType, URI attributeId, URI issuer) {
|
||||||
|
if ( category == null || attributeId == null || attributeType == null ) {
|
||||||
|
throw new RuntimeException("category, type and ID must not be null!");
|
||||||
|
}
|
||||||
|
this.category = category;
|
||||||
|
this.attributeType = attributeType;
|
||||||
|
this.attributeId = attributeId;
|
||||||
|
this.issuer = issuer;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public AttributeIdentifier() {
|
||||||
|
//needed for web service stuff.. should not be used otherwise
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public int hashCode() {
|
||||||
|
if ( issuer == null ) {
|
||||||
|
return category.hashCode() + attributeId.hashCode() + attributeType.hashCode();
|
||||||
|
} else {
|
||||||
|
return category.hashCode() + attributeId.hashCode() + attributeType.hashCode() + issuer.hashCode();
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean equals(Object o) {
|
||||||
|
if ( o instanceof AttributeIdentifier) {
|
||||||
|
AttributeIdentifier a = (AttributeIdentifier) o;
|
||||||
|
if ( this.category.equals(a.category) &&
|
||||||
|
this.attributeType.equals(a.attributeType) &&
|
||||||
|
this.attributeId.equals(a.attributeId) &&
|
||||||
|
((this.issuer == null && a.issuer == null) || this.issuer.equals(a.issuer))) {
|
||||||
|
return true;
|
||||||
|
} else {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
} else {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String toString() {
|
||||||
|
return "[category]" + category + "[category];[type]" + attributeType + "[type];[id]" + attributeId + "[id];[issuer]" + issuer + "[issuer]";
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public URI getCategory() {
|
||||||
|
return category;
|
||||||
|
}
|
||||||
|
|
||||||
|
public URI getAttributeType() {
|
||||||
|
return attributeType;
|
||||||
|
}
|
||||||
|
|
||||||
|
public URI getAttributeId() {
|
||||||
|
return attributeId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public URI getIssuer() {
|
||||||
|
return issuer;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,83 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.autho;
|
||||||
|
|
||||||
|
import java.net.URI;
|
||||||
|
|
||||||
|
import javax.xml.bind.annotation.XmlType;
|
||||||
|
|
||||||
|
@XmlType(namespace="http://aniketos.eu/autho")
|
||||||
|
public class AuthoAttribute {
|
||||||
|
|
||||||
|
public static final URI OBLIGATION_CATEGORY = URI.create("urn:category:obligation");
|
||||||
|
|
||||||
|
enum STATUS {
|
||||||
|
MISSING,
|
||||||
|
RESOLVED,
|
||||||
|
RESOLUTION_ERROR
|
||||||
|
}
|
||||||
|
private Long id;
|
||||||
|
|
||||||
|
protected AttributeIdentifier attrId;
|
||||||
|
protected String value;
|
||||||
|
|
||||||
|
protected boolean underRevision;
|
||||||
|
|
||||||
|
//TODO save, if -) within initial request -) requested through
|
||||||
|
public static final int INITIAL_REQUST = 0x1, ATTR_RESOLVER = 0x2;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
public AuthoAttribute() {
|
||||||
|
// needed for web service stuff
|
||||||
|
}
|
||||||
|
|
||||||
|
public AuthoAttribute(AttributeIdentifier attrId, String value) {
|
||||||
|
this.attrId = attrId;
|
||||||
|
this.value = value;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
public AuthoAttribute(URI categoryId, URI attributeId, URI dataType, String value) {
|
||||||
|
this.attrId = new AttributeIdentifier(categoryId, dataType, attributeId, null);
|
||||||
|
this.value = value;
|
||||||
|
}
|
||||||
|
|
||||||
|
public AttributeIdentifier getAttributeIdentifier() {
|
||||||
|
return this.attrId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setAttributeIdentifier(AttributeIdentifier attrId) {
|
||||||
|
this.attrId = attrId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getValue() {
|
||||||
|
return value;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setValue(String value) {
|
||||||
|
this.value = value;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setId(Long id) {
|
||||||
|
this.id = id;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Long getId() {
|
||||||
|
return id;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,46 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.autho;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import eu.aniketos.securebpmn.api.idm.IdInfo;
|
||||||
|
|
||||||
|
public class AuthoInfo extends IdInfo {
|
||||||
|
|
||||||
|
public AuthoInfo() {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
public AuthoInfo(IdInfo idInfo) {
|
||||||
|
super(idInfo); //TODO copy arguments
|
||||||
|
}
|
||||||
|
|
||||||
|
//List of attributes assigned to the user, e.g., roles, etc.
|
||||||
|
//for usual, this information is obtained by the IDM
|
||||||
|
protected List<AuthoAttribute> userAttributes;
|
||||||
|
|
||||||
|
protected String IDManager;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
// String getProxyGrantingTicket();
|
||||||
|
// String getAuthenticatedUser();
|
||||||
|
// SecurityError getException();
|
||||||
|
// boolean hasError();
|
||||||
|
// ErrorType getError();
|
||||||
|
// ReasonType getReason();
|
||||||
|
}
|
|
@ -0,0 +1,56 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.autho;
|
||||||
|
|
||||||
|
import java.net.URI;
|
||||||
|
import java.util.Collection;
|
||||||
|
|
||||||
|
import javax.xml.bind.annotation.XmlType;
|
||||||
|
|
||||||
|
@XmlType(namespace="http://aniketos.eu/autho")
|
||||||
|
public class AuthoObligation {
|
||||||
|
|
||||||
|
private Long id;
|
||||||
|
private String type;
|
||||||
|
private Collection<AuthoAttribute> parameters;
|
||||||
|
|
||||||
|
public AuthoObligation() {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
public AuthoObligation(URI type) {
|
||||||
|
this.type = type.toString();
|
||||||
|
}
|
||||||
|
|
||||||
|
public Long getId() {
|
||||||
|
return id;
|
||||||
|
}
|
||||||
|
public void setId(Long id) {
|
||||||
|
this.id = id;
|
||||||
|
}
|
||||||
|
public String getType() {
|
||||||
|
return type;
|
||||||
|
}
|
||||||
|
public void setType(String type) {
|
||||||
|
this.type = type;
|
||||||
|
}
|
||||||
|
public Collection<AuthoAttribute> getParameters() {
|
||||||
|
return parameters;
|
||||||
|
}
|
||||||
|
public void setParameters(Collection<AuthoAttribute> parameters) {
|
||||||
|
this.parameters = parameters;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,155 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.autho;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import javax.xml.bind.annotation.XmlType;
|
||||||
|
|
||||||
|
import eu.aniketos.securebpmn.api.idm.IdInfo;
|
||||||
|
|
||||||
|
@XmlType(namespace="http://eu.aniketos/autho")
|
||||||
|
public class AuthoResult {
|
||||||
|
|
||||||
|
// public enum DECISION {
|
||||||
|
// DECISION_PERMIT,
|
||||||
|
// DECISION_DENY,
|
||||||
|
// DECISION_INDETERMINATE,
|
||||||
|
// DECISION_NOT_APPLICABLE,
|
||||||
|
// INVALID_DECISION;
|
||||||
|
//
|
||||||
|
// private String[] messages = { "Permit", "Deny",
|
||||||
|
// "Indeterminate",
|
||||||
|
// "NotApplicable", "Invalid" };
|
||||||
|
//
|
||||||
|
// public String getMessage() {
|
||||||
|
// return messages[this.ordinal()];
|
||||||
|
// }
|
||||||
|
//
|
||||||
|
// public static DECISION getFromInt(int decision) {
|
||||||
|
// switch (decision) {
|
||||||
|
// case 0:
|
||||||
|
// return DECISION_PERMIT;
|
||||||
|
// case 1:
|
||||||
|
// return DECISION_DENY;
|
||||||
|
// case 2:
|
||||||
|
// return DECISION_INDETERMINATE;
|
||||||
|
// case 3:
|
||||||
|
// return DECISION_NOT_APPLICABLE;
|
||||||
|
// case 5:
|
||||||
|
// return INVALID_DECISION;
|
||||||
|
// }
|
||||||
|
// return null;
|
||||||
|
// }
|
||||||
|
// }
|
||||||
|
|
||||||
|
private Long evaluationId;
|
||||||
|
|
||||||
|
private Long id;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The user for which the evaluation was done. Especially needed, if the
|
||||||
|
* pep provides the raw AuthInfo to the PDP
|
||||||
|
*/
|
||||||
|
private IdInfo idInfo;
|
||||||
|
|
||||||
|
private Decision decision;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
private List<String> statusCode;
|
||||||
|
|
||||||
|
private String statusMessage;
|
||||||
|
|
||||||
|
private List<AuthoAttribute> missingAttributes;
|
||||||
|
|
||||||
|
private List<AuthoObligation> obligations;
|
||||||
|
|
||||||
|
public String toString() {
|
||||||
|
StringBuffer buff =new StringBuffer(decision.toString());
|
||||||
|
buff.append(", statusCodes: ");
|
||||||
|
for (String code : statusCode) {
|
||||||
|
buff.append(code); buff.append(", ");
|
||||||
|
}
|
||||||
|
buff.append(", statusMessage: "); buff.append(statusMessage);
|
||||||
|
buff.append(" obligations: "); buff.append(obligations == null ? "null" : obligations.size());
|
||||||
|
return buff.toString();
|
||||||
|
}
|
||||||
|
|
||||||
|
public IdInfo getIdInfo() {
|
||||||
|
return idInfo;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setIdInfo(IdInfo idInfo) {
|
||||||
|
this.idInfo = idInfo;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Decision getDecision() {
|
||||||
|
return decision;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setDecision(Decision decision) {
|
||||||
|
this.decision = decision;
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<AuthoAttribute> getMissingAttributes() {
|
||||||
|
return missingAttributes;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setMissingAttributes(List<AuthoAttribute> missingAttributes) {
|
||||||
|
this.missingAttributes = missingAttributes;
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<AuthoObligation> getObligations() {
|
||||||
|
return obligations;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setObligations(List<AuthoObligation> obligations) {
|
||||||
|
this.obligations = obligations;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setEvaluationId(Long evaluationId) {
|
||||||
|
this.evaluationId = evaluationId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Long getEvaluationId() {
|
||||||
|
return evaluationId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setId(Long id) {
|
||||||
|
this.id = id;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Long getId() {
|
||||||
|
return id;
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<String> getStatusCode() {
|
||||||
|
return statusCode;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setStatusCode(List<String> statusCode) {
|
||||||
|
this.statusCode = statusCode;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getStatusMessage() {
|
||||||
|
return statusMessage;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setStatusMessage(String statusMessage) {
|
||||||
|
this.statusMessage = statusMessage;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,52 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.autho;
|
||||||
|
|
||||||
|
import javax.xml.bind.annotation.XmlType;
|
||||||
|
|
||||||
|
@XmlType(namespace="http://aniketos.eu/autho")
|
||||||
|
public enum Decision {
|
||||||
|
DECISION_PERMIT,
|
||||||
|
DECISION_DENY,
|
||||||
|
DECISION_INDETERMINATE,
|
||||||
|
DECISION_NOT_APPLICABLE,
|
||||||
|
INVALID_DECISION;
|
||||||
|
|
||||||
|
private String[] messages = { "Permit", "Deny",
|
||||||
|
"Indeterminate",
|
||||||
|
"NotApplicable", "Invalid" };
|
||||||
|
|
||||||
|
public String getMessage() {
|
||||||
|
return messages[this.ordinal()];
|
||||||
|
}
|
||||||
|
|
||||||
|
public static Decision getFromInt(int decision) {
|
||||||
|
switch (decision) {
|
||||||
|
case 0:
|
||||||
|
return DECISION_PERMIT;
|
||||||
|
case 1:
|
||||||
|
return DECISION_DENY;
|
||||||
|
case 2:
|
||||||
|
return DECISION_INDETERMINATE;
|
||||||
|
case 3:
|
||||||
|
return DECISION_NOT_APPLICABLE;
|
||||||
|
case 5:
|
||||||
|
return INVALID_DECISION;
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,75 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.autho;
|
||||||
|
|
||||||
|
import java.net.URI;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Vector;
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* Attribtues resolved at runtime by the com.sun.xacml.attr.AttributeDesignator
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
public class DesignatorAttribute {
|
||||||
|
|
||||||
|
protected AttributeIdentifier attrId;
|
||||||
|
|
||||||
|
|
||||||
|
protected List<String> values;
|
||||||
|
|
||||||
|
public DesignatorAttribute(AttributeIdentifier attrId) {
|
||||||
|
this.attrId = attrId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public DesignatorAttribute(URI attributeId, URI dataType, URI categoryId) {
|
||||||
|
this.attrId = new AttributeIdentifier(categoryId, dataType, attributeId, null);
|
||||||
|
}
|
||||||
|
|
||||||
|
public AttributeIdentifier getAttrId() {
|
||||||
|
return attrId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setAttrId(AttributeIdentifier attrId) {
|
||||||
|
this.attrId = attrId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<String> getValues() {
|
||||||
|
return values;
|
||||||
|
}
|
||||||
|
public void setValues(List<String> values) {
|
||||||
|
this.values = values;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void addBagValue(String bagValue) {
|
||||||
|
if ( values == null ) {
|
||||||
|
values = new Vector<String>();
|
||||||
|
}
|
||||||
|
values.add(bagValue);
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<String> getBagValues() {
|
||||||
|
return this.values;
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean isSingleValue() {
|
||||||
|
return values!= null && values.size() == 1 ? true : false;
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean isEmptyValue() {
|
||||||
|
return values == null ? true : false;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,24 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.autho;
|
||||||
|
|
||||||
|
import eu.aniketos.securebpmn.api.idm.IdInfo;
|
||||||
|
|
||||||
|
public interface IAuthoManager {
|
||||||
|
|
||||||
|
AuthoInfo getIdentityInformation(IdInfo idInfo);
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,36 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.autho;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
public interface IContextProvider {
|
||||||
|
/**
|
||||||
|
* resolves one attribute
|
||||||
|
*
|
||||||
|
* writes the result to attr and returns it as string
|
||||||
|
*
|
||||||
|
* @param attr
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
|
String resolveAttribute(AuthoAttribute attr);
|
||||||
|
/**
|
||||||
|
* resolves a set of attributes, returns number of errors
|
||||||
|
* @param attr
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
|
int resolveAttributes(List<AuthoAttribute> attr);
|
||||||
|
}
|
|
@ -0,0 +1,28 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.autho;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
public interface IObligationService {
|
||||||
|
|
||||||
|
public boolean supportsObligation(AuthoObligation obligation);
|
||||||
|
|
||||||
|
public boolean fulfillObligation(AuthoObligation obligation);
|
||||||
|
|
||||||
|
public boolean fulfillObligation(List<AuthoObligation> obligation);
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,42 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.autho;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import javax.jws.WebParam;
|
||||||
|
import javax.jws.WebService;
|
||||||
|
|
||||||
|
import eu.aniketos.securebpmn.api.SecurityError;
|
||||||
|
import eu.aniketos.securebpmn.api.idm.IdInfo;
|
||||||
|
|
||||||
|
@WebService(targetNamespace="aniketos.eu/autho")
|
||||||
|
public interface IPDP {
|
||||||
|
|
||||||
|
String evaluateXACML(@WebParam(name="xacmlRequ")String xacmlRequest) throws SecurityError;
|
||||||
|
|
||||||
|
AuthoResult evaluate(@WebParam(name="idInfo") IdInfo idInfo,
|
||||||
|
@WebParam(name="resource") String resource,
|
||||||
|
@WebParam(name="action")String action,
|
||||||
|
@WebParam(name="attributes") List<AuthoAttribute> attributes) throws SecurityError;
|
||||||
|
|
||||||
|
String getXACMLPEPConfig();
|
||||||
|
|
||||||
|
boolean logBreakGlassAccess(@WebParam(name="evaluationId") long evaluationId, @WebParam(name="justification") String justification);
|
||||||
|
|
||||||
|
void notifyStateChange(@WebParam(name="evaluationId") long evaluationId) throws SecurityError;
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,37 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.autho;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
public interface IPDPManagement {
|
||||||
|
|
||||||
|
long loadPolicyVersion(long version);
|
||||||
|
|
||||||
|
boolean setEmergencyLeve(long level, boolean active);
|
||||||
|
|
||||||
|
// role management
|
||||||
|
List<String> getRoles(String userId);
|
||||||
|
|
||||||
|
void addRole(String userId, String role);
|
||||||
|
|
||||||
|
void removeRole(String userId, String role);
|
||||||
|
|
||||||
|
|
||||||
|
//patient - physician relationship
|
||||||
|
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.autho;
|
||||||
|
|
||||||
|
import eu.aniketos.securebpmn.api.SecurityError;
|
||||||
|
import eu.aniketos.securebpmn.api.log.AccessControlRequest;
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* This interface allows the PDP to pass an access control request
|
||||||
|
* to the PDP State module and update the pdp state according to the
|
||||||
|
* executed action
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
public interface IPDPStateManagement {
|
||||||
|
/**
|
||||||
|
* update the PDPState according to the access control request
|
||||||
|
* @param execRequest
|
||||||
|
*/
|
||||||
|
void updatePDPState(AccessControlRequest execRequest) throws SecurityError;
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,63 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.idm;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* contains (technology neutral) authentication information information, e.g.,
|
||||||
|
* <ul>
|
||||||
|
* <li>SAML Token</li>
|
||||||
|
* <li>CAS Token</li>
|
||||||
|
* <li>OpenID Token</li>
|
||||||
|
* </ul>
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
public class AuthInfo {
|
||||||
|
protected String authProviderId;
|
||||||
|
protected String token;
|
||||||
|
protected IdInfo idInfo;
|
||||||
|
|
||||||
|
public AuthInfo() {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
public AuthInfo(String authProviderId, String token) {
|
||||||
|
this.authProviderId = authProviderId;
|
||||||
|
this.token = token;
|
||||||
|
}
|
||||||
|
|
||||||
|
protected AuthInfo(IdInfo idInfo) {
|
||||||
|
this.idInfo = idInfo;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getAuthProviderId() {
|
||||||
|
return authProviderId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setAuthProviderId(String authProviderId) {
|
||||||
|
this.authProviderId = authProviderId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getToken() {
|
||||||
|
return token;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setToken(String token) {
|
||||||
|
this.token = token;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,38 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.idm;
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* Resovles the AuthInfo with aim of a ID Provider
|
||||||
|
*
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
public interface IIDProvider {
|
||||||
|
/**
|
||||||
|
* Resolved the AuthInfo t
|
||||||
|
*
|
||||||
|
* @param authInfo
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
|
IdInfo authenticate(AuthInfo authInfo);
|
||||||
|
|
||||||
|
boolean isValidInfo(String info);
|
||||||
|
|
||||||
|
AuthInfo createAuthInfo(String info);
|
||||||
|
|
||||||
|
String getProviderID();
|
||||||
|
}
|
|
@ -0,0 +1,23 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.idm;
|
||||||
|
|
||||||
|
import java.net.URL;
|
||||||
|
|
||||||
|
public interface IIDProviderFactory {
|
||||||
|
IIDProvider getClient(URL casServer, URL service);
|
||||||
|
IIDProviderProxy getProxyClient(URL casServer, URL service);
|
||||||
|
}
|
|
@ -0,0 +1,26 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.idm;
|
||||||
|
|
||||||
|
import java.net.URL;
|
||||||
|
|
||||||
|
public interface IIDProviderProxy extends IIDProvider {
|
||||||
|
|
||||||
|
IdInfo authenticate(AuthInfo authInfo, boolean proxy);
|
||||||
|
|
||||||
|
String getProxyTicket(IdInfo idInfo, URL targetService);
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,55 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.idm;
|
||||||
|
|
||||||
|
import java.net.URL;
|
||||||
|
|
||||||
|
import eu.aniketos.securebpmn.api.SecurityError;
|
||||||
|
|
||||||
|
public interface ITicketProvider {
|
||||||
|
/**
|
||||||
|
* This method logs in at the SSO Engine (i.e., the CAS Server)
|
||||||
|
* <br/>
|
||||||
|
* In case of <b>any error</b> (e.g., ConnectException, IOException) which result out of an
|
||||||
|
* incorrect infrastructure, this functions returns null, which signals "not logged in"
|
||||||
|
*
|
||||||
|
* @param username used to login at the SSO Engine (i.e., CAS Server)
|
||||||
|
* @param password used to login at the SSO Engine (i.e., CAS Server)
|
||||||
|
* @return the value of the Ticket Granting Cookie. <b>CAUTION</b> If the return value is null,
|
||||||
|
* the login has not been successful, it has to be called login again!
|
||||||
|
*/
|
||||||
|
public String login(String username, String password) throws SecurityError;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This function is used for every (Web Service) Call that is done in the SoKNOS system, as for each of these
|
||||||
|
* call a Service Ticket (CAS Ticket) is required.
|
||||||
|
*
|
||||||
|
* @param service The URL of the service for which the service ticket is required
|
||||||
|
* @return
|
||||||
|
* @throws InvalidCASTicketException This exception is thrown, if there is no valid CAS Ticket available (i.e.,
|
||||||
|
* the user is not logged in or the CAS session expired, etc.)
|
||||||
|
*/
|
||||||
|
public AuthInfo getServiceTicket(URL service) throws SecurityError;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Invalidates any existing active session. If no active session is available, no error is thrown. If
|
||||||
|
* this function is called, for further getServiceTicket() calls a (re)login is required
|
||||||
|
*
|
||||||
|
* @return <b>true</b>, if logout has been successful or no active session was found and <b>false</b>,
|
||||||
|
* if any error occured (e.g., network error)
|
||||||
|
*/
|
||||||
|
public boolean logout();
|
||||||
|
}
|
|
@ -0,0 +1,22 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.idm;
|
||||||
|
|
||||||
|
import java.net.URL;
|
||||||
|
|
||||||
|
public interface ITicketProviderFactory {
|
||||||
|
ITicketProvider getTicketProvider(URL idProvder);
|
||||||
|
}
|
|
@ -0,0 +1,94 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.idm;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import javax.xml.bind.annotation.XmlType;
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* Contains authentication information (ID Provider) and authorization
|
||||||
|
* relevant information (identity management) about the user
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
@XmlType(namespace="http://idm.aniketos.eu/")
|
||||||
|
public class IdInfo {
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
//the resolved userID
|
||||||
|
protected String userId; // Required
|
||||||
|
|
||||||
|
//ID Provider which was used to resolve the userID
|
||||||
|
protected String IdProvider; // Required
|
||||||
|
|
||||||
|
//List of services which are in the call chain to the current instance
|
||||||
|
protected List<String> callChain; // Optional, technology dependant, e.g., CAS
|
||||||
|
|
||||||
|
public IdInfo(String userId) {
|
||||||
|
this.userId = userId;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public IdInfo(String userId, String IdProvider, List<String> callChaind) {
|
||||||
|
this.userId = userId;
|
||||||
|
this.IdProvider = IdProvider;
|
||||||
|
this.callChain = callChaind;
|
||||||
|
}
|
||||||
|
|
||||||
|
protected IdInfo(IdInfo copy) {
|
||||||
|
this.userId = copy.userId;
|
||||||
|
this.IdProvider = copy.IdProvider;
|
||||||
|
this.callChain = copy.callChain;
|
||||||
|
}
|
||||||
|
|
||||||
|
protected IdInfo() {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public String getUserId() {
|
||||||
|
return userId;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public void setUserId(String userId) {
|
||||||
|
this.userId = userId;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public String getIdProvider() {
|
||||||
|
return IdProvider;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public void setIdProvider(String idProvider) {
|
||||||
|
IdProvider = idProvider;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public List<String> getCallChain() {
|
||||||
|
return callChain;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public void setCallChain(List<String> callChain) {
|
||||||
|
this.callChain = callChain;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,216 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.log;
|
||||||
|
|
||||||
|
import java.net.URI;
|
||||||
|
import java.util.Collection;
|
||||||
|
import java.util.Date;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import eu.aniketos.securebpmn.api.autho.AuthoAttribute;
|
||||||
|
import eu.aniketos.securebpmn.api.autho.AuthoObligation;
|
||||||
|
import eu.aniketos.securebpmn.api.autho.AuthoResult;
|
||||||
|
import eu.aniketos.securebpmn.api.autho.DesignatorAttribute;
|
||||||
|
import eu.aniketos.securebpmn.api.idm.IdInfo;
|
||||||
|
|
||||||
|
public class AccessControlRequest extends LogEntry {
|
||||||
|
|
||||||
|
private Long evaluationId;
|
||||||
|
private long policyVersion;
|
||||||
|
private Date execTime;
|
||||||
|
|
||||||
|
//request part
|
||||||
|
private IdInfo idInfo;
|
||||||
|
private URI resource;
|
||||||
|
private String action;
|
||||||
|
|
||||||
|
private Collection<AuthoAttribute> attributes;
|
||||||
|
|
||||||
|
//RequestCtx
|
||||||
|
private Object request;
|
||||||
|
private String xacmlRequest;
|
||||||
|
|
||||||
|
|
||||||
|
private AuthoResult result;
|
||||||
|
private List<AuthoObligation> obligations;
|
||||||
|
|
||||||
|
private List<DesignatorAttribute> designAttrs;
|
||||||
|
|
||||||
|
//ResponseCtx
|
||||||
|
private Object response;
|
||||||
|
private String xacmlResponse;
|
||||||
|
|
||||||
|
|
||||||
|
private long duration;
|
||||||
|
private String errorMessage;
|
||||||
|
|
||||||
|
public AccessControlRequest() {
|
||||||
|
super(null, Log_Type.ACCESS_REQUEST);
|
||||||
|
}
|
||||||
|
|
||||||
|
public AccessControlRequest(Long evaluationId, String xacmlRequest) {
|
||||||
|
super(new Date(), Log_Type.ACCESS_REQUEST);
|
||||||
|
this.evaluationId = evaluationId;
|
||||||
|
this.xacmlRequest = xacmlRequest;
|
||||||
|
}
|
||||||
|
|
||||||
|
public AccessControlRequest(Long evaluationId, IdInfo idInfo,
|
||||||
|
URI resource, String action, List<AuthoAttribute> attributes) {
|
||||||
|
super(new Date(), Log_Type.ACCESS_REQUEST);
|
||||||
|
this.evaluationId = evaluationId;
|
||||||
|
this.idInfo = idInfo;
|
||||||
|
this.resource = resource;
|
||||||
|
this.action = action;
|
||||||
|
this.attributes = attributes;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void finished(Object request, Object response, String xacmlResponse,
|
||||||
|
Date execTime, long policyVersion,
|
||||||
|
List<DesignatorAttribute> designAttrs) {
|
||||||
|
duration = new Date().getTime() - getArrival().getTime();
|
||||||
|
this.setRequest(request);
|
||||||
|
this.setResponse(response);
|
||||||
|
this.execTime = execTime;
|
||||||
|
this.policyVersion = policyVersion;
|
||||||
|
this.xacmlResponse = xacmlResponse;
|
||||||
|
this.designAttrs = designAttrs;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void finished(Object request, Object response, AuthoResult result,
|
||||||
|
Date execTime, long policyVersion,
|
||||||
|
List<DesignatorAttribute> designAttrs) {
|
||||||
|
duration = new Date().getTime() - getArrival().getTime();
|
||||||
|
this.setRequest(request);
|
||||||
|
this.setResponse(response);
|
||||||
|
this.execTime = execTime;
|
||||||
|
this.policyVersion = policyVersion;
|
||||||
|
this.result = result;
|
||||||
|
this.designAttrs = designAttrs;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
public Long getEvaluationId() {
|
||||||
|
return evaluationId;
|
||||||
|
}
|
||||||
|
public void setEvaluationId(Long evaluationId) {
|
||||||
|
this.evaluationId = evaluationId;
|
||||||
|
}
|
||||||
|
public String getXacmlRequest() {
|
||||||
|
return xacmlRequest;
|
||||||
|
}
|
||||||
|
public void setXacmlRequest(String xacmlRequest) {
|
||||||
|
this.xacmlRequest = xacmlRequest;
|
||||||
|
}
|
||||||
|
public URI getResource() {
|
||||||
|
return resource;
|
||||||
|
}
|
||||||
|
public void setResource(URI resource) {
|
||||||
|
this.resource = resource;
|
||||||
|
}
|
||||||
|
public String getAction() {
|
||||||
|
return action;
|
||||||
|
}
|
||||||
|
public void setAction(String action) {
|
||||||
|
this.action = action;
|
||||||
|
}
|
||||||
|
public Collection<AuthoAttribute> getAttributes() {
|
||||||
|
return attributes;
|
||||||
|
}
|
||||||
|
public void setAttributes(Collection<AuthoAttribute> attributes) {
|
||||||
|
this.attributes = attributes;
|
||||||
|
}
|
||||||
|
public AuthoResult getResult() {
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
public void setResult(AuthoResult result) {
|
||||||
|
this.result = result;
|
||||||
|
}
|
||||||
|
public long getDuration() {
|
||||||
|
return duration;
|
||||||
|
}
|
||||||
|
public void setDuration(long duration) {
|
||||||
|
this.duration = duration;
|
||||||
|
}
|
||||||
|
public void setErrorMessage(String errorMessage) {
|
||||||
|
this.errorMessage = errorMessage;
|
||||||
|
}
|
||||||
|
public String getErrorMessage() {
|
||||||
|
return errorMessage;
|
||||||
|
}
|
||||||
|
public void setXacmlResponse(String xacmlResponse) {
|
||||||
|
this.xacmlResponse = xacmlResponse;
|
||||||
|
}
|
||||||
|
public String getXacmlResponse() {
|
||||||
|
return xacmlResponse;
|
||||||
|
}
|
||||||
|
public void setObligations(List<AuthoObligation> obligations) {
|
||||||
|
this.obligations = obligations;
|
||||||
|
}
|
||||||
|
public List<AuthoObligation> getObligations() {
|
||||||
|
return obligations;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setPolicyVersion(long policyVersion) {
|
||||||
|
this.policyVersion = policyVersion;
|
||||||
|
}
|
||||||
|
|
||||||
|
public long getPolicyVersion() {
|
||||||
|
return policyVersion;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setRequest(Object request) {
|
||||||
|
this.request = request;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Object getRequest() {
|
||||||
|
return request;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setResponse(Object response) {
|
||||||
|
this.response = response;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Object getResponse() {
|
||||||
|
return response;
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<DesignatorAttribute> getDesignatorAttributes() {
|
||||||
|
return this.designAttrs;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setDesignatorAttributes(List<DesignatorAttribute> designAttrs) {
|
||||||
|
this.designAttrs = designAttrs;
|
||||||
|
}
|
||||||
|
|
||||||
|
public IdInfo getIdInfo() {
|
||||||
|
return idInfo;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setIdInfo(IdInfo idInfo) {
|
||||||
|
this.idInfo = idInfo;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Date getExecTime() {
|
||||||
|
return execTime;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setExecTime(Date execTime) {
|
||||||
|
this.execTime = execTime;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,59 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.log;
|
||||||
|
|
||||||
|
import java.util.Date;
|
||||||
|
|
||||||
|
public class EventNotification extends LogEntry {
|
||||||
|
|
||||||
|
protected EventNotification(Date arrival, Log_Type type) {
|
||||||
|
super(arrival, type);
|
||||||
|
}
|
||||||
|
|
||||||
|
private Long id;
|
||||||
|
|
||||||
|
private Long evaluationId;
|
||||||
|
private Log_Type type;
|
||||||
|
private String message;
|
||||||
|
|
||||||
|
|
||||||
|
public Long getEvaluationId() {
|
||||||
|
return evaluationId;
|
||||||
|
}
|
||||||
|
public void setEvaluationId(Long evaluationId) {
|
||||||
|
this.evaluationId = evaluationId;
|
||||||
|
}
|
||||||
|
public Log_Type getType() {
|
||||||
|
return type;
|
||||||
|
}
|
||||||
|
public void setType(Log_Type type) {
|
||||||
|
this.type = type;
|
||||||
|
}
|
||||||
|
public String getMessage() {
|
||||||
|
return message;
|
||||||
|
}
|
||||||
|
public void setMessage(String message) {
|
||||||
|
this.message = message;
|
||||||
|
}
|
||||||
|
public void setId(Long id) {
|
||||||
|
this.id = id;
|
||||||
|
}
|
||||||
|
public Long getId() {
|
||||||
|
return id;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,42 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.log;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
public interface ILogStore {
|
||||||
|
/**
|
||||||
|
* store the provided AccessControlRequest to the log store;
|
||||||
|
* this function should not block and return immediately, i.e.,
|
||||||
|
* the request should be put on a queue and handled by another
|
||||||
|
* thread
|
||||||
|
* @param requ
|
||||||
|
*/
|
||||||
|
void storeAccessControlRequest(AccessControlRequest requ);
|
||||||
|
|
||||||
|
boolean logBreakGlassAccess();
|
||||||
|
|
||||||
|
boolean shutdown();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* returns a new unique ID; this ID should be used to create a new
|
||||||
|
* AccessControlRequest
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
|
Long getNewEvaluationId();
|
||||||
|
|
||||||
|
AccessControlRequest getAccessControlRequest(Long evaluationId);
|
||||||
|
}
|
|
@ -0,0 +1,49 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.log;
|
||||||
|
|
||||||
|
import java.util.Date;
|
||||||
|
|
||||||
|
public abstract class LogEntry {
|
||||||
|
|
||||||
|
public enum Log_Type {
|
||||||
|
ACCESS_REQUEST,
|
||||||
|
BREAK_GLASS
|
||||||
|
}
|
||||||
|
|
||||||
|
protected LogEntry(Date arrival, Log_Type type) {
|
||||||
|
this.arrival = arrival;
|
||||||
|
this.type = type;
|
||||||
|
}
|
||||||
|
|
||||||
|
private Date arrival;
|
||||||
|
// private byte[] chkSum;
|
||||||
|
//
|
||||||
|
// private Long previous;
|
||||||
|
|
||||||
|
private Log_Type type;
|
||||||
|
|
||||||
|
public Date getArrival() {
|
||||||
|
return arrival;
|
||||||
|
}
|
||||||
|
public void setArrival(Date arrival) {
|
||||||
|
this.arrival = arrival;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Log_Type getLogtype() {
|
||||||
|
return type;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,22 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.pep;
|
||||||
|
|
||||||
|
import eu.aniketos.securebpmn.api.autho.AuthoObligation;
|
||||||
|
|
||||||
|
public interface IObligationContext {
|
||||||
|
public void fulfill(AuthoObligation obligation);
|
||||||
|
}
|
|
@ -0,0 +1,29 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.pep;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import eu.aniketos.securebpmn.api.autho.AuthoAttribute;
|
||||||
|
import eu.aniketos.securebpmn.api.idm.IdInfo;
|
||||||
|
|
||||||
|
public interface IPEP {
|
||||||
|
|
||||||
|
boolean authorized(String subjectId, String resource, String action, List<AuthoAttribute> ctxAttrs);
|
||||||
|
|
||||||
|
boolean authorized(IdInfo idInfo, String resource, String action, List<AuthoAttribute> ctxAttrs);
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,22 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.api.pep;
|
||||||
|
|
||||||
|
import eu.aniketos.securebpmn.api.idm.IIDProviderProxy;
|
||||||
|
|
||||||
|
public interface IPEPProxy extends IIDProviderProxy {
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,53 @@
|
||||||
|
/* Copyright 2012-2015 SAP SE
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package eu.aniketos.securebpmn.xacml.api;
|
||||||
|
|
||||||
|
import junit.framework.Test;
|
||||||
|
import junit.framework.TestCase;
|
||||||
|
import junit.framework.TestSuite;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Unit test for simple App.
|
||||||
|
*/
|
||||||
|
public class AppTest
|
||||||
|
extends TestCase
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Create the test case
|
||||||
|
*
|
||||||
|
* @param testName name of the test case
|
||||||
|
*/
|
||||||
|
public AppTest( String testName )
|
||||||
|
{
|
||||||
|
super( testName );
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return the suite of tests being tested
|
||||||
|
*/
|
||||||
|
public static Test suite()
|
||||||
|
{
|
||||||
|
return new TestSuite( AppTest.class );
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Rigourous Test :-)
|
||||||
|
*/
|
||||||
|
public void testApp()
|
||||||
|
{
|
||||||
|
assertTrue( true );
|
||||||
|
}
|
||||||
|
}
|
|
@ -12,6 +12,7 @@
|
||||||
<modules>
|
<modules>
|
||||||
<module>../com.sun.xacml</module>
|
<module>../com.sun.xacml</module>
|
||||||
<module>../com.sun.xacml.support</module>
|
<module>../com.sun.xacml.support</module>
|
||||||
|
<module>../eu.aniketos.securebpmn.xacml.api</module>
|
||||||
</modules>
|
</modules>
|
||||||
<build>
|
<build>
|
||||||
<plugins>
|
<plugins>
|
||||||
|
|
Reference in New Issue