View Javadoc
1 /* 2 * $Header: /cvsroot/ebxmlrr/ebxmlrr/src/share/com/sun/ebxml/registry/security/authorization/AuthorizationServiceImpl.java,v 1.17 2003/06/26 13:26:44 farrukh_najmi Exp $ 3 * 4 * ==================================================================== 5 * 6 * This code is subject to the freebxml License, Version 1.1 7 * 8 * Copyright (c) 2003 freebxml.org. All rights reserved. 9 * 10 * ==================================================================== 11 */ 12 package com.sun.ebxml.registry.security.authorization; 13 14 import com.sun.ebxml.registry.RegistryException; 15 import com.sun.ebxml.registry.security.authentication.AuthenticationServiceImpl; 16 import com.sun.xacml.attr.AnyURIAttribute; 17 import com.sun.xacml.attr.StringAttribute; 18 import com.sun.xacml.ctx.Attribute; 19 import com.sun.xacml.ctx.Subject; 20 21 import java.net.URI; 22 import java.util.ArrayList; 23 import java.util.HashSet; 24 import java.util.Set; 25 import org.oasis.ebxml.registry.bindings.rim.User; 26 27 /*** 28 * AuthorizationService implementation for the ebxml Registry. 29 * @author <a href="mailto:Farrukh.Najmi@Sun.COM">Farrukh S. Najmi</a> 30 */ 31 public class AuthorizationServiceImpl { 32 33 /*** 34 * @link 35 * @shapeType PatternLink 36 * @pattern Singleton 37 * @supplierRole Singleton factory 38 */ 39 /*# private AuthorizationServiceImpl _ authorizationServiceImpl; */ 40 private static AuthorizationServiceImpl instance = null; 41 42 //Not adding javadoc comments as these will go away soon. 43 public static final int SUBMIT_OBJECTS_REQUEST = 0; 44 public static final int UPDATE_OBJECTS_REQUEST = 1; 45 public static final int REMOVE_OBJECTS_REQUEST = 2; 46 public static final int APPROVE_OBJECTS_REQUEST = 3; 47 public static final int DEPRECATE_OBJECTS_REQUEST = 4; 48 public static final int ADD_SLOTS_REQUEST = 5; 49 public static final int REMOVE_SLOTS_REQUEST = 6; 50 public static final int ADHOC_QUERY_REQUEST = 7; 51 public static final int GET_CONTENT_REQUEST = 8; 52 53 /*** The action-id action attribute from V3 spec.*/ 54 public static final String ACTION_ATTRIBUTE_ID = "urn:oasis:names:tc:xacml:1.0:action:action-id"; 55 56 /*** The owner resource attribute from V3 spec.*/ 57 public static final String RESOURCE_ATTRIBUTE_OWNER = "urn:oasis:names:tc:ebxml-regrep:2.5:rim:acp:resource:owner"; 58 59 /*** The user subject attribute specific to ebxmlrr (not from V3 spec).*/ 60 public static final String RESOURCE_ATTRIBUTE_REQUEST = "urn:oasis:names:tc:ebxml-regrep:2.5:rim:acp:resource:request"; 61 62 /*** The subject-id subject attribute from XACML 1.0 spec. Should be in XACML impl??*/ 63 public static final String SUBJECT_ATTRIBUTE_ID = "urn:oasis:names:tc:xacml:1.0:subject:subject-id"; 64 65 /*** The role subject attribute from V3 spec.*/ 66 public static final String SUBJECT_ATTRIBUTE_ROLES = "urn:oasis:names:tc:ebxml-regrep:2.5:rim:acp:subject:roles"; 67 68 /*** The role subject attribute from V3 spec.*/ 69 public static final String SUBJECT_ATTRIBUTE_GROUPS = "urn:oasis:names:tc:ebxml-regrep:2.5:rim:acp:subject:groups"; 70 71 /*** The user subject attribute specific to ebxmlrr (not from V3 spec).*/ 72 public static final String SUBJECT_ATTRIBUTE_USER = "urn:oasis:names:tc:ebxml-regrep:2.5:rim:acp:subject:user"; 73 74 /*** The create action from V3 spec.*/ 75 public static final String ACTION_CREATE = "create"; 76 77 /*** The read action from V3 spec.*/ 78 public static final String ACTION_READ = "read"; 79 80 /*** The update action from V3 spec.*/ 81 public static final String ACTION_UPDATE = "update"; 82 83 /*** The delete action from V3 spec.*/ 84 public static final String ACTION_DELETE = "delete"; 85 86 /*** The approve action from V3 spec.*/ 87 public static final String ACTION_APPROVE = "approve"; 88 89 /*** The deprecate action from V3 spec.*/ 90 public static final String ACTION_DEPRECATE = "deprecate"; 91 92 /*** The undeprecate action from V3 spec.*/ 93 public static final String ACTION_UNDEPRECATE = "undeprecate"; 94 95 /*** The reference action from V3 spec.*/ 96 public static final String ACTION_REFERENCE = "reference"; 97 98 public static final String CANONICAL_ID_NODE_REGISTRY_ADMINISTRATOR = 99 "urn:uuid:970eeed9-1e58-4e97-bd82-eff3651998c2"; 100 101 public static final String CANONICAL_ID_NODE_SUBJECT_ROLE = 102 "urn:uuid:41ce5ef5-2117-4304-baf5-feb35295c1c1"; 103 104 public static final String CANONICAL_ID_NODE_SUBJECT_GROUP = 105 "urn:uuid:7c07beae-c1c6-4a52-b1db-d3cf9b501b75"; 106 107 public static final String PROP_REGISTRY_REQUEST = 108 "com.sun.ebxml.registry.security.authorization.RegistryRequest"; 109 110 /*** 111 * The standard namespace where all the ebRIM spec-defined functions live 112 */ 113 public static final String FUNCTION_NS = 114 "urn:oasis:names:tc:ebxml-regrep:2.5:rim:acp:function:"; 115 116 117 private static com.sun.ebxml.registry.util.BindingUtility bu = com.sun.ebxml.registry.util.BindingUtility.getInstance(); 118 private com.sun.xacml.PDP pdp = null; 119 120 private org.apache.commons.logging.Log log = org.apache.commons.logging.LogFactory.getLog(this.getClass()); 121 boolean useXACML = Boolean.valueOf(com.sun.ebxml.registry.util.RegistryProperties.getInstance().getProperty("ebxmlrr.security.authorization.useXACML")).booleanValue(); 122 String idForDefaultACP = com.sun.ebxml.registry.util.RegistryProperties.getInstance().getProperty("ebxmlrr.security.authorization.defaultACP"); 123 124 /*** 125 * Class Constructor. Protected and only used by getInstance() 126 * 127 */ 128 protected AuthorizationServiceImpl(){ 129 } 130 131 /*** 132 * Gets the singleton instance as defined by Singleton pattern. 133 * 134 * @return the singleton instance 135 * 136 */ 137 public static AuthorizationServiceImpl getInstance(){ 138 if (instance == null) { 139 synchronized(com.sun.ebxml.registry.security.authorization.AuthorizationServiceImpl.class) { 140 if (instance == null) { 141 instance = new com.sun.ebxml.registry.security.authorization. AuthorizationServiceImpl(); 142 instance.initialize(); 143 } 144 } 145 } 146 return instance; 147 } 148 149 private void initialize() { 150 if (useXACML) { 151 //Add any custom functions to XACML engine 152 try { 153 com.sun.xacml.cond.FunctionFactory.addTargetFunction(new ClassificationNodeCompare(), new URI(FUNCTION_NS + ClassificationNodeCompare.NAME)); 154 } 155 catch (java.net.URISyntaxException e) { 156 e.printStackTrace(); 157 } 158 159 //Add any custom PolicyFinderModules to XACML engine 160 RegistryPolicyFinderModule policyModule = new RegistryPolicyFinderModule(); 161 com.sun.xacml.finder.PolicyFinder policyFinder = new com.sun.xacml.finder.PolicyFinder(); 162 Set policyModules = new HashSet(); 163 policyModules.add(policyModule); 164 policyFinder.setModules(policyModules); 165 166 //Add any custom AttributeFinderModules to XACML engine 167 RegistryAttributeFinderModule regAttrFinderModule = new RegistryAttributeFinderModule(); 168 com.sun.xacml.finder.impl.CurrentEnvModule envModule = new com.sun.xacml.finder.impl.CurrentEnvModule(); 169 java.util.List attrModules = new ArrayList(); 170 attrModules.add(regAttrFinderModule); 171 attrModules.add(envModule); 172 com.sun.xacml.finder.AttributeFinder attrFinder = new com.sun.xacml.finder.AttributeFinder(); 173 attrFinder.setModules(attrModules); 174 175 pdp = new com.sun.xacml.PDP(new com.sun.xacml.PDPConfig(attrFinder, policyFinder, null)); 176 } 177 } 178 179 /*** 180 * Check whether the user is authorised to make requests on the RegistryObjects 181 * @throws UnauthorizedRequestException if the user is not authorized to make the requests on the objects 182 */ 183 public void checkAuthorization(User user, ArrayList ids, int requestType) throws RegistryException { 184 185 String userId = user.getId(); 186 AuthenticationServiceImpl authc = AuthenticationServiceImpl.getInstance(); 187 188 boolean isAdmin = isRegistryAdministrator(user); 189 190 // The user is administrator. He can do anything. 191 if (isAdmin) { 192 } 193 // Everyone can make AdhocQueryRequest or GET_CONTENT_REQUEST 194 else if (requestType==ADHOC_QUERY_REQUEST || requestType == GET_CONTENT_REQUEST) { 195 } 196 else if (requestType == SUBMIT_OBJECTS_REQUEST && !userId.equals(authc.ALIAS_REGISTRY_GUEST)) { 197 // non-guest can make SubmitObjectsRequest 198 } 199 else if (requestType == UPDATE_OBJECTS_REQUEST || 200 requestType == REMOVE_OBJECTS_REQUEST || 201 requestType == APPROVE_OBJECTS_REQUEST || 202 requestType == DEPRECATE_OBJECTS_REQUEST || 203 requestType == ADD_SLOTS_REQUEST || 204 requestType == REMOVE_SLOTS_REQUEST) { 205 206 // Registry guest is not allowed to make these requests 207 if (userId.equals(authc.ALIAS_REGISTRY_GUEST)) { 208 // Should we hardcode who is registry guest ?????? 209 throw new com.sun.ebxml.registry.security.UnauthorizedRequestException((String)ids.get(0), userId); 210 } 211 else { 212 // Check whether the user is the owner 213 com.sun.ebxml.registry.persistence.PersistenceManager pm = com.sun.ebxml.registry.persistence.PersistenceManagerImpl.getInstance(); 214 java.util.HashMap ownersMap = pm.getOwnersMap(ids); 215 java.util.Iterator idIter = ids.iterator(); 216 while(idIter.hasNext()) { 217 String id = (String)idIter.next(); 218 String ownerId = (String)ownersMap.get(id); 219 if (ownerId == null) { 220 throw new RegistryException("Owners not found for object " + id); 221 } 222 if (!ownerId.equals(userId)) { 223 // the user is not the owner of the object 224 throw new com.sun.ebxml.registry.security.UnauthorizedRequestException(id, userId); 225 } 226 } 227 228 } 229 } 230 else { 231 throw new RegistryException("InvalidRequest: Unknown request"); 232 } 233 234 } 235 236 237 /*** 238 * Check if user is authorized to perform specified request using V3 specification. 239 * 240 * Check if the specified User (requestor) is authorized to make this request or not. 241 * The initial subject lists contains the object in the request is a resource. 242 * The primary action is determined by the type of request. In addition 243 * 244 * AdhocQueryRequest: process query as normal and then filter out objects that should not be visible to the client. 245 * GetContentRequest: throw ObjectNotFoundException if object client should not be able to see object. (document in V3 spec??) 246 * ApproveObjectRequest: check if subject is authorized for the approve action 247 * Deprecate/UndeprecateRequest: check if subject is authorized for the deprecate/undeprecate action 248 * RemoveObjectRequest: check if subject is authorized for the delete action 249 * SubmitObjectsRequest/UpdateObjectsRequest: check if subject authorized for the create action 250 * Check any referenced objects and see if their policies allows reference action 251 * 252 * Do we need any new Attribute types by Extending AttributeValue (have string URI etc.)?? 253 * Do we need any new functions?? 254 * 255 * @throws UnauthorizedRequestException if the user is not authorized to make the requests on the objects 256 */ 257 public void checkAuthorizationV3(User user, Object registryRequest) throws RegistryException { 258 259 try { 260 AuthenticationServiceImpl authc = AuthenticationServiceImpl.getInstance(); 261 String userId = user.getId(); 262 263 boolean isAdmin = isRegistryAdministrator(user); 264 265 if (isAdmin) { 266 //Allow RegistryAdmin role all privileges 267 return; 268 } 269 270 //The subjects Set contain Subject instances now 271 //Subject instances are created with a HashSet of subject Attributes 272 Set subjects = new HashSet(); 273 274 Set action = new HashSet(); 275 Set environment = new HashSet(); 276 Attribute actionAttr = null; 277 String ownerId = null; 278 279 ArrayList objects = bu.getIdsFromRequest(registryRequest); 280 281 if (registryRequest instanceof org.oasis.ebxml.registry.bindings.query.AdhocQueryRequest) { 282 //action = new Attribute(new URI(""), URI type, String issuer, DateTimeAttribute issueInstant, AttributeValue value); 283 } 284 else if (registryRequest instanceof org.oasis.ebxml.registry.bindings.query.GetContentRequest) { 285 } 286 else if (registryRequest instanceof org.oasis.ebxml.registry.bindings.rs.SubmitObjectsRequest) { 287 ownerId = user.getId(); 288 289 actionAttr = new Attribute(new URI(ACTION_ATTRIBUTE_ID), 290 new URI(StringAttribute.identifier), 291 null, 292 null, 293 new StringAttribute(ACTION_CREATE)); 294 } 295 else if (registryRequest instanceof org.oasis.ebxml.registry.bindings.rs.ApproveObjectsRequest) { 296 actionAttr = new Attribute(new URI(ACTION_ATTRIBUTE_ID), 297 new URI(StringAttribute.identifier), 298 null, 299 null, 300 new StringAttribute(ACTION_APPROVE)); 301 } 302 else if (registryRequest instanceof org.oasis.ebxml.registry.bindings.rs.DeprecateObjectsRequest) { 303 actionAttr = new Attribute(new URI(ACTION_ATTRIBUTE_ID), 304 new URI(StringAttribute.identifier), 305 null, 306 null, 307 new StringAttribute(ACTION_DEPRECATE)); 308 } 309 else if (registryRequest instanceof org.oasis.ebxml.registry.bindings.rs.UpdateObjectsRequest) { 310 actionAttr = new Attribute(new URI(ACTION_ATTRIBUTE_ID), 311 new URI(StringAttribute.identifier), 312 null, 313 null, 314 new StringAttribute(ACTION_UPDATE)); 315 } 316 else if (registryRequest instanceof org.oasis.ebxml.registry.bindings.rs.RemoveObjectsRequest) { 317 actionAttr = new Attribute(new URI(ACTION_ATTRIBUTE_ID), 318 new URI(StringAttribute.identifier), 319 null, 320 null, 321 new StringAttribute(ACTION_DELETE)); 322 } 323 else if (registryRequest instanceof org.oasis.ebxml.registry.bindings.rs.AddSlotsRequest) { 324 //??Document in spec the mapping 325 actionAttr = new Attribute(new URI(ACTION_ATTRIBUTE_ID), 326 new URI(StringAttribute.identifier), 327 null, 328 null, 329 new StringAttribute(ACTION_UPDATE)); 330 } 331 else if (registryRequest instanceof org.oasis.ebxml.registry.bindings.rs.RemoveSlotsRequest) { 332 //??Document in spec the mapping 333 actionAttr = new Attribute(new URI(ACTION_ATTRIBUTE_ID), 334 new URI(StringAttribute.identifier), 335 null, 336 null, 337 new StringAttribute(ACTION_UPDATE)); 338 } 339 else { 340 throw new RegistryException("InvalidRequest: Unknown request " + registryRequest.getClass().getName()); 341 } 342 343 action.add(actionAttr); 344 345 //Init subject attributes 346 Set userSubject = new HashSet(); 347 Set subjectAttributesForUser = new HashSet(); 348 349 Attribute idSubjectAttr = new Attribute(new URI(SUBJECT_ATTRIBUTE_ID), 350 new URI(AnyURIAttribute.identifier), 351 null, 352 null, 353 new AnyURIAttribute(new URI(userId))); 354 userSubject.add(idSubjectAttr); 355 356 Attribute userSubjectAttr = new Attribute(new URI(SUBJECT_ATTRIBUTE_USER), 357 new URI(ObjectAttribute.identifier), 358 null, 359 null, 360 new ObjectAttribute(user)); 361 userSubject.add(userSubjectAttr); 362 363 subjectAttributesForUser.add(new URI(com.sun.xacml.attr.AttributeDesignator.SUBJECT_CATEGORY_DEFAULT)); 364 subjectAttributesForUser.add(userSubject); 365 366 //Create a SUbject instance using the subjectAttributes 367 Subject subject = new Subject(subjectAttributesForUser); 368 369 //Now add subject instance to HashSet subjects 370 subjects.add(subject); 371 372 //Encapsuulate entire request as a pseudo-resource atttribute so it is available to RegistryAttributeFinderModule 373 Attribute requestResourceAttr = new Attribute(new URI(RESOURCE_ATTRIBUTE_REQUEST), 374 new URI(ObjectAttribute.identifier), 375 null, 376 null, 377 new ObjectAttribute(registryRequest)); 378 379 //Iterate over each resource and see if action is authorized on the resource by the subject 380 java.util.Collection ids = bu.getIdsFromRequest(registryRequest); 381 java.util.Iterator idsIter = ids.iterator(); 382 while (idsIter.hasNext()) { 383 String id = (String)idsIter.next(); 384 if (id != null) { 385 if (id.equals(idForDefaultACP)) { 386 //Auth check for defaultACP is special and requires that it is submitted by RegistryAdministrator role 387 //Note this will be generalized when we have better Role Based Access Control (RBAC) support 388 if (!isAdmin) { 389 throw new RegistryException("InvalidRequest: Only Users with RegistryAdministrator role can submit default Access Control Policy file with id='" + id + "'"); 390 } 391 } 392 else { 393 checkAuthorizationV3(userId, id, ownerId, subjects, action, environment, requestResourceAttr); 394 } 395 } 396 else { 397 int i =0; 398 } 399 } 400 } 401 catch (java.net.URISyntaxException e) { 402 throw new RegistryException(e); 403 } 404 } 405 406 /*** 407 * Check if subject is authorized to perform action on the resource ro. 408 **/ 409 private void checkAuthorizationV3(String userId, String id, String ownerId, 410 Set subjects, Set action, Set environment, Attribute requestResourceAttr) throws RegistryException { 411 if (ownerId == null) { 412 ownerId = getRegistryObjectOwnerId(id); 413 } 414 415 try { 416 Attribute idResourceAttr = new Attribute(new URI(com.sun.xacml.EvaluationCtx.RESOURCE_ID), 417 new URI(AnyURIAttribute.identifier), 418 null, 419 null, 420 new AnyURIAttribute(new URI(id))); 421 422 Attribute ownerResourceAttr = new Attribute(new URI(RESOURCE_ATTRIBUTE_OWNER), 423 new URI(AnyURIAttribute.identifier), 424 null, 425 null, 426 new AnyURIAttribute(new URI(ownerId))); 427 428 Set resourceAttributes = new HashSet(); 429 resourceAttributes.add(idResourceAttr); 430 resourceAttributes.add(ownerResourceAttr); 431 resourceAttributes.add(requestResourceAttr); 432 433 com.sun.xacml.ctx.RequestCtx req = new com.sun.xacml.ctx.RequestCtx(subjects, resourceAttributes, action, environment); 434 com.sun.xacml.ctx.ResponseCtx resp = pdp.evaluate(req); 435 436 Set results = resp.getResults(); 437 //Expecting only one Result 438 com.sun.xacml.ctx.Result result = (com.sun.xacml.ctx.Result)results.iterator().next(); 439 com.sun.xacml.ctx.Status status = result.getStatus(); 440 log.info("status.message = " + status.getMessage()); 441 442 //??Need to check status here 443 int decision = result.getDecision(); 444 if (!(decision == com.sun.xacml.ctx.Result.DECISION_PERMIT)) { 445 Attribute actionAttr = (Attribute)((action.toArray())[0]); 446 String actionStr = ((StringAttribute)actionAttr.getValue()).getValue(); 447 throw new com.sun.ebxml.registry.security.UnauthorizedRequestException(id, userId, actionStr); 448 } 449 } 450 catch (java.net.URISyntaxException e) { 451 throw new RegistryException(e); 452 } 453 } 454 455 /*** 456 * Gets id for User that is owner of RegistryObject with specified id. 457 **/ 458 private String getRegistryObjectOwnerId(String id) throws RegistryException { 459 // Check whether the user is the owner 460 com.sun.ebxml.registry.persistence.PersistenceManager pm = com.sun.ebxml.registry.persistence.PersistenceManagerImpl.getInstance(); 461 ArrayList ids = new ArrayList(); 462 ids.add(id); 463 464 java.util.HashMap ownersMap = pm.getOwnersMap(ids); 465 String ownerId = (String)ownersMap.get(id); 466 467 if (ownerId == null) { 468 throw new RegistryException("Owners not found for object " + id); 469 } 470 471 return ownerId; 472 } 473 474 /*** 475 * Check if user is authorized to perform specified request. 476 **/ 477 public void checkAuthorization(User user, Object registryRequest) throws RegistryException { 478 if (useXACML) { 479 checkAuthorizationV3(user, registryRequest); 480 } else { 481 checkAuthorizationV2(user, registryRequest); 482 } 483 } 484 485 /*** 486 * Check if user is authorized to perform specified request using V2 specification. 487 **/ 488 public void checkAuthorizationV2(User user, Object registryRequest) throws RegistryException { 489 490 int requestType = -1; 491 492 if (registryRequest instanceof org.oasis.ebxml.registry.bindings.query.AdhocQueryRequest) { 493 requestType = ADHOC_QUERY_REQUEST; 494 } 495 else if (registryRequest instanceof org.oasis.ebxml.registry.bindings.query.GetContentRequest) { 496 requestType = GET_CONTENT_REQUEST; 497 } 498 else if (registryRequest instanceof org.oasis.ebxml.registry.bindings.rs.SubmitObjectsRequest) { 499 requestType = SUBMIT_OBJECTS_REQUEST; 500 } 501 else if (registryRequest instanceof org.oasis.ebxml.registry.bindings.rs.ApproveObjectsRequest) { 502 requestType = APPROVE_OBJECTS_REQUEST; 503 } 504 else if (registryRequest instanceof org.oasis.ebxml.registry.bindings.rs.DeprecateObjectsRequest) { 505 requestType = DEPRECATE_OBJECTS_REQUEST; 506 } 507 else if (registryRequest instanceof org.oasis.ebxml.registry.bindings.rs.UpdateObjectsRequest) { 508 requestType = UPDATE_OBJECTS_REQUEST; 509 } 510 else if (registryRequest instanceof org.oasis.ebxml.registry.bindings.rs.RemoveObjectsRequest) { 511 requestType = REMOVE_OBJECTS_REQUEST; 512 } 513 else if (registryRequest instanceof org.oasis.ebxml.registry.bindings.rs.AddSlotsRequest) { 514 requestType = ADD_SLOTS_REQUEST; 515 } 516 else if (registryRequest instanceof org.oasis.ebxml.registry.bindings.rs.RemoveSlotsRequest) { 517 requestType = REMOVE_SLOTS_REQUEST; 518 } 519 else { 520 throw new RegistryException("InvalidRequest: Unknown request " + registryRequest.getClass().getName()); 521 } 522 checkAuthorization(user, bu.getIdsFromRequest(registryRequest), requestType); 523 } 524 525 public boolean isRegistryAdministrator(User user) throws RegistryException { 526 boolean isAdmin = false; 527 528 529 log.info("isRegistryAdministrator: user=" + user.getId()); 530 org.oasis.ebxml.registry.bindings.rim.Classification[] classifications = user.getClassification(); 531 for (int i=0; i<classifications.length; i++) { 532 org.oasis.ebxml.registry.bindings.rim.Classification classification = classifications[i]; 533 String classificationNodeId = bu.getObjectId(classification.getClassificationNode()); 534 log.info("isRegistryAdministrator: classificationNodeId=" + classificationNodeId); 535 if (classificationNodeId.equals(CANONICAL_ID_NODE_REGISTRY_ADMINISTRATOR)) { 536 isAdmin = true; 537 break; 538 } 539 } 540 541 log.info("isRegistryAdministrator: isAdmin=" + isAdmin); 542 return isAdmin; 543 } 544 545 /*** 546 * Minimal unit test code. WIll be replaced with junit test later. 547 **/ 548 public static void main(String[] args) { 549 //String req = "c:/osws/ebxmlrr/misc/samples/SubmitObjectsRequest_extSchemes.xml"; //Objects other than ExtrinsicObject being submitted 550 String req = "c:/osws/ebxmlrr/misc/samples/SubmitObjectsRequest_SubjectRoleScheme.xml"; //only ExtrinsicObject being submitted 551 //String alias = "urn:uuid:b2691323-4aad-46da-9dc7-a842b7e4b1ae"; //An non sysadmin user 552 String alias = "urn:uuid:921284f0-bbed-4a4c-9342-ecaf0625f9d7"; //An sysadmin user 553 554 try { 555 AuthenticationServiceImpl ac = 556 AuthenticationServiceImpl.getInstance(); 557 558 AuthorizationServiceImpl az = AuthorizationServiceImpl.getInstance(); 559 User user = ac.getUserFromAlias(alias); 560 java.io.File file = new java.io.File(req); 561 Object request = bu.getRequestObject(file); 562 az.checkAuthorization(user, request); 563 564 System.err.println("Request was authorized"); 565 566 System.exit(0); 567 } catch (Exception e) { 568 e.printStackTrace(); 569 System.exit(-1); 570 } 571 572 573 } 574 575 576 }

This page was automatically generated by Maven