View Javadoc
1 /* 2 * $Header: /cvsroot/ebxmlrr/ebxmlrr/src/share/com/sun/ebxml/registry/security/authorization/RegistryAttributeFinderModule.java,v 1.2 2003/06/26 13:26:44 farrukh_najmi Exp $ 3 * 4 * ==================================================================== 5 * 6 * This code is subject to the freebxml License, Version 1.1 7 * 8 * Copyright (c) 2003 freebxml.org. All rights reserved. 9 * 10 * ==================================================================== 11 */ 12 13 package com.sun.ebxml.registry.security.authorization; 14 15 import com.sun.xacml.EvaluationCtx; 16 import com.sun.xacml.attr.AttributeValue; 17 import com.sun.xacml.attr.BagAttribute; 18 import com.sun.xacml.cond.EvaluationResult; 19 import java.net.URI; 20 21 import java.util.Set; 22 23 24 25 /*** 26 * Supports the attributes defined by ebRIM for RegistryObjects. 27 * 28 * @author <a href="mailto:Farrukh.Najmi@Sun.COM">Farrukh S. Najmi</a> 29 */ 30 public class RegistryAttributeFinderModule extends com.sun.xacml.finder.AttributeFinderModule 31 { 32 /*** 33 * The prefix for all resource attribute designators as defined by ebRIM. 34 */ 35 public static final String REGISTRY_RESOURCE_PREFIX = 36 "urn:oasis:names:tc:ebxml-regrep:2.5:rim:acp:resource:"; 37 38 /*** 39 * The prefix for all subject attribute designators as defined by ebRIM. 40 */ 41 public static final String REGISTRY_SUBJECT_PREFIX = 42 "urn:oasis:names:tc:ebxml-regrep:2.5:rim:acp:subject:"; 43 44 /*** 45 * The owner resource attribute designator as defined by ebRIM. 46 */ 47 public static final String REGISTRY_RESOURCE_OWNER = 48 REGISTRY_RESOURCE_PREFIX + "owner"; 49 50 /*** 51 * The selector resource attribute designator as defined by ebRIM. 52 */ 53 public static final String REGISTRY_RESOURCE_SELECTOR = 54 REGISTRY_RESOURCE_PREFIX + "selector"; 55 56 private com.sun.ebxml.registry.security.authorization.AuthorizationServiceImpl az = 57 com.sun.ebxml.registry.security.authorization.AuthorizationServiceImpl.getInstance(); 58 private static com.sun.ebxml.registry.query.QueryManagerImpl qm = com.sun.ebxml.registry.query.QueryManagerImpl.getInstance(); 59 private static com.sun.ebxml.registry.util.BindingUtility bu = com.sun.ebxml.registry.util.BindingUtility.getInstance(); 60 61 62 /*** 63 * Returns true always because this module supports designators. 64 * 65 * @return true always 66 */ 67 public boolean isDesignatorSupported() { 68 return true; 69 } 70 71 /*** 72 * Returns a <code>Set</code> with a single <code>Integer</code> 73 * specifying that environment attributes are supported by this 74 * module. 75 * 76 * @return a <code>Set</code> with 77 * <code>AttributeDesignator.SUBJECT_TARGET</code> and <code>AttributeDesignator.RESOURCE_TARGET</code> included 78 */ 79 public Set getSupportedDesignatorTypes() { 80 java.util.HashSet set = new java.util.HashSet(); 81 set.add(new Integer(com.sun.xacml.attr.AttributeDesignator.SUBJECT_TARGET)); 82 set.add(new Integer(com.sun.xacml.attr.AttributeDesignator.RESOURCE_TARGET)); 83 return set; 84 } 85 86 /*** 87 * Used to get the attributes defined by ebRIM for resources and subjects. 88 * If one of those values isn't being asked for, or if the types are wrong, 89 * then a empty bag is returned. 90 * 91 * @param attributeType the datatype of the attributes to find 92 * @param attributeId the identifier of the attributes to find 93 * @param issuer the issuer of the attributes, or null if unspecified 94 * @param subjectCategory the category of the attribute or null 95 * @param context the representation of the request data 96 * @param designatorType the type of designator 97 * 98 * @return the result of attribute retrieval, which will be a bag with 99 * a single attribute, an empty bag, or an error 100 */ 101 public EvaluationResult findAttribute(URI attributeType, URI attributeId, URI issuer, URI subjectCategory, EvaluationCtx context, int designatorType) { 102 // we only know about subject and resource attributes 103 if ((designatorType != com.sun.xacml.attr.AttributeDesignator.SUBJECT_TARGET) && 104 (designatorType != com.sun.xacml.attr.AttributeDesignator.RESOURCE_TARGET)) { 105 return new EvaluationResult(BagAttribute. 106 createEmptyBag(attributeType)); 107 } 108 109 // figure out which attribute we're looking for 110 String attrName = attributeId.toString(); 111 EvaluationResult res = null; 112 113 if (attrName.startsWith(REGISTRY_RESOURCE_PREFIX)) { 114 res = handleRegistryResourceAttribute(attributeId, attributeType, context); 115 } 116 else if (attrName.startsWith(REGISTRY_SUBJECT_PREFIX)) { 117 res = handleRegistrySubjectAttribute(attributeId, attributeType, context); 118 } 119 120 if (res == null) { 121 res = new EvaluationResult(BagAttribute. 122 createEmptyBag(attributeType)); 123 } 124 125 return res; 126 } 127 128 /*** 129 * Handles resource attributes as defined ebRIM. 130 */ 131 private EvaluationResult handleRegistryResourceAttribute(URI attributeId, URI type, EvaluationCtx context) { 132 EvaluationResult res = handleRegistryObjectAttribute(attributeId, type, context); 133 return res; 134 } 135 136 /*** 137 * Handles subject attributes as defined ebRIM. 138 */ 139 private EvaluationResult handleRegistrySubjectAttribute(URI attributeId, URI type, EvaluationCtx context) { 140 EvaluationResult res = null; 141 142 String attributeIdStr = attributeId.toString(); 143 144 try { 145 //First check if attribute is role or group which are special cases since 146 //they are not actual attributes in ebRIM. 147 if (attributeIdStr.equals(az.SUBJECT_ATTRIBUTE_ROLES)) { 148 Object user = getObject(context, az.SUBJECT_ATTRIBUTE_USER); 149 Set nodeIds = getClassificationNodeIds(user, az.SUBJECT_ATTRIBUTE_ROLES); 150 res = makeBag(new URI(com.sun.xacml.attr.AnyURIAttribute.identifier), nodeIds); 151 } 152 else if (attributeIdStr.equals(az.SUBJECT_ATTRIBUTE_GROUPS)) { 153 Object user = getObject(context, az.SUBJECT_ATTRIBUTE_USER); 154 Set nodeIds = getClassificationNodeIds(user, az.SUBJECT_ATTRIBUTE_GROUPS); 155 res = makeBag(new URI(com.sun.xacml.attr.AnyURIAttribute.identifier), nodeIds); 156 } 157 else { 158 /* 159 //Not a role or group attribute 160 //See if it is a RegistryObject attribute defined by ebRIM. 161 res = handleRegistryObjectAttribute(attributeId, type, context); 162 **/ 163 } 164 } 165 catch (java.net.URISyntaxException e) { 166 e.printStackTrace(); 167 } 168 catch (com.sun.ebxml.registry.RegistryException e) { 169 e.printStackTrace(); 170 } 171 catch (Exception e) { 172 e.printStackTrace(); 173 } 174 175 return res; 176 } 177 178 /*** 179 * Gets the Set of id STrings for all the nodes that classify the specified object 180 * within specified ClassificationScheme 181 */ 182 public Set getClassificationNodeIds(Object obj, String schemeId) throws com.sun.ebxml.registry.RegistryException { 183 Set nodeIds = new java.util.HashSet(); 184 185 if (obj instanceof org.oasis.ebxml.registry.bindings.rim.RegistryObjectType) { 186 org.oasis.ebxml.registry.bindings.rim.RegistryObjectType ro = (org.oasis.ebxml.registry.bindings.rim.RegistryObjectType)obj; 187 org.oasis.ebxml.registry.bindings.rim.Classification[] classifications = ro.getClassification(); 188 for (int i=0; i<classifications.length; i++) { 189 org.oasis.ebxml.registry.bindings.rim.Classification classification = classifications[i]; 190 String classificationNodeId = bu.getObjectId(classification.getClassificationNode()); 191 org.oasis.ebxml.registry.bindings.rim.ClassificationNode node = (org.oasis.ebxml.registry.bindings.rim.ClassificationNode)qm.getRegistryObject(classificationNodeId); 192 String path = node.getPath(); 193 if (path.startsWith("/"+schemeId+"/")) { 194 nodeIds.add(classificationNodeId); 195 } 196 } 197 } 198 199 return nodeIds; 200 } 201 202 203 /*** 204 * Handles attributes as defined ebRIM for Any RegistryObject. 205 * Used by both subject and resource attributes handling methods. 206 */ 207 private EvaluationResult handleRegistryObjectAttribute(URI attributeId, URI type, EvaluationCtx context) { 208 EvaluationResult res = null; 209 210 Object reqObj = getObject(context, az.RESOURCE_ATTRIBUTE_REQUEST); 211 if (reqObj != null) { 212 //Get the resource id from EvaluationContext 213 String id = context.getResourceId().encode(); 214 Object obj = null; 215 216 try { 217 if (reqObj instanceof org.oasis.ebxml.registry.bindings.rs.SubmitObjectsRequest) { 218 org.oasis.ebxml.registry.bindings.rs.SubmitObjectsRequest req = (org.oasis.ebxml.registry.bindings.rs.SubmitObjectsRequest)reqObj; 219 220 //Get the objects state from the request not from persistence layer 221 obj = bu.getObjectFromRequest(req, id); 222 } 223 else { 224 //For all other cases read the objects persistent state for attribute value 225 obj = qm.getRegistryObject(id); 226 } 227 228 //Now invoke a get method to get the value for attribute being sought 229 Class clazz = obj.getClass(); 230 String clazzName = clazz.getName(); 231 String attr = getAttributeFromAttributeId(attributeId); 232 java.beans.PropertyDescriptor propDesc = new java.beans.PropertyDescriptor(attr, clazz); 233 java.lang.reflect.Method method = propDesc.getReadMethod(); 234 Object attrValObj = method.invoke(obj, null); 235 236 //??Special kludge to handle the fact that current server returns value instead of id 237 //for ClassificationNode for objectType 238 if (attr.equals("objectType")) { 239 //on writes objectType is often not specified 240 if (attrValObj == null) { 241 attrValObj = clazzName.substring(clazzName.lastIndexOf('.', clazzName.length())+1, clazzName.length()); 242 } 243 String attrValStr = (String)attrValObj; 244 if (!(attrValStr.startsWith("urn:uuid:"))) { 245 org.oasis.ebxml.registry.bindings.rim.ClassificationNodeType node = com.sun.ebxml.registry.query.QueryManagerImpl.getClassificationNode("/urn:uuid:3188a449-18ac-41fb-be9f-99a1adca02cb/%"+attrValStr); 246 attrValObj = node.getId(); 247 } 248 } 249 250 AttributeValue attrVal = makeAttribute(attrValObj, type); 251 return makeBag(attrVal); 252 } 253 catch (java.lang.reflect.InvocationTargetException e) { 254 e.printStackTrace(); 255 } 256 catch (java.beans.IntrospectionException e) { 257 e.printStackTrace(); 258 } 259 catch (java.lang.IllegalAccessException e) { 260 e.printStackTrace(); 261 } 262 catch (java.text.ParseException e) { 263 e.printStackTrace(); 264 } 265 catch (com.sun.xacml.ParsingException e) { 266 e.printStackTrace(); 267 } 268 catch (java.net.URISyntaxException e) { 269 e.printStackTrace(); 270 } 271 catch (com.sun.ebxml.registry.RegistryException e) { 272 e.printStackTrace(); 273 } 274 } 275 276 return res; 277 } 278 279 private Object getObject(EvaluationCtx context, String attributeId) { 280 Object obj = null; 281 try { 282 EvaluationResult res1 = context.getResourceAttribute(new URI(ObjectAttribute.identifier), (new URI(attributeId)), null); 283 AttributeValue attrValue = res1.getAttributeValue(); 284 BagAttribute bagAttr = (BagAttribute)attrValue; 285 286 if (bagAttr.size() == 1) { 287 java.util.Iterator iter = bagAttr.iterator(); 288 ObjectAttribute objAttr = (ObjectAttribute)iter.next(); 289 if (objAttr != null) { 290 obj = objAttr.getValue(); 291 } 292 } 293 } 294 catch (java.net.URISyntaxException e) { 295 e.printStackTrace(); 296 } 297 298 return obj; 299 } 300 301 /*** 302 * Parses the attribute name from a URI rep of the Attribute id 303 * If input is: "urn:oasis:names:tc:ebxml-regrep:2.5:rim:acp:resource:objectType" 304 * then return value will be "objectType". 305 **/ 306 private String getAttributeFromAttributeId(URI attributeId) { 307 String attr = null; 308 309 String attrIdStr = attributeId.toString(); 310 attr = attrIdStr.substring(attrIdStr.lastIndexOf(':')+1, attrIdStr.length()); 311 312 return attr; 313 } 314 315 /*** 316 * Makes an AttributeValue from Object param using the attrType param and 317 * the mapping specified in ebRIM between RIM types and XACML data types. 318 */ 319 private AttributeValue makeAttribute(Object attrValObj, URI attrType) throws com.sun.xacml.ParsingException, java.net.URISyntaxException, java.text.ParseException { 320 AttributeValue val=null; 321 String attrTypeStr = attrType.toString(); 322 323 if (attrTypeStr.equals(com.sun.xacml.attr.BooleanAttribute.identifier)) { 324 val = com.sun.xacml.attr.BooleanAttribute.getInstance(attrValObj.toString()); 325 } 326 else if (attrTypeStr.equals(com.sun.xacml.attr.StringAttribute.identifier)) { 327 val = com.sun.xacml.attr.StringAttribute.getInstance(attrValObj.toString()); 328 } 329 else if (attrTypeStr.equals(com.sun.xacml.attr.AnyURIAttribute.identifier)) { 330 val = com.sun.xacml.attr.AnyURIAttribute.getInstance(attrValObj.toString()); 331 } 332 else if (attrTypeStr.equals(com.sun.xacml.attr.IntegerAttribute.identifier)) { 333 val = com.sun.xacml.attr.IntegerAttribute.getInstance(attrValObj.toString()); 334 } 335 else if (attrTypeStr.equals(com.sun.xacml.attr.DateTimeAttribute.identifier)) { 336 val = com.sun.xacml.attr.DateTimeAttribute.getInstance(attrValObj.toString()); 337 } 338 339 return val; 340 } 341 342 343 /*** 344 * Private helper that generates a new processing error status and 345 * includes the given string. 346 */ 347 private EvaluationResult makeProcessingError(String message) { 348 java.util.ArrayList code = new java.util.ArrayList(); 349 code.add(com.sun.xacml.ctx.Status.STATUS_PROCESSING_ERROR); 350 return new EvaluationResult(new com.sun.xacml.ctx.Status(code, message)); 351 } 352 353 /*** 354 * Private helper that makes a bag containing only the given attribute. 355 */ 356 private EvaluationResult makeBag(AttributeValue attribute) { 357 Set set = new java.util.HashSet(); 358 set.add(attribute); 359 360 BagAttribute bag = new BagAttribute(attribute.getType(), set); 361 362 return new EvaluationResult(bag); 363 } 364 365 /*** 366 * Private helper that makes a bag containing only the given attribute. 367 */ 368 private EvaluationResult makeBag(URI type, Set attributeValues) { 369 BagAttribute bag = new BagAttribute(type, attributeValues); 370 371 return new EvaluationResult(bag); 372 } 373 }

This page was automatically generated by Maven