Commit 0666ab68 authored by frederic motte's avatar frederic motte
Browse files

correction for SFgeneraion

parent 0735faf2
......@@ -53,10 +53,11 @@ import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
public class SFGeneratorImpl implements SFGenerator {
private static final Logger logger = LoggerFactory.getLogger(SFGeneratorImpl.class);
private void postService(String domain, String ServiceName , String service, String federationServerURL) throws SFGeneratorException{
try {
logger.info("Post service credential with" );
logger.info(" Domain:" + domain );
logger.info(" Service:" + service );
......@@ -70,7 +71,7 @@ public class SFGeneratorImpl implements SFGenerator {
logger.info("Post service " + response.getStatus());
logger.info("Post service " + response.getClientResponseStatus());
if (response.getClientResponseStatus().equals(response.getClientResponseStatus().BAD_REQUEST)){
WebResource webResourcePut = client
.resource(federationServerURL + "/resources/domains/"+domain+"/services/"+ ServiceName);
......@@ -81,7 +82,11 @@ public class SFGeneratorImpl implements SFGenerator {
logger.info("put service " + response.getClientResponseStatus());
}
if (response.getStatus() != 200 && response.getStatus() != 204&& response.getStatus() != 201) {
throw new SFGeneratorException("problem during post user " + service);
logger.error("problem during post user " + service);
//throw new SFGeneratorException("problem during post user " + service);
}
}catch(Exception e){
logger.error("problem during post user " + service);
}
}
......@@ -99,8 +104,8 @@ public class SFGeneratorImpl implements SFGenerator {
securityPolicy.getConsumer().setCredentialType("User");
securityPolicy.setProvider(SecurityPolicyFactory.createSecurityPolicyProvider());
// securityPolicy.getProvider().setServiceName(sModel.getSecuritypolicyset().getServiceName());
// securityPolicy.getProvider().setRessourceURL(sModel.getSecuritypolicyset().getRessourceURL());
// securityPolicy.getProvider().setServiceName(sModel.getSecuritypolicyset().getServiceName());
// securityPolicy.getProvider().setRessourceURL(sModel.getSecuritypolicyset().getRessourceURL());
securityPolicy.getProvider().setSFtype(securityFilterType.name());
......@@ -112,8 +117,8 @@ public class SFGeneratorImpl implements SFGenerator {
if (sModel.getSecuritypolicyset()==null)
throw new SFGeneratorException("No security policy set defined into the security model");
securityPolicy.setDomain(sModel.getSecuritypolicyset().getDomainName());
securityPolicy.getProvider().setServiceName(sModel.getSecuritypolicyset().getServiceName());
if (sModel.getSecuritypolicyset().getAuthentication()!=null){
......@@ -126,22 +131,22 @@ public class SFGeneratorImpl implements SFGenerator {
// todo check if the credential is coming from the security model, or the designer or null
eu.chorevolution.modelingnotations.configuration.SecurityPolicy.Provider.Credential e = SecurityPolicyFactory.createSecurityPolicyProviderCredential();
e.setAuthNTypeForwarded(authentication.getAuthNTypeForwarded().getName());
if (authentication.getAuthNTypeForwarded().equals(AuthenticationTypeForwarded.GENERIC_ACCOUNT)){
if (account!=null)
{
if (account instanceof LoginPasswordConnectionAccount) {
LoginPasswordConnectionAccount lpAccount = (LoginPasswordConnectionAccount) account;
e.setCredentialType(authentication.getCredentialType().getName());
e.setGenericAccount(null);
e.setGenericCredential(null);
e.setAuthNElement(null);
// forward the account into the Federation Server
String serviceName = sModel.getSecuritypolicyset().getServiceName();
if (lpAccount!=null)
......@@ -150,7 +155,7 @@ public class SFGeneratorImpl implements SFGenerator {
{
//TODO : remove hard coded value
Encryptor enc = new Encryptor("dsadsadasa4444");
String service;
try {
service = "{\"servicename\":\""+serviceName + "\",\"serviceaccount\":\"" + lpAccount.getLogin()+ "\",\"credentialtype\":\"usernametoken\",\"credential\":\""+enc.encode(lpAccount.getPassword())+"\"}";
......@@ -164,7 +169,7 @@ public class SFGeneratorImpl implements SFGenerator {
postService(sModel.getSecuritypolicyset().getDomainName(),serviceName, service, STSUrl);
}
}
}
else{
throw new SFGeneratorException("Authentication mechanism not supported");
......@@ -193,7 +198,7 @@ public class SFGeneratorImpl implements SFGenerator {
File configxml = new File(destDir+System.getProperty("file.separator")+"WEB-INF"+System.getProperty("file.separator")+"config.xml");
configxml.getParentFile().mkdirs();
JAXBContext jaxbContext;
try {
jaxbContext = JAXBContext.newInstance(SecurityPolicy.class);
......@@ -215,6 +220,9 @@ public class SFGeneratorImpl implements SFGenerator {
SF sf = new SF(sfName);
try {
String destDir = FileUtils.getTempDirectoryPath();
String initialDestDir = destDir;
destDir = Utilities.getDestinationFolderPath(destDir);
......@@ -224,10 +232,12 @@ public class SFGeneratorImpl implements SFGenerator {
Utilities.addConfigFileintoWar(destDir, configurationFile);
File webXml = Utilities.createWebXml(destDir, sf.getName(), STSUrl);
Utilities.addWebXmlFileintoWar(destDir, webXml);
File XACMLPolicies = XACMLGeneration.createXACMLFile(destDir, groups);
Utilities.addXACMLPoliciesFileintoWar(destDir, XACMLPolicies);
if (XACMLPolicies!=null)
{
Utilities.addXACMLPoliciesFileintoWar(destDir, XACMLPolicies);
}
sf.setWar(Utilities.getBytesFromWar(warResultFile));
Utilities.deleteProjectFolder(destDir);
} catch (IOException e) {
......@@ -253,7 +263,9 @@ public class SFGeneratorImpl implements SFGenerator {
File webXml = Utilities.createWebXml(destDir, sf.getName(), STSUrl);
Utilities.addWebXmlFileintoWar(destDir, webXml);
File XACMLPolicies = XACMLGeneration.createXACMLFile(destDir, groups);
Utilities.addXACMLPoliciesFileintoWar(destDir, XACMLPolicies);
if (XACMLPolicies!=null){
Utilities.addXACMLPoliciesFileintoWar(destDir, XACMLPolicies);
}
sf.setWar(Utilities.getBytesFromWar(warResultFile));
Utilities.deleteProjectFolder(destDir);
} catch (IOException e) {
......@@ -268,14 +280,15 @@ public class SFGeneratorImpl implements SFGenerator {
List<String> groups = new ArrayList<String>();
groups.add("group1");
groups.add("group5");
{
System.out.println("Generation of a SF in front of the choreography");
String SFName = "testProtection";
SFGenerator cdGenerator = new SFGeneratorImpl();
String domain = "domain2";
groups = null;
SF cd = cdGenerator.generateSecurityFilter(SFName, "http://127.0.0.1:8080/SecurityTokenService", domain , groups);
FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
}
......@@ -301,7 +314,7 @@ public class SFGeneratorImpl implements SFGenerator {
LoginPasswordConnectionAccount account = new LoginPasswordConnectionAccount();
account.setLogin("root");
account.setPassword("password");
SF cd = cdGenerator.generateSecurityFilter(SFName, "http://127.0.0.1:8080/SecurityTokenService", securityModel, groups, account);
FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
}
......@@ -341,23 +354,23 @@ public class SFGeneratorImpl implements SFGenerator {
FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
}
// {
// System.out.println("Generation of a SF in front of a legacy Service. During the service definition, the service owner has not provided an account to access it. the account must be provided by the designer");
// String SFName = "testGenAccountWithoutCred";
// Path securityPath = Paths.get("SecModelGenAccountWithoutCred.security");
// byte[] securityModel = Files.readAllBytes(securityPath);
//
// SFGenerator cdGenerator = new SFGeneratorImpl();
// LoginPasswordConnectionAccount account = new LoginPasswordConnectionAccount();
// account.setLogin("root");
// account.setPassword("password");
//
// SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService", securityModel, groups, account);
// FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
// }
// {
// System.out.println("Generation of a SF in front of a legacy Service. During the service definition, the service owner has not provided an account to access it. the account must be provided by the designer");
// String SFName = "testGenAccountWithoutCred";
// Path securityPath = Paths.get("SecModelGenAccountWithoutCred.security");
// byte[] securityModel = Files.readAllBytes(securityPath);
//
// SFGenerator cdGenerator = new SFGeneratorImpl();
// LoginPasswordConnectionAccount account = new LoginPasswordConnectionAccount();
// account.setLogin("root");
// account.setPassword("password");
//
// SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService", securityModel, groups, account);
// FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
// }
}
......
......@@ -2,7 +2,10 @@ package eu.chorevolution.transformations.sfgenerator.impl.utility;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.charset.Charset;
import java.nio.file.FileSystem;
import java.nio.file.FileSystems;
......@@ -10,8 +13,12 @@ import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import org.apache.commons.io.FileUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
......@@ -67,7 +74,7 @@ public class Utilities {
* @return
*/
public static String getDestinationFolderPath(String destDir){
return (destDir+System.getProperty("file.separator")+System.currentTimeMillis()).replaceAll("\\s", "_");
return (destDir+File.separatorChar+System.currentTimeMillis()).replaceAll("\\s", "_");
}
/**
......@@ -155,7 +162,7 @@ public class Utilities {
return webxml;
}
/**
* Delete the project directory
* @param projectDir the name of the directory
......@@ -240,9 +247,30 @@ public class Utilities {
* @throws IOException
*/
public static File copyWarTemplate( String destination) throws IOException{
File libs = new File( "." + File.separatorChar + "src" + File.separatorChar + "main" + File.separatorChar + "resources" + File.separatorChar+"war-template" + File.separatorChar + WARTEMPLATENAME);
File dest = new File(destination + File.separatorChar + WARTEMPLATENAME);
FileUtils.copyFile(libs, dest);
File dest = new File(destination + File.separatorChar + WARTEMPLATENAME);
final File jarFile = new File(Utilities.class.getProtectionDomain().getCodeSource().getLocation().getPath());
if (jarFile.isFile()){
final JarFile jar = new JarFile(Utilities.class.getProtectionDomain().getCodeSource().getLocation().getPath());
final Enumeration<JarEntry> entries =jar.entries();
while(entries.hasMoreElements()){
JarEntry entry = entries.nextElement();
if(entry.getName().equals("war-template/" + WARTEMPLATENAME)){
InputStream entrystream = jar.getInputStream(entry);
FileUtils.copyInputStreamToFile(entrystream, dest);
}
}
}else{
File war = new File( "." + File.separatorChar + "src" + File.separatorChar + "main" + File.separatorChar + "resources" + File.separatorChar+"war-template" + File.separatorChar + WARTEMPLATENAME);
FileUtils.copyFile(war, dest);
}
return dest;
}
......@@ -296,6 +324,6 @@ public class Utilities {
// TODO Auto-generated catch block
e2.printStackTrace();
}
}
}
......@@ -46,93 +46,95 @@ public class XACMLGeneration {
String destDir = FileUtils.getTempDirectoryPath();
XACMLGeneration.createXACMLFile(destDir, groups);
}
public static File createXACMLFile(String destDir, List<String> groups){
File XACMLPolicies = new File(destDir+System.getProperty("file.separator")+"WEB-INF"+System.getProperty("file.separator")+"policy.xml");;
String description = "description";
PolicyIssuer policyIssuer = null;
Target target = new Target(null);
ObligationExpressions obligationExpressions = null;
AdviceExpressions adviceExpressions = null;
String policyId = "policyID";
String version = "2.0";
String ruleCombiningAlgId = "urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-unless-permit";
DefaultsType policyDefaults = null;
BigInteger maxDelegationDepth = null;
List<Serializable> combinerParametersAndRuleCombinerParametersAndVariableDefinitions = new ArrayList<Serializable>();
Condition condition = null;
String ruleId = "ruleID";
EffectType effect = EffectType.PERMIT;
List<AnyOf> anyOves = new ArrayList<AnyOf>();
List<AllOf> allOves = new ArrayList<AllOf>();
for (java.util.Iterator iterator = groups.iterator(); iterator.hasNext();) {
String group = (String) iterator.next();
List<Match> matches = new ArrayList<Match>();
String matchId = "urn:oasis:names:tc:xacml:1.0:function:string-equal";
String category = "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject";
String attributeId = "group";
String dataType = "http://www.w3.org/2001/XMLSchema#string";
String issuer = null;
boolean mustBePresent = false;
AttributeDesignatorType attributeDesignator = new AttributeDesignatorType(category, attributeId, dataType, issuer, mustBePresent);
AttributeSelectorType attributeSelector = null;
Map<QName, String> otherAttributes = new HashMap<QName, String>();
List<Serializable> content = new ArrayList<Serializable>();
content.add(group);
AttributeValueType attributeValue = new AttributeValueType(content, dataType, otherAttributes);
Match match = new Match(attributeValue, attributeSelector, attributeDesignator, matchId);
matches.add(match );
AllOf e2 = new AllOf(matches);
allOves.add(e2);
}
AnyOf e = new AnyOf(allOves);
anyOves.add(e);
Target targetrule = new Target(anyOves);
Rule rule1 = new Rule(description, targetrule, condition, obligationExpressions, adviceExpressions, ruleId, effect);
combinerParametersAndRuleCombinerParametersAndVariableDefinitions.add(rule1);
Policy policy = new Policy(description,
policyIssuer,
policyDefaults,
target,
combinerParametersAndRuleCombinerParametersAndVariableDefinitions,
obligationExpressions,
adviceExpressions,
policyId,
version,
ruleCombiningAlgId,
maxDelegationDepth);
ObjectFactory xacmlFactory = new ObjectFactory();
try {
StringWriter writer = new StringWriter();
JAXBContext context;
context = JAXBContext.newInstance(PolicySet.class);
Marshaller m = context.createMarshaller();
m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
m.marshal(policy, XACMLPolicies);
// String theXML = writer.toString();
// System.out.println(theXML);
} catch (JAXBException ex) {
// TODO Auto-generated catch block
ex.printStackTrace();
}
File XACMLPolicies = null;
if (groups!=null){
XACMLPolicies = new File(destDir+System.getProperty("file.separator")+"WEB-INF"+System.getProperty("file.separator")+"policy.xml");;
String description = "description";
PolicyIssuer policyIssuer = null;
Target target = new Target(null);
ObligationExpressions obligationExpressions = null;
AdviceExpressions adviceExpressions = null;
String policyId = "policyID";
String version = "2.0";
String ruleCombiningAlgId = "urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-unless-permit";
DefaultsType policyDefaults = null;
BigInteger maxDelegationDepth = null;
List<Serializable> combinerParametersAndRuleCombinerParametersAndVariableDefinitions = new ArrayList<Serializable>();
Condition condition = null;
String ruleId = "ruleID";
EffectType effect = EffectType.PERMIT;
List<AnyOf> anyOves = new ArrayList<AnyOf>();
List<AllOf> allOves = new ArrayList<AllOf>();
for (java.util.Iterator iterator = groups.iterator(); iterator.hasNext();) {
String group = (String) iterator.next();
List<Match> matches = new ArrayList<Match>();
String matchId = "urn:oasis:names:tc:xacml:1.0:function:string-equal";
String category = "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject";
String attributeId = "group";
String dataType = "http://www.w3.org/2001/XMLSchema#string";
String issuer = null;
boolean mustBePresent = false;
AttributeDesignatorType attributeDesignator = new AttributeDesignatorType(category, attributeId, dataType, issuer, mustBePresent);
AttributeSelectorType attributeSelector = null;
Map<QName, String> otherAttributes = new HashMap<QName, String>();
List<Serializable> content = new ArrayList<Serializable>();
content.add(group);
AttributeValueType attributeValue = new AttributeValueType(content, dataType, otherAttributes);
Match match = new Match(attributeValue, attributeSelector, attributeDesignator, matchId);
matches.add(match );
AllOf e2 = new AllOf(matches);
allOves.add(e2);
}
AnyOf e = new AnyOf(allOves);
anyOves.add(e);
Target targetrule = new Target(anyOves);
Rule rule1 = new Rule(description, targetrule, condition, obligationExpressions, adviceExpressions, ruleId, effect);
combinerParametersAndRuleCombinerParametersAndVariableDefinitions.add(rule1);
Policy policy = new Policy(description,
policyIssuer,
policyDefaults,
target,
combinerParametersAndRuleCombinerParametersAndVariableDefinitions,
obligationExpressions,
adviceExpressions,
policyId,
version,
ruleCombiningAlgId,
maxDelegationDepth);
ObjectFactory xacmlFactory = new ObjectFactory();
try {
StringWriter writer = new StringWriter();
JAXBContext context;
context = JAXBContext.newInstance(PolicySet.class);
Marshaller m = context.createMarshaller();
m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
m.marshal(policy, XACMLPolicies);
// String theXML = writer.toString();
// System.out.println(theXML);
} catch (JAXBException ex) {
// TODO Auto-generated catch block
ex.printStackTrace();
}
}
return XACMLPolicies;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment