Commit b3787449 authored by frederic motte's avatar frederic motte
Browse files

add tests for the different usage + bug fix

parent f30444ae
<?xml version="1.0" encoding="UTF-8"?>
<security:SecurityModel xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI" xmlns:security="http://www.thalesgroup.com/chorevolution/spec/security">
<securitypolicyset name="SecurityPolicy" domainName="domain2" serviceName="service1">
<authentication name="authentication" AuthNTypeForwarded="GenericAccount" genericAccount="account" genericCredential="password"/>
<communication name="communication" SecuredCommunication="true"/>
</securitypolicyset>
</security:SecurityModel>
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8"?>
<security:SecurityModel xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI" xmlns:security="http://www.thalesgroup.com/chorevolution/spec/security">
<securitypolicyset name="SecurityPolicy" domainName="domain2" serviceName="service1">
<authentication name="authentication" AuthNTypeForwarded="GenericAccount"/>
<communication name="communication" SecuredCommunication="true"/>
</securitypolicyset>
</security:SecurityModel>
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8"?>
<security:SecurityModel xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI" xmlns:security="http://www.thalesgroup.com/chorevolution/spec/security">
<securitypolicyset name="SecurityPolicy" domainName="domain2" serviceName="sc3">
<authentication name="authentication"/>
<communication name="communication" SecuredCommunication="false"/>
</securitypolicyset>
</security:SecurityModel>
\ No newline at end of file
......@@ -72,6 +72,11 @@
<artifactId>eu.chorevolution.modelingnotations.security</artifactId>
<version>1.0.0-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-xacml-model</artifactId>
<version>3.4.0</version>
</dependency>
</dependencies>
<repositories>
......
<?xml version="1.0" encoding="UTF-8"?>
<security:SecurityModel xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI" xmlns:security="http://www.thalesgroup.com/chorevolution/spec/security">
<securitypolicyset name="SecurityPolicy" ressourceURL="http://www.test.com" domainName="domain1" serviceName="service1">
<authorisation name="GET authZ" Action="get">
<accessrule name="rulebag1">
<unitaryrule name="accessRule1"/>
</accessrule>
<accessrule name="rulebag2">
<unitaryrule AttributeValue="mpoi" AttributeDesignator="name" MatchFunction="string_equal_ignore_case" name="accessRule2"/>
<unitaryrule name="accessRule3"/>
</accessrule>
</authorisation>
<authentication name="authentication" genericAccount="account" genericCredential="password"/>
<communication name="communication" MutualCommunication="false" SecuredCommunication="true"/>
</securitypolicyset>
</security:SecurityModel>
<?xml version="1.0" encoding="UTF-8"?>
<security:SecurityModel xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI" xmlns:security="http://www.thalesgroup.com/chorevolution/spec/security">
<securitypolicyset name="SecurityPolicy" ressourceURL="http://www.test.com" domainName="domain1" serviceName="service1">
<authorisation name="GET authZ" Action="get">
<accessrule name="rulebag1">
<unitaryrule name="accessRule1"/>
</accessrule>
<accessrule name="rulebag2">
<unitaryrule AttributeValue="mpoi" AttributeDesignator="name" MatchFunction="string_equal_ignore_case" name="accessRule2"/>
<unitaryrule name="accessRule3"/>
</accessrule>
</authorisation>
<authentication name="authentication"/>
<communication name="communication" MutualCommunication="false" SecuredCommunication="true"/>
</securitypolicyset>
</security:SecurityModel>
......@@ -2,7 +2,7 @@
// Ce fichier a été généré par l'implémentation de référence JavaTM Architecture for XML Binding (JAXB), v2.2.8-b130911.1802
// Voir <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Toute modification apportée à ce fichier sera perdue lors de la recompilation du schéma source.
// Généré le : 2016.08.26 à 09:54:27 AM CEST
// Généré le : 2016.09.12 à 11:00:09 AM CEST
//
......
......@@ -2,7 +2,7 @@
// Ce fichier a été généré par l'implémentation de référence JavaTM Architecture for XML Binding (JAXB), v2.2.8-b130911.1802
// Voir <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Toute modification apportée à ce fichier sera perdue lors de la recompilation du schéma source.
// Généré le : 2016.08.26 à 09:54:27 AM CEST
// Généré le : 2016.09.12 à 11:00:09 AM CEST
//
......@@ -30,7 +30,7 @@ import javax.xml.bind.annotation.XmlType;
* &lt;complexType>
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;attribute name="type" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="credentialType" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="checkAuthN" type="{http://www.w3.org/2001/XMLSchema}boolean" />
* &lt;attribute name="checkAuthZ" type="{http://www.w3.org/2001/XMLSchema}boolean" />
* &lt;/restriction>
......@@ -46,15 +46,17 @@ import javax.xml.bind.annotation.XmlType;
* &lt;complexType>
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;attribute name="authNTypeForwarded" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="credentialType" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="genericAccount" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="genericCredential" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="authNElement" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* &lt;/element>
* &lt;/sequence>
* &lt;attribute name="type" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="SFtype" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="serviceName" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="ressourceURL" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;/restriction>
......@@ -167,7 +169,7 @@ public class SecurityPolicy {
* &lt;complexType>
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;attribute name="type" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="credentialType" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="checkAuthN" type="{http://www.w3.org/2001/XMLSchema}boolean" />
* &lt;attribute name="checkAuthZ" type="{http://www.w3.org/2001/XMLSchema}boolean" />
* &lt;/restriction>
......@@ -181,35 +183,35 @@ public class SecurityPolicy {
@XmlType(name = "")
public static class Consumer {
@XmlAttribute(name = "type")
protected String type;
@XmlAttribute(name = "credentialType")
protected String credentialType;
@XmlAttribute(name = "checkAuthN")
protected Boolean checkAuthN;
@XmlAttribute(name = "checkAuthZ")
protected Boolean checkAuthZ;
/**
* Obtient la valeur de la propriété type.
* Obtient la valeur de la propriété credentialType.
*
* @return
* possible object is
* {@link String }
*
*/
public String getType() {
return type;
public String getCredentialType() {
return credentialType;
}
/**
* Définit la valeur de la propriété type.
* Définit la valeur de la propriété credentialType.
*
* @param value
* allowed object is
* {@link String }
*
*/
public void setType(String value) {
this.type = value;
public void setCredentialType(String value) {
this.credentialType = value;
}
/**
......@@ -277,15 +279,17 @@ public class SecurityPolicy {
* &lt;complexType>
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;attribute name="authNTypeForwarded" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="credentialType" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="genericAccount" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="genericCredential" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="authNElement" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* &lt;/element>
* &lt;/sequence>
* &lt;attribute name="type" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="SFtype" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="serviceName" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="ressourceURL" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;/restriction>
......@@ -303,8 +307,8 @@ public class SecurityPolicy {
@XmlElement(name = "Credential", required = true)
protected SecurityPolicy.Provider.Credential credential;
@XmlAttribute(name = "type")
protected String type;
@XmlAttribute(name = "SFtype")
protected String sFtype;
@XmlAttribute(name = "serviceName")
protected String serviceName;
@XmlAttribute(name = "ressourceURL")
......@@ -335,27 +339,27 @@ public class SecurityPolicy {
}
/**
* Obtient la valeur de la propriété type.
* Obtient la valeur de la propriété sFtype.
*
* @return
* possible object is
* {@link String }
*
*/
public String getType() {
return type;
public String getSFtype() {
return sFtype;
}
/**
* Définit la valeur de la propriété type.
* Définit la valeur de la propriété sFtype.
*
* @param value
* allowed object is
* {@link String }
*
*/
public void setType(String value) {
this.type = value;
public void setSFtype(String value) {
this.sFtype = value;
}
/**
......@@ -416,9 +420,11 @@ public class SecurityPolicy {
* &lt;complexType>
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;attribute name="authNTypeForwarded" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="credentialType" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="genericAccount" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="genericCredential" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="authNElement" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
......@@ -430,12 +436,40 @@ public class SecurityPolicy {
@XmlType(name = "")
public static class Credential {
@XmlAttribute(name = "authNTypeForwarded")
protected String authNTypeForwarded;
@XmlAttribute(name = "credentialType")
protected String credentialType;
@XmlAttribute(name = "genericAccount")
protected String genericAccount;
@XmlAttribute(name = "genericCredential")
protected String genericCredential;
@XmlAttribute(name = "authNElement")
protected String authNElement;
/**
* Obtient la valeur de la propriété authNTypeForwarded.
*
* @return
* possible object is
* {@link String }
*
*/
public String getAuthNTypeForwarded() {
return authNTypeForwarded;
}
/**
* Définit la valeur de la propriété authNTypeForwarded.
*
* @param value
* allowed object is
* {@link String }
*
*/
public void setAuthNTypeForwarded(String value) {
this.authNTypeForwarded = value;
}
/**
* Obtient la valeur de la propriété credentialType.
......@@ -509,6 +543,30 @@ public class SecurityPolicy {
this.genericCredential = value;
}
/**
* Obtient la valeur de la propriété authNElement.
*
* @return
* possible object is
* {@link String }
*
*/
public String getAuthNElement() {
return authNElement;
}
/**
* Définit la valeur de la propriété authNElement.
*
* @param value
* allowed object is
* {@link String }
*
*/
public void setAuthNElement(String value) {
this.authNElement = value;
}
}
}
......
package eu.chorevolution.transformations.sfgenerator;
public class ConnectionAccount {
public ConnectionAccountType type;
}
package eu.chorevolution.transformations.sfgenerator;
public enum ConnectionAccountType {
USERNAME_PASSWORD,
X509
}
package eu.chorevolution.transformations.sfgenerator;
public class LoginPasswordConnectionAccount extends ConnectionAccount {
private String login;
private String password;
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getLogin() {
return login;
}
public void setLogin(String login) {
this.login = login;
}
}
package eu.chorevolution.transformations.sfgenerator;
import java.util.List;
import eu.chorevolution.transformations.sfgenerator.model.SF;
public interface SFGenerator {
/**
* Generation of the security filter
* Generation of the security filter present in front of the legacy service
* @param sfName Name of the securityFilter
* @param role Role of the securityFilter
* @param STSUrl URL of the Federation Server
* @param securityModel The security model of the service
* @param groupsThe list of groups allow to access the service
* @param account The account provided by the choreography designer in case of the model required generic account (Null if the model required user account)
* @return A SF element which contains the WAR element
* @throws SFGeneratorException
*/
SF generateSecurityFilter(String sfName, String role, String STSUrl, byte[] securityModel, List<String> groups, ConnectionAccount account) throws SFGeneratorException;
/**
* Generation of the security filter present in front of the choreography
* @param sfName Name of the securityFilter
* @param role Role of the securityFilter
* @param STSUrl URL of the Federation Server
* @param domain
* @param securityModel The security model of the service
* @param serviceType The kind of the service (consumer, provider, prosumer)
* @return A SF element which contains the WAR element
* @throws SFGeneratorException
*/
SF generateSecurityFilter(String sfName, String role, String STSUrl, byte[] securityModel, ServiceType serviceType) throws SFGeneratorException;
SF generateSecurityFilter(String sfName, String role, String STSUrl, String domain, List<String> groups) throws SFGeneratorException;
}
package eu.chorevolution.transformations.sfgenerator;
public enum ServiceType {
CONSUMER,
PROSUMER,
PROVIDER
public enum SFType {
PROTECTION,
ADAPTATION
}
......@@ -5,6 +5,8 @@ import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.Provider.Service;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
......@@ -17,62 +19,106 @@ import org.eclipse.emf.common.util.EList;
import org.eclipse.emf.common.util.URI;
import eu.chorevolution.transformations.sfgenerator.SFGeneratorException;
import eu.chorevolution.transformations.sfgenerator.ServiceType;
import eu.chorevolution.transformations.sfgenerator.SFType;
import eu.chorevolution.transformations.sfgenerator.impl.utility.Utilities;
import eu.chorevolution.transformations.sfgenerator.model.SF;
import eu.chorevolution.transformations.sfgenerator.util.SecurityModelUtil;
import eu.chorevolution.modelingnotations.configuration.ObjectFactory;
import eu.chorevolution.modelingnotations.configuration.SecurityPolicy;
import eu.chorevolution.modelingnotations.security.Authentication;
import eu.chorevolution.modelingnotations.security.AuthenticationTypeForwarded;
import eu.chorevolution.modelingnotations.security.CredentialType;
import eu.chorevolution.modelingnotations.security.SecurityModel;
import eu.chorevolution.modelingnotations.security.SecurityPolicySet;
import eu.chorevolution.transformations.sfgenerator.ConnectionAccount;
import eu.chorevolution.transformations.sfgenerator.LoginPasswordConnectionAccount;
import eu.chorevolution.transformations.sfgenerator.SFGenerator;
public class SFGeneratorImpl implements SFGenerator {
private File generateConfigurationFile(String sfName, String destDir, byte[] securityModel, ServiceType serviceType) throws SFGeneratorException {
private File generateConfigurationFile(String sfName, String destDir, byte[] securityModel, List<String> groups, ConnectionAccount account, SFType securityFilterType, String domain) throws SFGeneratorException {
File securityFile = Utilities.createSecurityModel(destDir, sfName, securityModel);
URI securityURI = URI.createURI(securityFile.toURI().toString());
SecurityModel sModel = SecurityModelUtil.loadSecurityModel(securityURI);
if (sModel.getSecuritypolicyset()==null)
throw new SFGeneratorException("No security policyu set defined into the security model");
SecurityPolicySet policyset = sModel.getSecuritypolicyset();
ObjectFactory SecurityPolicyFactory = new ObjectFactory();
SecurityPolicy securityPolicy = SecurityPolicyFactory.createSecurityPolicy();
securityPolicy.setDomain(sModel.getSecuritypolicyset().getDomainName());
securityPolicy.setConsumer(SecurityPolicyFactory.createSecurityPolicyConsumer());
securityPolicy.getConsumer().setCheckAuthN(true);
securityPolicy.getConsumer().setCheckAuthZ(true);
securityPolicy.getConsumer().setType("User");
securityPolicy.getConsumer().setCredentialType("User");
securityPolicy.setProvider(SecurityPolicyFactory.createSecurityPolicyProvider());
securityPolicy.getProvider().setType(serviceType.name());
securityPolicy.getProvider().setServiceName(sModel.getSecuritypolicyset().getServiceName());
securityPolicy.getProvider().setRessourceURL(sModel.getSecuritypolicyset().getRessourceURL());
if (sModel.getSecuritypolicyset().getAuthentication()!=null){
EList<Authentication> AuthNList = sModel.getSecuritypolicyset().getAuthentication();
for (Iterator iterator = AuthNList.iterator(); iterator.hasNext();) {
Authentication authentication = (Authentication) iterator.next();
if (authentication.getCredentialType().equals(CredentialType.USERNAME_PASSWORD)){
eu.chorevolution.modelingnotations.configuration.SecurityPolicy.Provider.Credential e = SecurityPolicyFactory.createSecurityPolicyProviderCredential();
securityPolicy.getProvider().setCredential(e);
securityPolicy.getProvider().getCredential().setCredentialType(authentication.getCredentialType().getName());
securityPolicy.getProvider().getCredential().setGenericAccount(authentication.getGenericAccount());
securityPolicy.getProvider().getCredential().setGenericCredential(authentication.getGenericCredential());
// securityPolicy.getProvider().setServiceName(sModel.getSecuritypolicyset().getServiceName());
// securityPolicy.getProvider().setRessourceURL(sModel.getSecuritypolicyset().getRessourceURL());
securityPolicy.getProvider().setSFtype(securityFilterType.name());
if (securityFilterType.equals(securityFilterType.ADAPTATION))
{
File securityFile = Utilities.createSecurityModel(destDir, sfName, securityModel);
URI securityURI = URI.createURI(securityFile.toURI().toString());
SecurityModel sModel = SecurityModelUtil.loadSecurityModel(securityURI);
if (sModel.getSecuritypolicyset()==null)
throw new SFGeneratorException("No security policy set defined into the security model");
securityPolicy.setDomain(sModel.getSecuritypolicyset().getDomainName());
securityPolicy.getProvider().setServiceName(sModel.getSecuritypolicyset().getServiceName());
if (sModel.getSecuritypolicyset().getAuthentication()!=null){
EList<Authentication> AuthNList = sModel.getSecuritypolicyset().getAuthentication();
for (Iterator iterator = AuthNList.iterator(); iterator.hasNext();) {
Authentication authentication = (Authentication) iterator.next();
if (authentication.getCredentialType().equals(CredentialType.USERNAME_PASSWORD)){
// todo check if the credential is coming from the security model, or the designer or null
eu.chorevolution.modelingnotations.configuration.SecurityPolicy.Provider.Credential e = SecurityPolicyFactory.createSecurityPolicyProviderCredential();
e.setAuthNTypeForwarded(authentication.getAuthNTypeForwarded().getName());
if (authentication.getAuthNTypeForwarded().equals(AuthenticationTypeForwarded.GENERIC_ACCOUNT)){
if (account!=null)
{
if (account instanceof LoginPasswordConnectionAccount) {
LoginPasswordConnectionAccount lpAccount = (LoginPasswordConnectionAccount) account;
e.setCredentialType(authentication.getCredentialType().getName());
e.setGenericAccount(null);
e.setGenericCredential(null);
e.setAuthNElement(null);
}
else{
throw new SFGeneratorException("Authentication mechanism not supported");
}
} else if (authentication.getGenericAccount()!=null && authentication.getGenericCredential()!=null) {
e.setCredentialType(authentication.getCredentialType().getName());
e.setGenericAccount(authentication.getGenericAccount());
e.setGenericCredential(authentication.getGenericCredential());
e.setAuthNElement(null);
} else {
throw new SFGeneratorException("Generic account required bu not provided");
}
}
else{
e.setCredentialType(authentication.getCredentialType().getName());
e.setAuthNElement(authentication.getAuthNElement().getName());
}
securityPolicy.getProvider().setCredential(e);
}
}
}
}else
{
securityPolicy.setDomain(domain);
}
File configxml = new File(destDir+System.getProperty("file.separator")+"WEB-INF"+System.getProperty("file.separator")+"config.xml");
configxml.getParentFile().mkdirs();
JAXBContext jaxbContext;
try {
jaxbContext = JAXBContext.newInstance(SecurityPolicy.class);
......@@ -90,7 +136,7 @@ public class SFGeneratorImpl implements SFGenerator {
@Override
public SF generateSecurityFilter(String sfName, String role, String STSUrl, byte[] securityModel, ServiceType serviceType) throws SFGeneratorException {
public SF generateSecurityFilter(String sfName, String role, String STSUrl, byte[] securityModel, List<String> groups, ConnectionAccount account) throws SFGeneratorException {
SF sf = new SF(sfName,role);
try {
......@@ -99,7 +145,7 @@ public class SFGeneratorImpl implements SFGenerator {
destDir = Utilities.getDestinationFolderPath(destDir);
Utilities.deleteProjectFolder(destDir);
File warResultFile = Utilities.copyWarTemplate(destDir);
File configurationFile = generateConfigurationFile(sfName, destDir, securityModel, serviceType);
File configurationFile = generateConfigurationFile(sfName, destDir, securityModel, groups, account, SFType.ADAPTATION, null);
Utilities.addConfigFileintoWar(destDir, configurationFile);
File webXml = Utilities.createWebXml(destDir, sf.getName(), STSUrl);