This is an automated email from the ASF dual-hosted git repository. alexoree pushed a commit to branch feature/JUDDI-558 in repository https://gitbox.apache.org/repos/asf/juddi.git
commit d352ac0aa6118934bd5bab204ea14dec873651c6 Author: Alex O'Ree <[email protected]> AuthorDate: Sat Jul 27 18:32:06 2019 -0400 JUDDI-558 processing with enhanced security, still has lots of unit test failures, work in progress --- .../src/test/resources/META-INF/persistence.xml | 2 + .../src/test/resources/juddiv3rbac.xml | 215 +++++++++++++++++++++ juddi-core/pom.xml | 1 - .../src/main/java/org/apache/juddi/Registry.java | 2 +- .../org/apache/juddi/api/impl/UDDIInquiryImpl.java | 15 +- .../apache/juddi/api/impl/UDDIPublicationImpl.java | 34 ++-- .../apache/juddi/api/impl/UDDISecurityImpl.java | 4 +- .../java/org/apache/juddi/config/AppConfig.java | 2 +- .../apache/juddi/model/UddiEntityPublisher.java | 2 +- .../juddi/security/AccessControlFactory.java | 18 +- .../juddi/security/AllowAllAccessControlImpl.java | 19 +- .../org/apache/juddi/security/IAccessControl.java | 13 +- .../apache/juddi/security/rbac/RbacRulesModel.java | 2 + .../security/rbac/RoleBasedAccessControlImpl.java | 123 +++++++++--- .../apache/juddi/validation/ValidatePublish.java | 34 ++-- .../apache/juddi/validation/ValidateUDDIApi.java | 109 ++++++----- .../juddi/api/impl/API_180_RbacSecurityTest.java | 154 +++++++++++++-- .../juddi/api/impl/mock/WebServiceContextMock.java | 69 +++++++ .../src/test/resources/META-INF/persistence.xml | 2 + juddi-core/src/test/resources/juddiv3rbac.xml | 215 +++++++++++++++++++++ .../WEB-INF/classes/META-INF/persistence.xml | 1 + .../WEB-INF/classes/META-INF/persistence.xml | 3 +- .../WEB-INF/classes/META-INF/persistence.xml | 3 +- .../java/org/apache/juddi/v3/tck/TckBusiness.java | 1 + .../java/org/apache/juddi/v3/tck/TckTModel.java | 13 +- .../java/org/apache/juddi/api_v3/AccessLevel.java | 21 +- 26 files changed, 932 insertions(+), 145 deletions(-) diff --git a/juddi-core-openjpa/src/test/resources/META-INF/persistence.xml b/juddi-core-openjpa/src/test/resources/META-INF/persistence.xml index 1142ef5..fe10d56 100644 --- a/juddi-core-openjpa/src/test/resources/META-INF/persistence.xml +++ b/juddi-core-openjpa/src/test/resources/META-INF/persistence.xml @@ -90,6 +90,8 @@ <class>org.apache.juddi.model.ControlMessage</class> <class>org.apache.juddi.model.ReplicationConfigurationNode</class> <class>org.apache.juddi.model.EdgeReceiverAlternate</class> + <class>org.apache.juddi.security.rbac.RbacRulesModel</class> + <properties> <property name="openjpa.jdbc.SynchronizeMappings" value="buildSchema(SchemaAction='dropDB,add')"/> <property name="openjpa.Log" value="DefaultLevel=WARN, Tool=INFO"/> diff --git a/juddi-core-openjpa/src/test/resources/juddiv3rbac.xml b/juddi-core-openjpa/src/test/resources/juddiv3rbac.xml new file mode 100644 index 0000000..bac2aca --- /dev/null +++ b/juddi-core-openjpa/src/test/resources/juddiv3rbac.xml @@ -0,0 +1,215 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<!-- +* Copyright 2001-2009 The Apache Software Foundation. +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICenSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +* +*/ --> +<!-- +################################################################ +# jUDDI-v3.0 configuration. # +################################################################ +# Note that the property settings in this # +# file can be overriden by system parameters # +# # +################################################################ +--> +<config> + <juddi> + <!-- The ${juddi.server.baseurl} token can be referenced in accessPoints and will be resolved at runtime. --> + <server> + <baseurl>http://localhost:8080/juddiv3</baseurl> + <baseurlsecure>https://localhost:8443/juddiv3</baseurlsecure> + </server> + <!-- The node Id must be unique when setup in a cluster of UDDI servers implementing the replication API + don't worry, jUDDI doesn't implement it right now, but it may come in the future --> + <nodeId>uddi:juddi.apache.org:node1</nodeId> + <!-- The key of the root business that all of the UDDI services are registered in, as defined in the install_data --> + <root> + <!-- this is the 'root' username, or owner of the node --> + <publisher>root</publisher> + <!-- The key of the root business that all of the UDDI services are registered in, as defined in the install_data --> + <businessId>uddi:juddi.apache.org:businesses-asf</businessId> + <partition>uddi:juddi.apache.org</partition> + </root> + <seed> + <always>false</always> + </seed> + + <!-- Name of the persistence unit to use (the default, "juddiDatabase" refers to the unit compiled into the juddi library)--> + <persistenceunit> + <name>juddiDatabase</name> + </persistenceunit> + + <!-- Check-the-time-stamp-on-this-file Interval in milli seconds --> + <configuration> + <reload> + <delay>2000</delay> + </reload> + </configuration> + <!--Default locale--> + <locale>en_US</locale> + + <!--The UDDI Operator Contact Email Address--> + <operatorEmailAddress>[email protected]</operatorEmailAddress> + + <!-- The maximum name size and maximum number of name elements allows in several of the FindXxxx and SaveXxxx UDDI functions.--> + <maxNameLength>255</maxNameLength> + <maxNameElementsAllowed>5</maxNameElementsAllowed> + + + <!-- The maximum number of rows returned in a find_* operation. Each call can set this independently, but this property defines a global maximum.--> + <maxRows>1000</maxRows> + <!-- The maximum number of "IN" clause parameters. Some RDMBS limit the number of parameters allowed in a SQL "IN" clause.--> + <maxInClause>1000</maxInClause> + + <!-- The maximum number of UDDI artifacts allowed per publisher. A value of '-1' indicates any number of artifacts is valid (These values can be overridden at the individual publisher level).--> + <maxBusinessesPerPublisher>100</maxBusinessesPerPublisher> + <maxServicesPerBusiness>100</maxServicesPerBusiness> + <maxBindingsPerService>100</maxBindingsPerService> + <maxTModelsPerPublisher>100</maxTModelsPerPublisher> + + <!-- Days before a transfer request expires--> + <transfer> + <expiration> + <days>3</days> + </expiration> + </transfer> + + <!-- Days before a subscription expires--> + <subscription> + <expiration> + <days>30</days> + </expiration> + + <!-- Minutes before a "chunked" subscription call expires--> + <chunkexpiration> + <minutes>5</minutes> + </chunkexpiration> + + <!--Since 3.1.5 the maxium ammount of returned subscription entities allowed--> + <maxentities>1000</maxentities> + </subscription> + + <!-- jUDDI UUIDGen implementation to use--> + <uuidgen>org.apache.juddi.uuidgen.DefaultUUIDGen</uuidgen> + + <!-- jUDDI Cryptor implementation to use--> + <cryptor>org.apache.juddi.v3.client.cryptor.DefaultCryptor</cryptor> + + <!-- jUDDI Key Generator to use--> + <keygenerator>org.apache.juddi.keygen.DefaultKeyGenerator</keygenerator> + + <notification> + <!-- Specifies the interval at which the notification timer triggers--> + <interval>5000</interval> + <!-- Specifies the amount of time to wait before the notification timer initially fires--> + <start> + <buffer>0</buffer> + </start> + <acceptableLagtime>1000</acceptableLagtime> + <maxTries>3</maxTries> + <!-- 10 minutes --> + <maxTriesResetInterval>600000</maxTriesResetInterval> + <sendAuthTokenWithResultList>false</sendAuthTokenWithResultList> + </notification> + <!-- All Authentication related settings --> + <auth> + <!-- Specifies whether the inquiry API requires authentication, all other APIs require authN--> + <Inquiry>false</Inquiry> + + <!-- When using file based authentication, this is the filename to use + <usersfile>juddi-users.xml</usersfile>--> + <!-- jUDDI Authentication module to use--> + <authenticator> + <!-- build in Authenticators: + org.apache.juddi.v3.auth.JUDDIAuthenticator - no authentication + LDAP Based + org.apache.juddi.v3.auth.LdapSimpleAuthenticator - use LDAP + org.apache.juddi.v3.auth.LdapExpandedAuthenticator - use LDAP + + File based, see usersfile + org.apache.juddi.v3.auth.XMLDocAuthenticator - XML doc, clear text + org.apache.juddi.v3.auth.CryptedXMLDocAuthenticator - XML doc, encrypted + org.apache.juddi.v3.auth.MD5XMLDocAuthenticator - XML doc, Hashed + --> + <class>org.apache.juddi.v3.auth.JUDDIAuthenticator</class> + <!-- other settings + url + initialcontext + style + ldapexp + --> + </authenticator> + + <token> + <!-- Time in minutes to expire tokes after inactivity--> + <Timeout>15</Timeout> + <!-- As of 3.1.5 Duration of time for tokens to expire, regardless of inactivity --> + <Expiration>15</Expiration> + </token> + </auth> + + + + + <validation> + <!-- As of 3.1.5 This setting will force referential integrity for all tModels (except keyGenerators), category bags, bindingTemplate/AccessPoint/hostingRedirector (referencing another host), tModelinstanceparms and anything else that references a KeyName default value is true. set to false for backwards compatibility or for a more lax registry--> + <enforceReferentialIntegrity>true</enforceReferentialIntegrity> + </validation> + + <!--As of 3.1.5 Email delivery options for subscription API functions--> + <mail> + <smtp> + <!--The Operator’s Email address + <from>[email protected]</from>--> + + <!--the hostname of the SMTP server + <host>localhost</host>--> + + <!--The portname of the SMTP server + <port>25</port>--> + + <!--If set, specifies the name of a class that implements the javax.net.SocketFactory interface. This class will be used to create SMTP sockets.--> + <socketFactory> + <!--<class></class>--> + + <!--If set to true, failure to create a socket using the specified socket factory class will cause the socket to be created using the java.net.Socket class. Defaults to true. + <fallback>true</fallback>--> + <!--Specifies the port to connect to when using the specified socket factory. If not set, the default port will be used. + <port>25</port>--> + </socketFactory> + <!--if true, enables the use of the STARTTLS command (if supported by the server) to switch the connection to a TLS-protected connection before issuing any login commands. Note that an appropriate trust store must configured so that the client will trust the server’s certificate. Defaults to false. + <starttls> + <enabled>false</enabled> + </starttls>--> + + <!--If true, attempt to authenticate the user using the AUTH command. Defaults to false. + <auth>false</auth>--> + + <!--Username used to authenticate to the SMTP server used only if mail.smtp.auth is true + <user>user</user>--> + + <!--Password used to authenticate to the SMTP server, used only if mail.smtp.auth is true + <password encrypted="false">pass</password>--> + </smtp> + </mail> + + + <!-- additional access control module + provides item level access permissions. + default is everyone can read everything, only owners can change stuff + --> + <accessControlProvider>org.apache.juddi.security.rbac.RoleBasedAccessControlImpl</accessControlProvider> + </juddi> +</config> \ No newline at end of file diff --git a/juddi-core/pom.xml b/juddi-core/pom.xml index 46b026d..3a1049e 100644 --- a/juddi-core/pom.xml +++ b/juddi-core/pom.xml @@ -195,5 +195,4 @@ language governing permissions and * limitations under the License. * */ --> <version>2.2.0</version> </dependency> </dependencies> - </project> diff --git a/juddi-core/src/main/java/org/apache/juddi/Registry.java b/juddi-core/src/main/java/org/apache/juddi/Registry.java index 4a1fff0..bd2fc89 100644 --- a/juddi-core/src/main/java/org/apache/juddi/Registry.java +++ b/juddi-core/src/main/java/org/apache/juddi/Registry.java @@ -31,7 +31,7 @@ import org.apache.juddi.subscription.SubscriptionNotifier; public class Registry { private static Registry registry = null; - private static Log log = LogFactory.getLog(Registry.class); + private static final Log log = LogFactory.getLog(Registry.class); private static SubscriptionNotifier subscriptionNotifier = null; private static ReplicationNotifier replicationNotifier = null; diff --git a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java index d2dbfa1..ea1d530 100644 --- a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java +++ b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java @@ -342,13 +342,11 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry long procTime = System.currentTimeMillis() - startTime; serviceCounter.update(InquiryQuery.FIND_SERVICE, QueryStatus.SUCCESS, procTime); - List<org.uddi.api_v3.ServiceInfo> FilterBindingTemplates = + result.setServiceInfos( AccessControlFactory.getAccessControlInstance().filterServiceInfo( this.ctx, - entityPublisher, result.getServiceInfos().getServiceInfo()); - result.getServiceInfos().getServiceInfo().clear(); - result.getServiceInfos().getServiceInfo().addAll(FilterBindingTemplates); - + entityPublisher, result.getServiceInfos())); + return result; } finally { if (tx.isActive()) { @@ -391,12 +389,11 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry long procTime = System.currentTimeMillis() - startTime; serviceCounter.update(InquiryQuery.FIND_TMODEL, QueryStatus.SUCCESS, procTime); - List<org.uddi.api_v3.TModelInfo> FilterBindingTemplates = + result.setTModelInfos( AccessControlFactory.getAccessControlInstance().filterTModelInfo( this.ctx,entityPublisher, - result.getTModelInfos().getTModelInfo()); - result.getTModelInfos().getTModelInfo().clear(); - result.getTModelInfos().getTModelInfo().addAll(FilterBindingTemplates); + result.getTModelInfos())); + return result; } finally { diff --git a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIPublicationImpl.java b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIPublicationImpl.java index b6ace81..5583bd2 100644 --- a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIPublicationImpl.java +++ b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIPublicationImpl.java @@ -127,7 +127,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo()); - new ValidatePublish(publisher).validateAddPublisherAssertions(em, body); + new ValidatePublish(publisher,ctx).validateAddPublisherAssertions(em, body); List<org.uddi.api_v3.PublisherAssertion> apiPubAssertionList = body.getPublisherAssertion(); List<ChangeRecord> changes = new ArrayList<ChangeRecord>(); @@ -213,6 +213,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub } } + @Override public void deleteBinding(DeleteBinding body) throws DispositionReportFaultMessage { long startTime = System.currentTimeMillis(); @@ -224,7 +225,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo()); - new ValidatePublish(publisher).validateDeleteBinding(em, body); + new ValidatePublish(publisher,ctx).validateDeleteBinding(em, body); List<String> entityKeyList = body.getBindingKey(); List<ChangeRecord> changes = new ArrayList<ChangeRecord>(); @@ -272,6 +273,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub } + @Override public void deleteBusiness(DeleteBusiness body) throws DispositionReportFaultMessage { long startTime = System.currentTimeMillis(); @@ -283,7 +285,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo()); - new ValidatePublish(publisher).validateDeleteBusiness(em, body); + new ValidatePublish(publisher,ctx).validateDeleteBusiness(em, body); List<String> entityKeyList = body.getBusinessKey(); List<ChangeRecord> changes = new ArrayList<ChangeRecord>(); @@ -323,6 +325,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub em.remove(obj); } + @Override public void deletePublisherAssertions(DeletePublisherAssertions body) throws DispositionReportFaultMessage { long startTime = System.currentTimeMillis(); @@ -334,7 +337,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo()); - new ValidatePublish(publisher).validateDeletePublisherAssertions(em, body); + new ValidatePublish(publisher,ctx).validateDeletePublisherAssertions(em, body); List<org.uddi.api_v3.PublisherAssertion> entityList = body.getPublisherAssertion(); List<ChangeRecord> changes = new ArrayList<ChangeRecord>(); @@ -439,6 +442,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub } + @Override public void deleteService(DeleteService body) throws DispositionReportFaultMessage { long startTime = System.currentTimeMillis(); @@ -450,7 +454,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo()); - new ValidatePublish(publisher).validateDeleteService(em, body); + new ValidatePublish(publisher,ctx).validateDeleteService(em, body); List<String> entityKeyList = body.getServiceKey(); List<ChangeRecord> changes = new ArrayList<ChangeRecord>(); @@ -511,7 +515,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo()); - new ValidatePublish(publisher).validateDeleteTModel(em, body); + new ValidatePublish(publisher,ctx).validateDeleteTModel(em, body); // tModels are only lazily deleted! List<String> entityKeyList = body.getTModelKey(); @@ -637,7 +641,9 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub /** * {@inheritdoc} * + * @throws org.uddi.v3_service.DispositionReportFaultMessage */ + @Override public RegisteredInfo getRegisteredInfo(GetRegisteredInfo body) throws DispositionReportFaultMessage { long startTime = System.currentTimeMillis(); @@ -649,7 +655,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo()); - new ValidatePublish(publisher).validateRegisteredInfo(body); + new ValidatePublish(publisher,ctx).validateRegisteredInfo(body); List<?> businessKeysFound = null; businessKeysFound = FindBusinessByPublisherQuery.select(em, null, publisher, businessKeysFound); @@ -718,7 +724,9 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub /** * {@inheritdoc} * + * @throws org.uddi.v3_service.DispositionReportFaultMessage */ + @Override public BindingDetail saveBinding(SaveBinding body) throws DispositionReportFaultMessage { long startTime = System.currentTimeMillis(); @@ -730,7 +738,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo()); publisher.populateKeyGeneratorKeys(em); - ValidatePublish validator = new ValidatePublish(publisher); + ValidatePublish validator = new ValidatePublish(publisher,ctx); validator.validateSaveBinding(em, body, null, publisher); BindingDetail result = new BindingDetail(); @@ -783,7 +791,9 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub /** * {@inheritdoc} * + * @throws org.uddi.v3_service.DispositionReportFaultMessage */ + @Override public BusinessDetail saveBusiness(SaveBusiness body) throws DispositionReportFaultMessage { long startTime = System.currentTimeMillis(); @@ -795,7 +805,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo()); publisher.populateKeyGeneratorKeys(em); - ValidatePublish validator = new ValidatePublish(publisher); + ValidatePublish validator = new ValidatePublish(publisher,ctx); validator.validateSaveBusiness(em, body, null, publisher); BusinessDetail result = new BusinessDetail(); @@ -864,7 +874,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo()); publisher.populateKeyGeneratorKeys(em); - ValidatePublish validator = new ValidatePublish(publisher); + ValidatePublish validator = new ValidatePublish(publisher,ctx); validator.validateSaveService(em, body, null, publisher); ServiceDetail result = new ServiceDetail(); @@ -927,7 +937,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub UddiEntityPublisher publisher = this.getEntityPublisher(em, body.getAuthInfo()); publisher.populateKeyGeneratorKeys(em); - new ValidatePublish(publisher).validateSaveTModel(em, body, null, publisher); + new ValidatePublish(publisher,ctx).validateSaveTModel(em, body, null, publisher); TModelDetail result = new TModelDetail(); @@ -999,7 +1009,7 @@ public class UDDIPublicationImpl extends AuthenticatedService implements UDDIPub UddiEntityPublisher publisher = this.getEntityPublisher(em, authInfo); - new ValidatePublish(publisher).validateSetPublisherAssertions(em, publisherAssertion); + new ValidatePublish(publisher,ctx).validateSetPublisherAssertions(em, publisherAssertion); List<?> businessKeysFound = null; businessKeysFound = FindBusinessByPublisherQuery.select(em, null, publisher, businessKeysFound); diff --git a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDISecurityImpl.java b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDISecurityImpl.java index 24077c5..5d7eb56 100644 --- a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDISecurityImpl.java +++ b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDISecurityImpl.java @@ -71,6 +71,7 @@ public class UDDISecurityImpl extends AuthenticatedService implements UDDISecuri serviceCounter = ServiceCounterLifecycleResource.getServiceCounter(UDDISecurityImpl.class); } + @Override public void discardAuthToken(DiscardAuthToken body) throws DispositionReportFaultMessage { long startTime = System.currentTimeMillis(); @@ -110,6 +111,7 @@ public class UDDISecurityImpl extends AuthenticatedService implements UDDISecuri } + @Override public AuthToken getAuthToken(GetAuthToken body) throws DispositionReportFaultMessage { @@ -122,7 +124,7 @@ public class UDDISecurityImpl extends AuthenticatedService implements UDDISecuri } public AuthToken getAuthToken(String publisherId) - throws DispositionReportFaultMessage { + throws DispositionReportFaultMessage { long startTime = System.currentTimeMillis(); if (publisherId == null || publisherId.length() == 0) diff --git a/juddi-core/src/main/java/org/apache/juddi/config/AppConfig.java b/juddi-core/src/main/java/org/apache/juddi/config/AppConfig.java index d67f940..6779cf3 100644 --- a/juddi-core/src/main/java/org/apache/juddi/config/AppConfig.java +++ b/juddi-core/src/main/java/org/apache/juddi/config/AppConfig.java @@ -257,7 +257,7 @@ public class AppConfig * @return the APplicationConfuration Singleton Instance. * @throws ConfigurationException */ - public static AppConfig getInstance() throws ConfigurationException + public static synchronized AppConfig getInstance() throws ConfigurationException { if (instance==null) { instance = new AppConfig(); diff --git a/juddi-core/src/main/java/org/apache/juddi/model/UddiEntityPublisher.java b/juddi-core/src/main/java/org/apache/juddi/model/UddiEntityPublisher.java index 1aaa2f7..bcbcdb4 100644 --- a/juddi-core/src/main/java/org/apache/juddi/model/UddiEntityPublisher.java +++ b/juddi-core/src/main/java/org/apache/juddi/model/UddiEntityPublisher.java @@ -117,7 +117,7 @@ public class UddiEntityPublisher { if (key == null) return false; - if (keyGeneratorKeys == null) + if (keyGeneratorKeys == null)//||keyGeneratorKeys.isEmpty() populateKeyGeneratorKeys(em); if (! key.contains(KeyGenerator.PARTITION_SEPARATOR)) return true; //v2 style key diff --git a/juddi-core/src/main/java/org/apache/juddi/security/AccessControlFactory.java b/juddi-core/src/main/java/org/apache/juddi/security/AccessControlFactory.java index 8493d7f..a2d6d24 100644 --- a/juddi-core/src/main/java/org/apache/juddi/security/AccessControlFactory.java +++ b/juddi-core/src/main/java/org/apache/juddi/security/AccessControlFactory.java @@ -15,7 +15,6 @@ */ package org.apache.juddi.security; - import java.util.logging.Level; import java.util.logging.Logger; import org.apache.commons.configuration.ConfigurationException; @@ -24,6 +23,7 @@ import org.apache.juddi.config.Property; /** * Provides an accessor to the access control mechanism + * * @since 3.4 * @author Alex O'Ree */ @@ -33,11 +33,15 @@ public class AccessControlFactory { private static IAccessControl instance = null; /** - * Gets an instance of IAccessControl using the following procedure, in order<br> + * Gets an instance of IAccessControl using the following procedure, in + * order<br> * <ol> - * <li>Using the judiv3.properties configuration file setting Property.JUDDI_FINE_GRAIN_ACCESS_CONTROL_PROVIDER</li> - * <li>If the previous fails to load or is not defined, DefaultCorseAccessControlImpl</li> + * <li>Using the judiv3.properties configuration file setting + * Property.JUDDI_FINE_GRAIN_ACCESS_CONTROL_PROVIDER</li> + * <li>If the previous fails to load or is not defined, + * DefaultCorseAccessControlImpl</li> * </ol> + * * @return should never return null or throw exceptions * @see DefaultCorseAccessControlImpl * @see Property @@ -71,4 +75,8 @@ public class AccessControlFactory { } return new AllowAllAccessControlImpl(); } -} \ No newline at end of file + + public static synchronized void reset() { + instance = null; + } +} diff --git a/juddi-core/src/main/java/org/apache/juddi/security/AllowAllAccessControlImpl.java b/juddi-core/src/main/java/org/apache/juddi/security/AllowAllAccessControlImpl.java index 3363e8a..23bd2aa 100644 --- a/juddi-core/src/main/java/org/apache/juddi/security/AllowAllAccessControlImpl.java +++ b/juddi-core/src/main/java/org/apache/juddi/security/AllowAllAccessControlImpl.java @@ -19,6 +19,8 @@ import java.rmi.RemoteException; import java.util.ArrayList; import java.util.List; import javax.xml.ws.WebServiceContext; +import org.apache.juddi.api_v3.AccessLevel; +import org.apache.juddi.api_v3.EntityType; import org.apache.juddi.api_v3.GetPermissionsMessageRequest; import org.apache.juddi.api_v3.GetPermissionsMessageResponse; import org.apache.juddi.api_v3.SetPermissionsMessageRequest; @@ -34,8 +36,10 @@ import org.uddi.api_v3.OperationalInfo; import org.uddi.api_v3.RelatedBusinessInfo; import org.uddi.api_v3.RelatedBusinessInfos; import org.uddi.api_v3.ServiceInfo; +import org.uddi.api_v3.ServiceInfos; import org.uddi.api_v3.TModel; import org.uddi.api_v3.TModelInfo; +import org.uddi.api_v3.TModelInfos; import org.uddi.v3_service.DispositionReportFaultMessage; /** @@ -77,13 +81,13 @@ public class AllowAllAccessControlImpl implements IAccessControl { } @Override - public List<ServiceInfo> filterServiceInfo(WebServiceContext arg0, UddiEntityPublisher user, List<ServiceInfo> arg2) { - return new ArrayList<>(arg2); + public ServiceInfos filterServiceInfo(WebServiceContext arg0, UddiEntityPublisher user, ServiceInfos arg2) { + return (arg2); } @Override - public List<TModelInfo> filterTModelInfo(WebServiceContext arg0, UddiEntityPublisher user, List<TModelInfo> arg2) { - return new ArrayList<>(arg2); + public TModelInfos filterTModelInfo(WebServiceContext arg0, UddiEntityPublisher user, TModelInfos arg2) { + return (arg2); } @Override @@ -103,4 +107,11 @@ public class AllowAllAccessControlImpl implements IAccessControl { throw new FatalErrorException(new ErrorMessage("errors.Unsupported")); } + @Override + public boolean hasPermission(AccessLevel arg0, WebServiceContext arg1, UddiEntityPublisher arg2, String arg3, EntityType arg4) { + return false; + } + + + } diff --git a/juddi-core/src/main/java/org/apache/juddi/security/IAccessControl.java b/juddi-core/src/main/java/org/apache/juddi/security/IAccessControl.java index 588c67c..6f294e2 100644 --- a/juddi-core/src/main/java/org/apache/juddi/security/IAccessControl.java +++ b/juddi-core/src/main/java/org/apache/juddi/security/IAccessControl.java @@ -19,6 +19,7 @@ import java.rmi.RemoteException; import java.util.List; import javax.xml.ws.WebServiceContext; import org.apache.juddi.api_v3.AccessLevel; +import org.apache.juddi.api_v3.EntityType; import org.apache.juddi.api_v3.GetPermissionsMessageRequest; import org.apache.juddi.api_v3.GetPermissionsMessageResponse; import org.apache.juddi.api_v3.SetPermissionsMessageRequest; @@ -29,11 +30,10 @@ import org.uddi.api_v3.BusinessEntity; import org.uddi.api_v3.BusinessInfo; import org.uddi.api_v3.BusinessService; import org.uddi.api_v3.OperationalInfo; -import org.uddi.api_v3.RelatedBusinessInfo; import org.uddi.api_v3.RelatedBusinessInfos; -import org.uddi.api_v3.ServiceInfo; +import org.uddi.api_v3.ServiceInfos; import org.uddi.api_v3.TModel; -import org.uddi.api_v3.TModelInfo; +import org.uddi.api_v3.TModelInfos; import org.uddi.v3_service.DispositionReportFaultMessage; /** @@ -58,9 +58,9 @@ public interface IAccessControl { public RelatedBusinessInfos filtedRelatedBusinessInfos(WebServiceContext ctx, UddiEntityPublisher username, RelatedBusinessInfos bindings); - public List<ServiceInfo> filterServiceInfo(WebServiceContext ctx, UddiEntityPublisher authorizedName, List<ServiceInfo> serviceInfo); + public ServiceInfos filterServiceInfo(WebServiceContext ctx, UddiEntityPublisher authorizedName, ServiceInfos serviceInfo); - public List<TModelInfo> filterTModelInfo(WebServiceContext ctx, UddiEntityPublisher authorizedName, List<TModelInfo> tModelInfo); + public TModelInfos filterTModelInfo(WebServiceContext ctx, UddiEntityPublisher authorizedName, TModelInfos tModelInfo); public List<OperationalInfo> filterOperationalInfo(WebServiceContext ctx, UddiEntityPublisher authorizedName, List<OperationalInfo> operationalInfo); @@ -68,4 +68,5 @@ public interface IAccessControl { public SetPermissionsMessageResponse setPermissions(SetPermissionsMessageRequest arg0) throws DispositionReportFaultMessage, RemoteException; -} + public boolean hasPermission(AccessLevel level, WebServiceContext ctx, UddiEntityPublisher username, String entityId, EntityType type); +} \ No newline at end of file diff --git a/juddi-core/src/main/java/org/apache/juddi/security/rbac/RbacRulesModel.java b/juddi-core/src/main/java/org/apache/juddi/security/rbac/RbacRulesModel.java index a502846..fac093f 100644 --- a/juddi-core/src/main/java/org/apache/juddi/security/rbac/RbacRulesModel.java +++ b/juddi-core/src/main/java/org/apache/juddi/security/rbac/RbacRulesModel.java @@ -20,6 +20,7 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Id; import javax.persistence.Table; +import javax.persistence.Transient; import org.apache.juddi.api_v3.AccessLevel; /** @@ -62,6 +63,7 @@ public class RbacRulesModel implements Serializable { return (level); } + @Transient public AccessLevel getAccessLevelAsEnum() { return AccessLevel.valueOf(getAccessLevel()); } diff --git a/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java b/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java index d813834..7888378 100644 --- a/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java +++ b/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java @@ -27,6 +27,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.juddi.api_v3.AccessLevel; import org.apache.juddi.api_v3.Action; +import org.apache.juddi.api_v3.EntityType; import org.apache.juddi.api_v3.GetPermissionsMessageRequest; import org.apache.juddi.api_v3.GetPermissionsMessageResponse; import org.apache.juddi.api_v3.Permission; @@ -47,9 +48,11 @@ import org.uddi.api_v3.PublisherAssertion; import org.uddi.api_v3.RelatedBusinessInfo; import org.uddi.api_v3.RelatedBusinessInfos; import org.uddi.api_v3.ServiceInfo; +import org.uddi.api_v3.ServiceInfos; import org.uddi.api_v3.SharedRelationships; import org.uddi.api_v3.TModel; import org.uddi.api_v3.TModelInfo; +import org.uddi.api_v3.TModelInfos; import org.uddi.v3_service.DispositionReportFaultMessage; /** @@ -72,6 +75,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl { private static final Log log = LogFactory.getLog(RoleBasedAccessControlImpl.class); private static final String REDACTED = ResourceConfig.getGlobalMessage("rbac.redacted"); + public static final String EVERYONE = "everyone"; private void redact(BusinessService bs) { bs.setBusinessKey(REDACTED); @@ -85,8 +89,14 @@ public class RoleBasedAccessControlImpl implements IAccessControl { } - private boolean hasReadAccess(WebServiceContext ctx, List<RbacRulesModel> rules) { + private boolean hasReadAccess(WebServiceContext ctx, List<RbacRulesModel> rules, String username) { for (RbacRulesModel r : rules) { + if (r.getContainerRole().equalsIgnoreCase(EVERYONE)) { + if (r.getAccessLevelAsEnum() == AccessLevel.NONE) //explicit deny + { + return false; + } + } if (ctx.isUserInRole(r.getContainerRole())) { if (r.getAccessLevelAsEnum() == AccessLevel.NONE) //explicit deny { @@ -94,6 +104,29 @@ public class RoleBasedAccessControlImpl implements IAccessControl { } return true; } + if (ctx.getUserPrincipal() != null && ctx.getUserPrincipal().getName().equals(username)) { + if (r.getAccessLevelAsEnum() == AccessLevel.NONE) //explicit deny + { + return false; + } + return true; + } + } + return false; + } + + private boolean has(WebServiceContext ctx, List<RbacRulesModel> rules, AccessLevel requiredLevel) { + for (RbacRulesModel r : rules) { + if (r.getContainerRole().equalsIgnoreCase(EVERYONE)) { + if (r.getAccessLevelAsEnum().getLevel() >= requiredLevel.getLevel()) { + return true; + } + } + if (ctx.isUserInRole(r.getContainerRole())) { + if (r.getAccessLevelAsEnum().getLevel() >= requiredLevel.getLevel()) { + return true; + } + } } return false; } @@ -181,7 +214,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl { redact(bs); continue; //access denied } - if (!hasReadAccess(ctx, rules)) { + if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) { redact(bs); //also access denied, either no matching role or an explicit deny continue; } @@ -217,7 +250,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl { redact(bs); continue; //access denied } - if (!hasReadAccess(ctx, rules)) { + if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) { redact(bs); //also access denied, either no matching role or an explicit deny continue; } @@ -253,12 +286,12 @@ public class RoleBasedAccessControlImpl implements IAccessControl { redact(bs); continue; //access denied } - if (!hasReadAccess(ctx, rules)) { + if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) { redact(bs); //also access denied, either no matching role or an explicit deny continue; } if (bs.getServiceInfos() != null) { - filterServiceInfo(ctx, username, bs.getServiceInfos().getServiceInfo()); + filterServiceInfo(ctx, username, bs.getServiceInfos()); } } @@ -291,7 +324,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl { redact(bs); continue; //access denied } - if (!hasReadAccess(ctx, rules)) { + if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) { redact(bs); //also access denied, either no matching role or an explicit deny continue; } @@ -331,7 +364,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl { redact(bs); continue; //access denied } - if (!hasReadAccess(ctx, rules)) { + if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) { redact(bs); //also access denied, either no matching role or an explicit deny } @@ -367,7 +400,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl { redact(bs); continue; //access denied } - if (!hasReadAccess(ctx, rules)) { + if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) { redact(bs); //also access denied, either no matching role or an explicit deny continue; } @@ -397,7 +430,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl { redact = true; break; //access denied } - if (!hasReadAccess(ctx, rules)) { + if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) { redact = true; //also access denied, either no matching role or an explicit deny break; } @@ -407,7 +440,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl { redact = true; break; } - + if (username.isOwner(ue2)) { //keep it continue; @@ -419,18 +452,18 @@ public class RoleBasedAccessControlImpl implements IAccessControl { redact = true; break; //access denied } - if (!hasReadAccess(ctx, rules)) { + if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) { redact = true; //also access denied, either no matching role or an explicit deny break; } } - if (redact){ - + if (redact) { + } } - + } } @@ -438,9 +471,12 @@ public class RoleBasedAccessControlImpl implements IAccessControl { } @Override - public List<ServiceInfo> filterServiceInfo(WebServiceContext ctx, UddiEntityPublisher username, List<ServiceInfo> items) { + public ServiceInfos filterServiceInfo(WebServiceContext ctx, UddiEntityPublisher username, ServiceInfos items) { - for (ServiceInfo si : items) { + if (items == null) { + return null; + } + for (ServiceInfo si : items.getServiceInfo()) { UddiEntity ue = loadEntity(si.getServiceKey(), org.apache.juddi.model.BusinessService.class); if (ue == null) { si.setServiceKey(REDACTED); @@ -458,7 +494,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl { List<RbacRulesModel> rules = getPermissionSet(si.getServiceKey()); - if (!rules.isEmpty() && !hasReadAccess(ctx, rules)) { + if (!rules.isEmpty() && !hasReadAccess(ctx, rules, username.getAuthorizedName())) { si.setServiceKey(REDACTED); } if (rules.isEmpty()) { @@ -466,20 +502,20 @@ public class RoleBasedAccessControlImpl implements IAccessControl { if (rules.isEmpty()) { si.setBusinessKey(REDACTED); } else { - if (!hasReadAccess(ctx, rules)) { + if (!hasReadAccess(ctx, rules, username.getAuthorizedName())) { si.setBusinessKey(REDACTED); } } } } - return new ArrayList<>(items); + return items; } @Override - public List<TModelInfo> filterTModelInfo(WebServiceContext ctx, UddiEntityPublisher username, List<TModelInfo> items) { + public TModelInfos filterTModelInfo(WebServiceContext ctx, UddiEntityPublisher username, TModelInfos items) { //TODO - return new ArrayList(items); + return (items); } @Override @@ -549,8 +585,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl { for (Permission perm : arg0.getLevel()) { if (perm.getAction() != Action.NOOP) { Query createQuery = null; - - createQuery = em.createQuery("delete from RbacRulesModel c where c.uddiEntityId=:id and c.containerRole=:user"); + createQuery = em.createQuery("delete from RbacRulesModel e where e.uddiEntityId=:id and e.containerRole=:user"); createQuery.setParameter("id", perm.getEntityId()); createQuery.setParameter("user", perm.getTarget()); createQuery.executeUpdate(); @@ -608,4 +643,46 @@ public class RoleBasedAccessControlImpl implements IAccessControl { bs.getSharedRelationships().clear(); } + @Override + public boolean hasPermission(AccessLevel level, WebServiceContext ctx, UddiEntityPublisher actor, String entityid, EntityType type) { + + UddiEntity ue = null; + + switch (type) { + case BINDING: + ue = loadEntity(entityid, org.apache.juddi.model.BindingTemplate.class); + break; + case BUSINESS: + ue = loadEntity(entityid, org.apache.juddi.model.BusinessEntity.class); + break; + case SERVICE: + ue = loadEntity(entityid, org.apache.juddi.model.BusinessService.class); + break; + case TMODEL: + ue = loadEntity(entityid, org.apache.juddi.model.Tmodel.class); + break; + default: + log.warn("umhandled case for " + type); + } + + if (ue == null) { + return false; + } + if (actor == null) { + return false; + + } + if (actor.isOwner(ue)) { + return true; + } + + List<RbacRulesModel> rules = getPermissionSet(entityid); + + if (rules.isEmpty()) { + return false; + } + + return has(ctx, rules, level); + } + } diff --git a/juddi-core/src/main/java/org/apache/juddi/validation/ValidatePublish.java b/juddi-core/src/main/java/org/apache/juddi/validation/ValidatePublish.java index 4294c41..20a55cc 100644 --- a/juddi-core/src/main/java/org/apache/juddi/validation/ValidatePublish.java +++ b/juddi-core/src/main/java/org/apache/juddi/validation/ValidatePublish.java @@ -30,15 +30,18 @@ import java.util.concurrent.atomic.AtomicReference; import javax.persistence.EntityManager; import javax.persistence.EntityTransaction; import javax.xml.ws.Holder; +import javax.xml.ws.WebServiceContext; import org.apache.commons.configuration.Configuration; import org.apache.commons.configuration.ConfigurationException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.apache.juddi.api_v3.AccessLevel; import org.apache.juddi.api_v3.AccessPointType; import org.apache.juddi.api_v3.DeleteClerk; import org.apache.juddi.api_v3.DeleteNode; import org.apache.juddi.api_v3.DeletePublisher; +import org.apache.juddi.api_v3.EntityType; import org.apache.juddi.api_v3.SavePublisher; import org.apache.juddi.config.AppConfig; import org.apache.juddi.config.Constants; @@ -54,6 +57,7 @@ import org.apache.juddi.model.UddiEntity; import org.apache.juddi.model.UddiEntityPublisher; import org.apache.juddi.query.FindBusinessByPublisherQuery; import org.apache.juddi.query.FindTModelByPublisherQuery; +import org.apache.juddi.security.AccessControlFactory; import org.apache.juddi.v3.client.UDDIConstants; import org.apache.juddi.v3.client.UDDIConstantsV2; import org.apache.juddi.v3.client.config.TokenResolver; @@ -117,7 +121,7 @@ public class ValidatePublish extends ValidateUDDIApi { * This flag will add additional output to stdout for debugging * purposes, set this to true if */ - private Log log = LogFactory.getLog(this.getClass()); + private static final Log log = LogFactory.getLog(ValidatePublish.class); /** * used from Install class @@ -133,6 +137,10 @@ public class ValidatePublish extends ValidateUDDIApi { public ValidatePublish(UddiEntityPublisher publisher) { super(publisher); } + + public ValidatePublish(UddiEntityPublisher publisher, WebServiceContext ctx) { + super(publisher,ctx); + } public void validateDeleteBusiness(EntityManager em, DeleteBusiness body) throws DispositionReportFaultMessage { @@ -207,7 +215,7 @@ public class ValidatePublish extends ValidateUDDIApi { //if you're are the owner, access granted //if you are an admin && this item belongs to this node, access granted //else denied - accessCheck(obj, entityKey); + accessCheck(obj, entityKey,EntityType.SERVICE); i++; } } @@ -244,7 +252,7 @@ public class ValidatePublish extends ValidateUDDIApi { throw new InvalidKeyPassedException(new ErrorMessage("errors.invalidkey.BindingTemplateNotFound", entityKey)); } - accessCheck(obj, entityKey); + accessCheck(obj, entityKey,EntityType.BINDING); i++; } @@ -281,13 +289,13 @@ public class ValidatePublish extends ValidateUDDIApi { throw new InvalidKeyPassedException(new ErrorMessage("errors.invalidkey.TModelNotFound", entityKey)); } - accessCheck(obj, entityKey); + accessCheck(obj, entityKey,EntityType.TMODEL); i++; } } - private void accessCheck(Object obj, String entityKey) throws UserMismatchException { + private void accessCheck(Object obj, String entityKey, EntityType type) throws UserMismatchException { boolean accessCheck = false; //assume access denied if (!((UddiEntity) obj).getNodeId().equals(nodeID)) { //prevent changes to data owned by another node in a replicated environment @@ -305,6 +313,10 @@ public class ValidatePublish extends ValidateUDDIApi { && nodeID.equals(((UddiEntity) obj).getNodeId())) { accessCheck = true; } + + if ( nodeID.equals(((UddiEntity) obj).getNodeId()) && + AccessControlFactory.getAccessControlInstance().hasPermission(AccessLevel.WRITE, ctx, publisher, entityKey,type)){ + } if (!accessCheck) { throw new UserMismatchException(new ErrorMessage("errors.usermismatch.InvalidOwner", entityKey)); @@ -706,7 +718,7 @@ public class ValidatePublish extends ValidateUDDIApi { entityExists = true; // Make sure publisher owns this entity. - accessCheck(obj, entityKey); + accessCheck(obj, entityKey,EntityType.BUSINESS); } else { // Inside this block, we have a key proposed by the publisher on a new entity @@ -842,7 +854,7 @@ public class ValidatePublish extends ValidateUDDIApi { } // Make sure publisher owns this entity. - accessCheck(obj, entityKey); + accessCheck(obj, entityKey,EntityType.SERVICE); // If existing service trying to be saved has a different parent key, then we have a problem if (!parentKey.equalsIgnoreCase(bs.getBusinessEntity().getEntityKey())) { @@ -887,7 +899,7 @@ public class ValidatePublish extends ValidateUDDIApi { } // Make sure publisher owns this parent entity. - accessCheck(parentTemp, parentKey); + accessCheck(parentTemp, parentKey,EntityType.BUSINESS); // if (!publisher.isOwner((UddiEntity) parentTemp)) { // throw new UserMismatchException(new ErrorMessage("errors.usermismatch.InvalidOwnerParent", parentKey)); //} @@ -997,7 +1009,7 @@ public class ValidatePublish extends ValidateUDDIApi { } // Make sure publisher owns this entity. - accessCheck(obj, entityKey); + accessCheck(obj, entityKey,EntityType.BINDING); //if (!publisher.isOwner((UddiEntity) obj)&& !((Publisher) publisher).isAdmin()) { // throw new UserMismatchException(new ErrorMessage("errors.usermismatch.InvalidOwner", entityKey)); // } @@ -1035,7 +1047,7 @@ public class ValidatePublish extends ValidateUDDIApi { } // Make sure publisher owns this parent entity. - accessCheck(parentTemp, parentKey); + accessCheck(parentTemp, parentKey,EntityType.SERVICE); // if (!publisher.isOwner((UddiEntity) parentTemp)) { // throw new UserMismatchException(new ErrorMessage("errors.usermismatch.InvalidOwnerParent", parentKey)); // } @@ -1092,7 +1104,7 @@ public class ValidatePublish extends ValidateUDDIApi { entityExists = true; // Make sure publisher owns this entity. - accessCheck(obj, entityKey); + accessCheck(obj, entityKey,EntityType.TMODEL); //if (!publisher.isOwner((UddiEntity) obj)&& !((Publisher) publisher).isAdmin()) { // throw new UserMismatchException(new ErrorMessage("errors.usermismatch.InvalidOwner", entityKey)); // } diff --git a/juddi-core/src/main/java/org/apache/juddi/validation/ValidateUDDIApi.java b/juddi-core/src/main/java/org/apache/juddi/validation/ValidateUDDIApi.java index 6ffcfeb..ed3c127 100644 --- a/juddi-core/src/main/java/org/apache/juddi/validation/ValidateUDDIApi.java +++ b/juddi-core/src/main/java/org/apache/juddi/validation/ValidateUDDIApi.java @@ -14,13 +14,12 @@ * limitations under the License. * */ - package org.apache.juddi.validation; - import java.util.logging.Level; import java.util.logging.Logger; import javax.persistence.EntityManager; +import javax.xml.ws.WebServiceContext; import org.apache.commons.configuration.ConfigurationException; import org.apache.juddi.config.AppConfig; import org.apache.juddi.config.Property; @@ -37,50 +36,68 @@ import org.uddi.v3_service.DispositionReportFaultMessage; */ public abstract class ValidateUDDIApi { - protected UddiEntityPublisher publisher; - protected String nodeID=null; - - /** - * This is used only during the install process to prevent infinite loops - * @param publisher - * @param nodeid - */ - public ValidateUDDIApi(UddiEntityPublisher publisher, String nodeid) { - this.publisher = publisher; - this.nodeID = nodeid; - } - - public ValidateUDDIApi(UddiEntityPublisher publisher) { - this.publisher = publisher; - try { - this.nodeID = AppConfig.getConfiguration().getString(Property.JUDDI_NODE_ID); - } catch (ConfigurationException ex) { - Logger.getLogger(ValidateUDDIApi.class.getName()).log(Level.SEVERE, "unable to get the current node id, this may cause access control problems" - + " and must be fixed. set " + Property.JUDDI_NODE_ID + " in juddiv3.xml", ex); - } - } + protected UddiEntityPublisher publisher; + protected String nodeID = null; + protected WebServiceContext ctx=null; + + /** + * This is used only during the install process to prevent infinite loops + * + * @param publisher + * @param nodeid + */ + public ValidateUDDIApi(UddiEntityPublisher publisher, String nodeid,WebServiceContext ctx ) { + this.publisher = publisher; + this.nodeID = nodeid; + this.ctx=ctx; + } + + public ValidateUDDIApi(UddiEntityPublisher publisher, String nodeid) { + this.publisher = publisher; + this.nodeID = nodeid; + + } + + + + public ValidateUDDIApi(UddiEntityPublisher publisher){ + this(publisher,(WebServiceContext)null); + } + + public ValidateUDDIApi(UddiEntityPublisher publisher,WebServiceContext ctx) { + this.publisher = publisher; + this.ctx=ctx; + try { + this.nodeID = AppConfig.getConfiguration().getString(Property.JUDDI_NODE_ID); + } catch (ConfigurationException ex) { + Logger.getLogger(ValidateUDDIApi.class.getName()).log(Level.SEVERE, "unable to get the current node id, this may cause access control problems" + + " and must be fixed. set " + Property.JUDDI_NODE_ID + " in juddiv3.xml", ex); + } + } + + public UddiEntityPublisher getPublisher() { + return publisher; + } + + public void setPublisher(UddiEntityPublisher publisher) { + this.publisher = publisher; + } + + public static void unsupportedAPICall() throws DispositionReportFaultMessage { + throw new UnsupportedException(new ErrorMessage("errors.Unsupported")); + } + + public static boolean isUniqueKey(EntityManager em, String entityKey) { + Object obj = em.find(UddiEntity.class, entityKey); + if (obj != null) { + return false; + } - public UddiEntityPublisher getPublisher() { - return publisher; - } + obj = em.find(Subscription.class, entityKey); + if (obj != null) { + return false; + } - public void setPublisher(UddiEntityPublisher publisher) { - this.publisher = publisher; - } - - public static void unsupportedAPICall() throws DispositionReportFaultMessage { - throw new UnsupportedException(new ErrorMessage("errors.Unsupported")); - } - - public static boolean isUniqueKey(EntityManager em, String entityKey) { - Object obj = em.find(UddiEntity.class, entityKey); - if (obj != null) - return false; - - obj = em.find(Subscription.class, entityKey); - if (obj != null) - return false; - - return true; - } + return true; + } } diff --git a/juddi-core/src/test/java/org/apache/juddi/api/impl/API_180_RbacSecurityTest.java b/juddi-core/src/test/java/org/apache/juddi/api/impl/API_180_RbacSecurityTest.java index 802c9af..4962f8e 100644 --- a/juddi-core/src/test/java/org/apache/juddi/api/impl/API_180_RbacSecurityTest.java +++ b/juddi-core/src/test/java/org/apache/juddi/api/impl/API_180_RbacSecurityTest.java @@ -15,13 +15,38 @@ */ package org.apache.juddi.api.impl; +import java.rmi.RemoteException; +import java.util.ArrayList; +import java.util.List; import org.apache.commons.configuration.ConfigurationException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.juddi.Registry; +import org.apache.juddi.api.impl.mock.WebServiceContextMock; +import org.apache.juddi.api_v3.AccessLevel; +import org.apache.juddi.api_v3.Action; +import org.apache.juddi.api_v3.GetPermissionsMessageRequest; +import org.apache.juddi.api_v3.GetPermissionsMessageResponse; +import org.apache.juddi.api_v3.*; +import org.apache.juddi.api_v3.SetPermissionsMessageRequest; +import org.apache.juddi.config.AppConfig; +import org.apache.juddi.security.AccessControlFactory; +import org.apache.juddi.security.rbac.RbacRulesModel; +import org.apache.juddi.security.rbac.RoleBasedAccessControlImpl; +import org.apache.juddi.v3.tck.TckBusiness; +import org.apache.juddi.v3.tck.TckFindEntity; +import org.apache.juddi.v3.tck.TckPublisher; +import org.apache.juddi.v3.tck.TckTModel; + +import org.junit.Assert; + +import org.apache.juddi.v3.tck.TckSecurity; + import org.apache.juddi.v3.tck.TckSubscription; import org.junit.AfterClass; import org.junit.BeforeClass; +import org.junit.Test; +import org.uddi.api_v3.TModel; import org.uddi.v3_service.UDDISecurityPortType; /** @@ -29,19 +54,124 @@ import org.uddi.v3_service.UDDISecurityPortType; * @author Alex O'Ree */ public class API_180_RbacSecurityTest { - - private static final Log logger = LogFactory.getLog(API_010_PublisherTest.class); - private JUDDIApiImpl publisher = new JUDDIApiImpl(); - private UDDISecurityPortType security = new UDDISecurityImpl(); - private static TckSubscription tckSubscription = new TckSubscription(new UDDISubscriptionImpl(), new UDDISecurityImpl(), new UDDIInquiryImpl()); - - @BeforeClass - public static void startRegistry() throws ConfigurationException { - Registry.start(); + + private static final Log logger = LogFactory.getLog(API_010_PublisherTest.class); + + private static void grant(AccessLevel accessLevel, List<String> keys, String user) throws Exception { + JUDDIApiImpl publisher = new JUDDIApiImpl(); + SetPermissionsMessageRequest req = new SetPermissionsMessageRequest(); + req.setAuthInfo(authInfoUDDI); + for (String key : keys) { + + Permission level = new Permission(); + level.setAction(Action.ADD); + level.setEntityId(key); + level.setLevel(accessLevel); + level.setTarget(user); + level.setType(null); + req.getLevel().add(level); + } + SetPermissionsMessageResponse response = publisher.setPermissions(req); + } + + private JUDDIApiImpl publisher = new JUDDIApiImpl(); + private UDDISecurityPortType security = new UDDISecurityImpl(); + private static TckSubscription tckSubscription = new TckSubscription(new UDDISubscriptionImpl(), new UDDISecurityImpl(), new UDDIInquiryImpl()); + + private static API_010_PublisherTest api010 = new API_010_PublisherTest(); + private static TckTModel tckTModel = new TckTModel(new UDDIPublicationImpl(), new UDDIInquiryImpl()); + private static TckBusiness tckBusiness = new TckBusiness(new UDDIPublicationImpl(), new UDDIInquiryImpl()); + private static TckFindEntity tckFindEntity = new TckFindEntity(new UDDIInquiryImpl()); + private static String authInfoJoe = null; + private static String authInfoSam = null; + private static final String TEST_ROLE = "TESTROLE1"; + private static String authInfoUDDI = null; + + @BeforeClass + public static void startRegistry() throws ConfigurationException { + System.setProperty(AppConfig.JUDDI_CONFIGURATION_FILE_SYSTEM_PROPERTY, "src/test/resources/juddiv3rbac.xml"); + Registry.start(); + AccessControlFactory.reset(); + Assert.assertTrue(AccessControlFactory.getAccessControlInstance() instanceof RoleBasedAccessControlImpl); + logger.info("API_180_RbacSecurityTest"); + logger.debug("Getting auth token.."); + try { + api010.saveJoePublisher(); + api010.saveSamSyndicator(); + UDDISecurityPortType security = new UDDISecurityImpl(); + authInfoJoe = TckSecurity.getAuthToken(security, TckPublisher.getJoePublisherId(), TckPublisher.getJoePassword()); + authInfoSam = TckSecurity.getAuthToken(security, TckPublisher.getSamPublisherId(), TckPublisher.getSamPassword()); + authInfoUDDI = TckSecurity.getAuthToken(security, TckPublisher.getUDDIPublisherId(), TckPublisher.getUDDIPassword()); + TModel m = tckTModel.saveUDDIPublisherTmodel(authInfoUDDI); + List<String> keys = new ArrayList<>(); + keys.add(m.getTModelKey()); + keys.clear(); + grant(AccessLevel.READ, keys, RoleBasedAccessControlImpl.EVERYONE); + keys = tckTModel.saveTModels(authInfoUDDI, TckTModel.TMODELS_XML); + + grant(AccessLevel.READ, keys, RoleBasedAccessControlImpl.EVERYONE); + tckTModel.saveJoePublisherTmodel(authInfoJoe); + tckBusiness.saveJoePublisherBusiness(authInfoJoe); + } catch (Exception e) { + logger.error(e.getMessage(), e); + Assert.fail("Could not obtain authInfo token."); } + } + + @AfterClass + public static void stopRegistry() throws ConfigurationException { + tckTModel.deleteCreatedTModels(authInfoJoe); + Registry.stop(); + System.clearProperty(AppConfig.JUDDI_CONFIGURATION_FILE_SYSTEM_PROPERTY); + AppConfig.triggerReload(); + } + + @Test + public void getSetDeletePerm() throws Exception { + publisher.ctx = new WebServiceContextMock(TckPublisher.getUDDIPublisherId(), TEST_ROLE); + + GetPermissionsMessageRequest request = new GetPermissionsMessageRequest(); + request.setAuthInfo(authInfoUDDI); - @AfterClass - public static void stopRegistry() throws ConfigurationException { - Registry.stop(); + GetPermissionsMessageResponse permissions = publisher.getPermissions(request); + //Assert.assertTrue(permissions.getLevel().isEmpty()); + + SetPermissionsMessageRequest req = new SetPermissionsMessageRequest(); + req.setAuthInfo(authInfoUDDI); + Permission level = new Permission(); + level.setAction(Action.ADD); + level.setEntityId(TckBusiness.JOE_BUSINESS_KEY); + level.setLevel(AccessLevel.READ); + level.setTarget(TckPublisher.getSamPublisherId()); + level.setType(null); + req.getLevel().add(level); + + SetPermissionsMessageResponse response = publisher.setPermissions(req); + Assert.assertNotNull(response); + permissions = publisher.getPermissions(request); + //Assert.assertEquals(permissions.getLevel().size(), 1); + boolean ok =false; + Permission p1=null; + for (Permission p:permissions.getLevel()){ + if (p.getTarget().equals(TckPublisher.getSamPublisherId()) + && p.getEntityId().equals(TckBusiness.JOE_BUSINESS_KEY) + && p.getLevel()==AccessLevel.READ){ + ok=true; + p1=p; + } + + } + Assert.assertTrue(ok); + + + p1.setAction(Action.REMOVE); + req.getLevel().clear(); + req.getLevel().add(p1); + response = publisher.setPermissions(req); + Assert.assertNotNull(response); + permissions = publisher.getPermissions(request); + //Assert.assertEquals(permissions.getLevel().size(), 0); + + } } diff --git a/juddi-core/src/test/java/org/apache/juddi/api/impl/mock/WebServiceContextMock.java b/juddi-core/src/test/java/org/apache/juddi/api/impl/mock/WebServiceContextMock.java new file mode 100644 index 0000000..c0cfa00 --- /dev/null +++ b/juddi-core/src/test/java/org/apache/juddi/api/impl/mock/WebServiceContextMock.java @@ -0,0 +1,69 @@ +/* + * Copyright 2019 The Apache Software Foundation. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.juddi.api.impl.mock; + +import java.security.Principal; +import javax.xml.ws.EndpointReference; +import javax.xml.ws.WebServiceContext; +import javax.xml.ws.handler.MessageContext; +import org.w3c.dom.Element; + +/** + * + * @author AO + */ +public class WebServiceContextMock implements WebServiceContext { + + public String role; + public String username; + + public WebServiceContextMock(String username, String role) { + this.role = role; + this.username = username; + + } + + @Override + public MessageContext getMessageContext() { + return null; + } + + @Override + public Principal getUserPrincipal() { + return new Principal() { + @Override + public String getName() { + return username; + } + }; + } + + @Override + public boolean isUserInRole(String arg0) { + return arg0.equals(role); + } + + @Override + public EndpointReference getEndpointReference(Element... arg0) { + return null; + } + + @Override + public <T extends EndpointReference> T getEndpointReference(Class<T> arg0, Element... arg1) { + return null; + } + +} diff --git a/juddi-core/src/test/resources/META-INF/persistence.xml b/juddi-core/src/test/resources/META-INF/persistence.xml index 725e81e..d4f2738 100644 --- a/juddi-core/src/test/resources/META-INF/persistence.xml +++ b/juddi-core/src/test/resources/META-INF/persistence.xml @@ -90,6 +90,8 @@ <class>org.apache.juddi.model.ControlMessage</class> <class>org.apache.juddi.model.ReplicationConfigurationNode</class> <class>org.apache.juddi.model.EdgeReceiverAlternate</class> + <class>org.apache.juddi.security.rbac.RbacRulesModel</class> + <properties> <property name="hibernate.archive.autodetection" value="class"/> <property name="hibernate.hbm2ddl.auto" value="update"/> diff --git a/juddi-core/src/test/resources/juddiv3rbac.xml b/juddi-core/src/test/resources/juddiv3rbac.xml new file mode 100644 index 0000000..836264f --- /dev/null +++ b/juddi-core/src/test/resources/juddiv3rbac.xml @@ -0,0 +1,215 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<!-- +* Copyright 2001-2009 The Apache Software Foundation. +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICenSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +* +*/ --> +<!-- +################################################################ +# jUDDI-v3.0 configuration. # +################################################################ +# Note that the property settings in this # +# file can be overriden by system parameters # +# # +################################################################ +--> +<config> + <juddi> + <!-- The ${juddi.server.baseurl} token can be referenced in accessPoints and will be resolved at runtime. --> + <server> + <baseurl>http://localhost:8080/juddiv3</baseurl> + <baseurlsecure>https://localhost:8443/juddiv3</baseurlsecure> + </server> + <!-- The node Id must be unique when setup in a cluster of UDDI servers implementing the replication API + don't worry, jUDDI doesn't implement it right now, but it may come in the future --> + <nodeId>uddi:juddi.apache.org:node1</nodeId> + <!-- The key of the root business that all of the UDDI services are registered in, as defined in the install_data --> + <root> + <!-- this is the 'root' username, or owner of the node --> + <publisher>root</publisher> + <!-- The key of the root business that all of the UDDI services are registered in, as defined in the install_data --> + <businessId>uddi:juddi.apache.org:businesses-asf</businessId> + <partition>uddi:juddi.apache.org</partition> + </root> + <seed> + <always>false</always> + </seed> + + <!-- Name of the persistence unit to use (the default, "juddiDatabase" refers to the unit compiled into the juddi library)--> + <persistenceunit> + <name>juddiDatabase</name> + </persistenceunit> + + <!-- Check-the-time-stamp-on-this-file Interval in milli seconds --> + <configuration> + <reload> + <delay>2000</delay> + </reload> + </configuration> + <!--Default locale--> + <locale>en_US</locale> + + <!--The UDDI Operator Contact Email Address--> + <operatorEmailAddress>[email protected]</operatorEmailAddress> + + <!-- The maximum name size and maximum number of name elements allows in several of the FindXxxx and SaveXxxx UDDI functions.--> + <maxNameLength>255</maxNameLength> + <maxNameElementsAllowed>5</maxNameElementsAllowed> + + + <!-- The maximum number of rows returned in a find_* operation. Each call can set this independently, but this property defines a global maximum.--> + <maxRows>1000</maxRows> + <!-- The maximum number of "IN" clause parameters. Some RDMBS limit the number of parameters allowed in a SQL "IN" clause.--> + <maxInClause>1000</maxInClause> + + <!-- The maximum number of UDDI artifacts allowed per publisher. A value of '-1' indicates any number of artifacts is valid (These values can be overridden at the individual publisher level).--> + <maxBusinessesPerPublisher>100</maxBusinessesPerPublisher> + <maxServicesPerBusiness>100</maxServicesPerBusiness> + <maxBindingsPerService>100</maxBindingsPerService> + <maxTModelsPerPublisher>100</maxTModelsPerPublisher> + + <!-- Days before a transfer request expires--> + <transfer> + <expiration> + <days>3</days> + </expiration> + </transfer> + + <!-- Days before a subscription expires--> + <subscription> + <expiration> + <days>30</days> + </expiration> + + <!-- Minutes before a "chunked" subscription call expires--> + <chunkexpiration> + <minutes>5</minutes> + </chunkexpiration> + + <!--Since 3.1.5 the maxium ammount of returned subscription entities allowed--> + <maxentities>1000</maxentities> + </subscription> + + <!-- jUDDI UUIDGen implementation to use--> + <uuidgen>org.apache.juddi.uuidgen.DefaultUUIDGen</uuidgen> + + <!-- jUDDI Cryptor implementation to use--> + <cryptor>org.apache.juddi.v3.client.cryptor.DefaultCryptor</cryptor> + + <!-- jUDDI Key Generator to use--> + <keygenerator>org.apache.juddi.keygen.DefaultKeyGenerator</keygenerator> + + <notification> + <!-- Specifies the interval at which the notification timer triggers--> + <interval>5000</interval> + <!-- Specifies the amount of time to wait before the notification timer initially fires--> + <start> + <buffer>0</buffer> + </start> + <acceptableLagtime>1000</acceptableLagtime> + <maxTries>3</maxTries> + <!-- 10 minutes --> + <maxTriesResetInterval>600000</maxTriesResetInterval> + <sendAuthTokenWithResultList>false</sendAuthTokenWithResultList> + </notification> + <!-- All Authentication related settings --> + <auth> + <!-- Specifies whether the inquiry API requires authentication, all other APIs require authN--> + <Inquiry>false</Inquiry> + + <!-- When using file based authentication, this is the filename to use + <usersfile>juddi-users.xml</usersfile>--> + <!-- jUDDI Authentication module to use--> + <authenticator> + <!-- build in Authenticators: + org.apache.juddi.v3.auth.JUDDIAuthenticator - no authentication + LDAP Based + org.apache.juddi.v3.auth.LdapSimpleAuthenticator - use LDAP + org.apache.juddi.v3.auth.LdapExpandedAuthenticator - use LDAP + + File based, see usersfile + org.apache.juddi.v3.auth.XMLDocAuthenticator - XML doc, clear text + org.apache.juddi.v3.auth.CryptedXMLDocAuthenticator - XML doc, encrypted + org.apache.juddi.v3.auth.MD5XMLDocAuthenticator - XML doc, Hashed + --> + <class>org.apache.juddi.v3.auth.JUDDIAuthenticator</class> + <!-- other settings + url + initialcontext + style + ldapexp + --> + </authenticator> + + <token> + <!-- Time in minutes to expire tokes after inactivity--> + <Timeout>15</Timeout> + <!-- As of 3.1.5 Duration of time for tokens to expire, regardless of inactivity --> + <Expiration>15</Expiration> + </token> + </auth> + + + + + <validation> + <!-- As of 3.1.5 This setting will force referential integrity for all tModels (except keyGenerators), category bags, bindingTemplate/AccessPoint/hostingRedirector (referencing another host), tModelinstanceparms and anything else that references a KeyName default value is true. set to false for backwards compatibility or for a more lax registry--> + <enforceReferentialIntegrity>true</enforceReferentialIntegrity> + </validation> + + <!--As of 3.1.5 Email delivery options for subscription API functions--> + <mail> + <smtp> + <!--The Operator’s Email address + <from>[email protected]</from>--> + + <!--the hostname of the SMTP server + <host>localhost</host>--> + + <!--The portname of the SMTP server + <port>25</port>--> + + <!--If set, specifies the name of a class that implements the javax.net.SocketFactory interface. This class will be used to create SMTP sockets.--> + <socketFactory> + <!--<class></class>--> + + <!--If set to true, failure to create a socket using the specified socket factory class will cause the socket to be created using the java.net.Socket class. Defaults to true. + <fallback>true</fallback>--> + <!--Specifies the port to connect to when using the specified socket factory. If not set, the default port will be used. + <port>25</port>--> + </socketFactory> + <!--if true, enables the use of the STARTTLS command (if supported by the server) to switch the connection to a TLS-protected connection before issuing any login commands. Note that an appropriate trust store must configured so that the client will trust the server’s certificate. Defaults to false. + <starttls> + <enabled>false</enabled> + </starttls>--> + + <!--If true, attempt to authenticate the user using the AUTH command. Defaults to false. + <auth>false</auth>--> + + <!--Username used to authenticate to the SMTP server used only if mail.smtp.auth is true + <user>user</user>--> + + <!--Password used to authenticate to the SMTP server, used only if mail.smtp.auth is true + <password encrypted="false">pass</password>--> + </smtp> + </mail> + + + <!-- additional access control module + provides item level access permissions. + default is everyone can read everything, only owners can change stuff + --> + <accessControlProvider>org.apache.juddi.security.rbac.RoleBasedAccessControlImpl</accessControlProvider> + </juddi> +</config> \ No newline at end of file diff --git a/juddiv3-war/JPA/Hibernate-JBoss/WEB-INF/classes/META-INF/persistence.xml b/juddiv3-war/JPA/Hibernate-JBoss/WEB-INF/classes/META-INF/persistence.xml index 2480261..e44aece 100644 --- a/juddiv3-war/JPA/Hibernate-JBoss/WEB-INF/classes/META-INF/persistence.xml +++ b/juddiv3-war/JPA/Hibernate-JBoss/WEB-INF/classes/META-INF/persistence.xml @@ -97,6 +97,7 @@ <class>org.apache.juddi.model.ControlMessage</class> <class>org.apache.juddi.model.ReplicationConfigurationNode</class> <class>org.apache.juddi.model.EdgeReceiverAlternate</class> + <class>org.apache.juddi.security.rbac.RbacRulesModel</class> <properties> <property name="hibernate.archive.autodetection" value="class"/> diff --git a/juddiv3-war/JPA/Hibernate-JBossAS7Up/WEB-INF/classes/META-INF/persistence.xml b/juddiv3-war/JPA/Hibernate-JBossAS7Up/WEB-INF/classes/META-INF/persistence.xml index 433defb..48ecc33 100644 --- a/juddiv3-war/JPA/Hibernate-JBossAS7Up/WEB-INF/classes/META-INF/persistence.xml +++ b/juddiv3-war/JPA/Hibernate-JBossAS7Up/WEB-INF/classes/META-INF/persistence.xml @@ -98,7 +98,8 @@ under the License. <class>org.apache.juddi.model.ControlMessage</class> <class>org.apache.juddi.model.ReplicationConfigurationNode</class> <class>org.apache.juddi.model.EdgeReceiverAlternate</class> - + <class>org.apache.juddi.security.rbac.RbacRulesModel</class> + <properties> <property name="hibernate.archive.autodetection" value="class"/> <property name="hibernate.hbm2ddl.auto" value="update"/> diff --git a/juddiv3-war/JPA/Hibernate/WEB-INF/classes/META-INF/persistence.xml b/juddiv3-war/JPA/Hibernate/WEB-INF/classes/META-INF/persistence.xml index b9ffdd6..ad4777e 100644 --- a/juddiv3-war/JPA/Hibernate/WEB-INF/classes/META-INF/persistence.xml +++ b/juddiv3-war/JPA/Hibernate/WEB-INF/classes/META-INF/persistence.xml @@ -97,7 +97,8 @@ <class>org.apache.juddi.model.ControlMessage</class> <class>org.apache.juddi.model.ReplicationConfigurationNode</class> <class>org.apache.juddi.model.EdgeReceiverAlternate</class> - + <class>org.apache.juddi.security.rbac.RbacRulesModel</class> + <properties> <property name="hibernate.archive.autodetection" value="class"/> <property name="hibernate.hbm2ddl.auto" value="update"/> diff --git a/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckBusiness.java b/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckBusiness.java index 4fc25e1..a089670 100644 --- a/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckBusiness.java +++ b/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckBusiness.java @@ -318,6 +318,7 @@ public class TckBusiness { // Now get the entity and check the values GetBusinessDetail gb = new GetBusinessDetail(); gb.getBusinessKey().add(businessKey); + gb.setAuthInfo(authInfo); BusinessDetail bd = inquiry.getBusinessDetail(gb); List<BusinessEntity> beOutList = bd.getBusinessEntity(); BusinessEntity beOut = beOutList.get(0); diff --git a/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckTModel.java b/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckTModel.java index 1feadf4..6bee798 100644 --- a/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckTModel.java +++ b/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckTModel.java @@ -14,6 +14,7 @@ */ package org.apache.juddi.v3.tck; +import java.util.ArrayList; import java.util.HashSet; import java.util.Iterator; import static junit.framework.Assert.assertEquals; @@ -92,15 +93,17 @@ public class TckTModel { * * @param authInfo * @param tModelXml this is a relative file path + * @return all created tmodel keys */ - public void saveTModels(String authInfo, String tModelXml) { - + public List<String> saveTModels(String authInfo, String tModelXml) { + List<String> keys = new ArrayList<>(); // Add tModels try { SaveTModel st = (org.uddi.api_v3.SaveTModel) EntityCreator.buildFromDoc(tModelXml, "org.uddi.api_v3"); for (int i = 0; i < st.getTModel().size(); i++) { saveTModel(authInfo, st.getTModel().get(i), false); + keys.add(st.getTModel().get(i).getTModelKey()); } //st.setAuthInfo(authInfo); //publication.saveTModel(st); @@ -109,6 +112,7 @@ public class TckTModel { logger.error(e.getMessage(), e); Assert.fail("No exception should be thrown"); } + return keys; } public TModel saveTModel(String authInfo, TModel tmIn, boolean force) { @@ -139,6 +143,7 @@ public class TckTModel { keyscreated.add(tmIn.getTModelKey()); // Now get the entity and check the values GetTModelDetail gt = new GetTModelDetail(); + gt.setAuthInfo(authInfo); gt.getTModelKey().add(tmIn.getTModelKey()); TModelDetail td = inquiry.getTModelDetail(gt); List<org.uddi.api_v3.TModel> tmOutList = td.getTModel(); @@ -276,8 +281,8 @@ public class TckTModel { * creates key generator * @param authInfoTM */ - public void saveUDDIPublisherTmodel(String authInfoTM) { - saveTModel(authInfoTM, TMODEL_PUBLISHER_TMODEL_XML, TMODEL_PUBLISHER_TMODEL_KEY, false); + public TModel saveUDDIPublisherTmodel(String authInfoTM) { + return saveTModel(authInfoTM, TMODEL_PUBLISHER_TMODEL_XML, TMODEL_PUBLISHER_TMODEL_KEY, false); } public void saveTmodels(String authInfoJoe) { diff --git a/uddi-ws/src/main/java/org/apache/juddi/api_v3/AccessLevel.java b/uddi-ws/src/main/java/org/apache/juddi/api_v3/AccessLevel.java index 294bc8d..9317cc7 100644 --- a/uddi-ws/src/main/java/org/apache/juddi/api_v3/AccessLevel.java +++ b/uddi-ws/src/main/java/org/apache/juddi/api_v3/AccessLevel.java @@ -27,11 +27,11 @@ import javax.xml.bind.annotation.XmlType; @XmlEnum public enum AccessLevel { - NONE, - READ, - WRITE, - OWN, - CREATE; + NONE((short)0), + READ((short)1), + WRITE((short)2), + OWN((short)3), + CREATE((short)4); public String value() { return name(); @@ -40,5 +40,14 @@ public enum AccessLevel { public static AccessLevel fromValue(String v) { return valueOf(v); } - + + private final short value; + + private AccessLevel(short val){ + value=val; + } + + public short getLevel(){ + return value; + } } --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
