📄 permispdp.java
字号:
/*
* Copyright (c) 2006, University of Kent
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* 1. Neither the name of the University of Kent nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 2. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED.
*
* 3. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* 4. YOU AGREE THAT THE EXCLUSIONS IN PARAGRAPHS 2 AND 3 ABOVE ARE REASONABLE
* IN THE CIRCUMSTANCES. IN PARTICULAR, YOU ACKNOWLEDGE (1) THAT THIS
* SOFTWARE HAS BEEN MADE AVAILABLE TO YOU FREE OF CHARGE, (2) THAT THIS
* SOFTWARE IS NOT "PRODUCT" QUALITY, BUT HAS BEEN PRODUCED BY A RESEARCH
* GROUP WHO DESIRE TO MAKE THIS SOFTWARE FREELY AVAILABLE TO PEOPLE WHO WISH
* TO USE IT, AND (3) THAT BECAUSE THIS SOFTWARE IS NOT OF "PRODUCT" QUALITY
* IT IS INEVITABLE THAT THERE WILL BE BUGS AND ERRORS, AND POSSIBLY MORE
* SERIOUS FAULTS, IN THIS SOFTWARE.
*
* 5. This license is governed, except to the extent that local laws
* necessarily apply, by the laws of England and Wales.
*/
/*
* PermisPDP.java
*
* Created on 07 November 2006, 17:13
*
* To change this template, choose Tools | Template Manager
* and open the template in the editor.
*/
package uk.ac.kent.dpa.custom.pdp;
import issrg.pba.PBAAPI;
import issrg.pba.rbac.PermisTarget;
import issrg.pba.rbac.PermisAction;
import issrg.pba.rbac.LDAPDNPrincipal;
import issrg.pba.rbac.CustomisePERMIS;
import issrg.pba.rbac.PermisRBAC;
import issrg.pba.rbac.PolicyFinder;
import issrg.pba.PbaException;
import issrg.pba.rbac.BadURLException;
import issrg.pba.rbac.SignatureVerifier;
import issrg.globus.SamlADF;
import issrg.shibboleth.ShibbolethAuthTokenParser;
import issrg.web.service.ActionException;
import issrg.web.service.EncodeXML;
import issrg.web.service.EnvironmentException;
import issrg.web.service.PermisWebService;
import issrg.web.service.PermisWebServiceException;
import issrg.web.service.SubjectException;
import issrg.web.service.TargetException;
import issrg.web.service.XMLParser;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.globus.wsrf.ResourceContext;
import org.globus.wsrf.ResourceContextException;
import org.globus.wsrf.security.authorization.PDP;
import org.globus.wsrf.security.authorization.PDPConfig;
import org.globus.wsrf.impl.security.util.AuthUtil;
import org.globus.wsrf.impl.security.authorization.exceptions.AuthorizationException;
import org.globus.wsrf.impl.security.authorization.exceptions.InitializeException;
import org.globus.wsrf.impl.security.authorization.exceptions.InvalidPolicyException;
import javax.security.auth.Subject;
import javax.xml.rpc.handler.MessageContext;
import org.w3c.dom.*;
import javax.xml.parsers.*;
import javax.xml.namespace.QName;
import java.security.Principal;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Vector;
import java.util.Map;
import java.util.Set;
import java.lang.reflect.*;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
*
* @author ls97
*/
public class PermisPDP implements PDP, SignatureVerifier {
static { // add ShibbolethURLHandler only once when the JVM starts
try {
CustomisePERMIS.addURLHandler("issrg.shibboleth.ShibbolethURLHandler");
} catch (ClassNotFoundException cnfe){
cnfe.printStackTrace(System.err);
}
}
private static final issrg.utils.Version version = new issrg.utils.Version("issrg/gt4/version", "gt4");
public static final String GSP_LDAP_AC_KEY = "GSP_LDAP_AC_attribute";
public static final String GSP_USE_GRID_SHIB = "GSP_useGridShib";
//Copied from ShibbolethConstants
public static final String IDP_PROVIDER_ID_KEY = "IdPproviderId";
private PBAAPI adf = null;
private String IdPproviderId;
private String GSP_ldapAC_attribute;
private String GSP_useGridShib;
private String ldapPKC_attribute;
private Method getCredsMethod;
private ShibbolethAuthTokenParser shibParser = new ShibbolethAuthTokenParser();
private static final Map adfs = new Hashtable();
private Element response = null;
private PermisWebService permis = null;
private String fileName = null;
private Document doc = null;
static Log logger = LogFactory.getLog(PermisPDP.class.getName());
/**
* The standard PDP method; returns an empty array, since the behaviour was
* not defined by GT4 at the time of writing.
*/
public String [] getPolicyNames(){
return new String[0];
}
/**
* The standard PDP method; returns null, since the behaviour was
* not defined by GT4 at the time of writing.
*/
public Node getPolicy(Node query) throws InvalidPolicyException {
return null;
}
/**
* The standard PDP method; returns null, since the behaviour was
* not defined by GT4 at the time of writing.
*/
public Node setPolicy(Node policy) throws InvalidPolicyException {
return null;
}
/**
* The standard PDP method; deinitialises the PDP.
*/
public void close(){
//System.out.println("*** Close was invoked ***"); //************
adf=null;
}
/**
* This is a simple signature verification - always returns true.
*/
public boolean checkSignature(byte[] Value, byte[] Signature,
String algorithmID, issrg.utils.repository.TokenLocator Signer){
return true;
}
/**
* This method retrieves an instance of PBAAPI for a given configuration.
* First, it looks for a PBAAPI for the given Policy OID in the cache, and
* if one is found, that one is used; otherwise a new one is created and
* cached.
*
* @param soa - the SOA name (LDAP DN)
* @param oid - the OID of the policy
* @param ldapURL - the URL of the LDAP repository to use to retrieve
* the policy and user ACs
* @param uRL - the URL of another repository where the user ACs are
* stored (this may be different from the policy LDAP)
* @param ldapAC_attribute - the attribute name of the ACs in the
* repositories
* @param ldapPKC_attribute - the attribute name of the PKCs in the
* repositories
* @param rootCA - the filename of the Root CA PKC; can be null, if no
* signature verification is required (NOT RECOMMENDED FOR PRODUCTION
* DEPLOYMENTS!)
*/
protected PBAAPI getADF(String soa, String oid, String ldapURL, String uRL, String ldapAC_attribute, String ldapPKC_attribute, String rootCA) throws InitializeException {
//System.out.println("Configured in:\n\tsoa="+soa+"\n\toid="+oid+
// "\n\tldapURL="+ldapURL+"\n\tldapAC_attribute="+ldapAC_attribute+
// "\n\trootCA="+rootCA); //************
if (soa==null || (ldapURL==null && uRL==null) || oid==null){
throw new InitializeException("Incomplete set of parameters has been provided: "+
SamlADF.SOA_STRING+"="+soa+"; "+
SamlADF.LDAP_URL_STRING+"="+ldapURL+"; "+
SamlADF.LDAP_AC_ATTRIBUTE_STRING+"="+ldapAC_attribute+"; "+
SamlADF.URL_STRING+"="+uRL+"; "+
SamlADF.OID_STRING+"="+oid);
}
PBAAPI adf=oid==null?null:(PBAAPI)adfs.get(oid);
if (adf==null){ // if no such ADF has been constructed yet, build it
if (rootCA==null){
//...log4j message that no signature verification will be used
}
try{
adf = SamlADF.getPBAAPI(oid, soa, ldapURL, uRL, rootCA, this, ldapAC_attribute, ldapPKC_attribute);
}catch (PbaException pe){
throw new InitializeException("Failed to initialize PermisPDP: "+pe.getMessage(), pe);
}
adfs.put(oid, adf);
}
return adf;
}
/**
* The standard PDP method; initialises the PDP given the configuration.
*
* @param config - the PDPConfig obtained by GT4
* @param name - the name of the PDP (the thing before the ":" in the security
* descriptor for the service)
* @param id - the id of the PDP; not used in this implementation
*/
/** Creates a new instance of PermisPDP */
public PermisPDP() {
}
public void initialize(PDPConfig config, String name, String id) throws InitializeException {
logger.info("to initialise the custom Permis PDP ("+name+") for the service "+id);
fileName = (String)config.getProperty(name,"customConfig");
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setValidating(false);
try {
this.doc = factory.newDocumentBuilder().newDocument();
} catch (ParserConfigurationException pe) {
throw new InitializeException("error:"+pe);
}
if (fileName!=null)
try {
permis = new PermisWebService();
//create PermisRBAC in PDP mode.
//In this case, the Permis subject must be constructed from outside subject attributes
this.permis.initialise(fileName,0);
this.adf = this.permis.getPDP();
} catch (PermisWebServiceException pe) {
throw new InitializeException("PermisRBAC initialise error : "+pe);
}
else {
//GridShibPermis Initialization
this.IdPproviderId = (String) config.getProperty(name,IDP_PROVIDER_ID_KEY);
this.GSP_ldapAC_attribute = (String) config.getProperty(name,GSP_LDAP_AC_KEY);
this.GSP_useGridShib = (String) config.getProperty(name,GSP_USE_GRID_SHIB);
String soa = (String)config.getProperty(name, SamlADF.SOA_STRING);
String oid = (String)config.getProperty(name, SamlADF.OID_STRING);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -