📄 coordinator.java
字号:
/*
* Copyright (c) 2006, University of Kent
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* 1. Neither the name of the University of Kent nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 2. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED.
*
* 3. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* 4. YOU AGREE THAT THE EXCLUSIONS IN PARAGRAPHS 2 AND 3 ABOVE ARE REASONABLE
* IN THE CIRCUMSTANCES. IN PARTICULAR, YOU ACKNOWLEDGE (1) THAT THIS
* SOFTWARE HAS BEEN MADE AVAILABLE TO YOU FREE OF CHARGE, (2) THAT THIS
* SOFTWARE IS NOT "PRODUCT" QUALITY, BUT HAS BEEN PRODUCED BY A RESEARCH
* GROUP WHO DESIRE TO MAKE THIS SOFTWARE FREELY AVAILABLE TO PEOPLE WHO WISH
* TO USE IT, AND (3) THAT BECAUSE THIS SOFTWARE IS NOT OF "PRODUCT" QUALITY
* IT IS INEVITABLE THAT THERE WILL BE BUGS AND ERRORS, AND POSSIBLY MORE
* SERIOUS FAULTS, IN THIS SOFTWARE.
*
* 5. This license is governed, except to the extent that local laws
* necessarily apply, by the laws of England and Wales.
*/
/*
* PermisPDP.java
*
* Created on 07 November 2006, 17:13
*
* To change this template, choose Tools | Template Manager
* and open the template in the editor.
*/
package uk.ac.kent.dpa.custom.pdp;
import issrg.web.service.EncodeXML;
import uk.ac.kent.dpa.coord.context.handler.*;
import uk.ac.kent.dpa.coord.clients.CoordClientObject;
import org.globus.wsrf.security.authorization.PDP;
import org.globus.wsrf.security.authorization.PDPConfig;
import org.globus.wsrf.impl.security.authorization.exceptions.AuthorizationException;
import org.globus.wsrf.impl.security.authorization.exceptions.*;
import uk.ac.kent.dpa.coord.clients.CoordClientException;
import org.w3c.dom.*;
import javax.security.auth.Subject;
import javax.xml.rpc.handler.MessageContext;
import javax.xml.namespace.QName;
import java.util.*;
import java.security.Principal;
import java.lang.reflect.*;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import uk.ac.kent.dpa.custom.authz.util.AuthzException;
import uk.ac.kent.dpa.custom.authz.util.Merge;
import uk.ac.kent.dpa.obligation.engine.Engine;
/**
*
* @author ls97
*/
public class Coordinator implements PDP {
static Log logger = LogFactory.getLog(Coordinator.class.getName());
Object actualPDPObject = null;
String coord = null;
Class actualPDPClass = null;
Element envAttrs = null;
/** Creates a new instance of Coordinator */
public Coordinator() {
}
public void initialize(PDPConfig config, String name, String id) throws InitializeException {
logger.info("to initialise the Coordinator ("+name+") for the service "+id);
String authz = (String)config.getProperty(name,"authzIdentity");
this.coord = (String)config.getProperty(name,"coordIdentity");
logger.info("to construct the actual PDP "+authz);
logger.info("to load the coordination service from "+coord);
try {
this.actualPDPClass = Class.forName(authz);
this.actualPDPObject = this.actualPDPClass.newInstance();
Class[] param = {PDPConfig.class,String.class,String.class};
Method method = this.actualPDPClass.getDeclaredMethod("initialize",param);
Object[] objs = {config,name,id};
this.envAttrs = (Element)method.invoke(this.actualPDPObject,objs);
param = null;
method = this.actualPDPClass.getDeclaredMethod("getAttributes",param);
objs = null;
this.envAttrs = (Element)method.invoke(this.actualPDPObject,objs);
logger.info("to find out all needed attributes in the policy");
logger.debug(new EncodeXML().encode(this.envAttrs,0));
logger.debug("the initialise done!");
} catch (Exception e) {
throw new InitializeException("the actual PDP is not available");
}
}
public boolean isPermitted(Subject peerSubject, MessageContext context, QName operation) throws AuthorizationException {
logger.info("the Coordinator is going to make an authorisation decision");
Element requestCtx = (Element)context.getProperty("request.context");
logger.info("get primary request context");
logger.debug(new EncodeXML().encode(requestCtx,0));
ContextHandler handler = null;
String[] lockNames = null;
try {
handler = new ContextHandler(requestCtx,this.coord);
ArrayList definingAttributes = handler.getDefiningAttributes(this.envAttrs);
Element imbed = handler.getAttributes(definingAttributes);
boolean flag = handler.checkImbeddedAttributes(imbed,requestCtx);
if (!flag) {
logger.debug("unknown imbedded attributes");
return false;
}
String[] coordAttrs = handler.getCoordinationNames(this.envAttrs);
int num = coordAttrs.length;
int [] lockTypes = new int[num];
lockNames = new String[num];
for (int i=0; i<num; i++) {
lockTypes[i]=1;
lockNames[i]=coordAttrs[i];
logger.debug("to lock "+lockNames[i]);
}
if (num>0) {
handler.getCoordService().lockCoordAttrs(lockNames,lockTypes);
}
logger.info("get coordination attributes from the data base");
Element coordAttrVals = handler.getCoordinationAttributes(this.envAttrs,requestCtx);
logger.debug(new EncodeXML().encode(coordAttrVals,0));
Merge merger = new Merge();
Element reqCtx = merger.merge(requestCtx,coordAttrVals);
logger.info("get the complete request context");
context.setProperty("request.context",reqCtx);
logger.debug(new EncodeXML().encode(reqCtx,0));
logger.info("make a decision");
try {
Class[] param = {Subject.class,MessageContext.class,QName.class};
Method method = this.actualPDPClass.getDeclaredMethod("isPermitted",param);
Object[] objs = {peerSubject,context,operation};
boolean decision = ((Boolean)method.invoke(this.actualPDPObject,objs)).booleanValue();
if (decision) {
logger.info("Permit");
Class[] param1 = null;
method = this.actualPDPClass.getDeclaredMethod("getResponse",param1);
Object[] objs1 = null;
Element response = (Element)method.invoke(this.actualPDPObject,objs1);
logger.debug(new EncodeXML().encode(response,0));
String res = handler.getDecision(response);
logger.debug(res);
if (res==null) throw new AuthorizationException("invalid authorisation response");
if (res.equals("Permit")) {
logger.info("get obligations");
Element obligations = handler.getObligations(response);
if (obligations!=null) {
logger.debug(new EncodeXML().encode(obligations,0));
logger.info("to evaluate obligations");
Engine engine = new Engine(obligations,reqCtx);
Element evaluations=engine.execute();
logger.debug(new EncodeXML().encode(evaluations,0));
handler.enforceObligations(evaluations,reqCtx);
logger.info("update the coordination attributes");
}
handler.getCoordService().unlockCoordAttrs(lockNames);
logger.info("release the lock");
return true;
} else {
logger.info("Deny");
handler.getCoordService().unlockCoordAttrs(lockNames);
logger.info("release the lock");
return false;
}
} else {
logger.info("Deny");
handler.getCoordService().unlockCoordAttrs(lockNames);
logger.info("release the lock");
return false;
}
} catch (Exception e) {
handler.getCoordService().unlockCoordAttrs(lockNames);
logger.info("release the lock");
throw new AuthorizationException("the actual PDP fails: "+e);
}
} catch (ContextHandlerException ce) {
try {
handler.getCoordService().unlockCoordAttrs(lockNames);
logger.info("release the lock");
} catch (CoordClientException cce) {
throw new AuthorizationException("coordination database error:"+cce);
}
throw new AuthorizationException("context handler processing error:"+ce);
} catch (CoordClientException cce) {
try {
handler.getCoordService().unlockCoordAttrs(lockNames);
logger.info("release the lock");
} catch (CoordClientException cce1) {
throw new AuthorizationException("coordination database error:"+cce1);
}
throw new AuthorizationException("coordination database error:"+cce);
} catch (AuthzException ae) {
try {
handler.getCoordService().unlockCoordAttrs(lockNames);
logger.info("release the lock");
} catch (CoordClientException cce) {
throw new AuthorizationException("coordination database error:"+cce);
}
throw new AuthorizationException("coordination util error:"+ae);
}
}
public String [] getPolicyNames(){
return new String[0];
}
public Node getPolicy(Node query) throws InvalidPolicyException {
return null;
}
/**
* The standard PDP method; returns null, since the behaviour was
* not defined by GT4 at the time of writing.
*/
public Node setPolicy(Node policy) throws InvalidPolicyException {
return null;
}
/**
* The standard PDP method; deinitialises the PDP.
*/
public void close(){
logger.info("the authorisation is done");
this.actualPDPObject = null;
}
private boolean checkAttribute(Element reqCtx, String type) {
if (reqCtx==null) return false;
else {
NodeList list = reqCtx.getElementsByTagName(type);
for (int i=0; i<list.getLength(); i++) {
Node node = list.item(i);
NodeList list1 = node.getChildNodes();
for (int j=0; j<list1.getLength(); j++) {
Node node1 = list1.item(j);
if (Text.class.isAssignableFrom(node1.getClass())) continue;
if (node1.getNodeName().equals("Attribute")) return true;
}
}
return false;
}
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -