📄 permisrbac.java
字号:
/*
* Copyright (c) 2000-2005, University of Salford
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of the University of Salford nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
package issrg.pba.rbac;
import java.security.Principal;
import issrg.pba.PolicyParser;
import issrg.pba.ParsedToken;
import issrg.pba.Subject;
import issrg.pba.Target;
import issrg.pba.Action;
import issrg.pba.Credentials;
import issrg.pba.PbaException;
import issrg.pba.DecisionWithObligationException;
import issrg.pba.CredentialsService;
import issrg.pba.Response;
import issrg.pba.rbac.CustomisePERMIS;
import issrg.pba.rbac.PolicyFinder;
import issrg.pba.rbac.policies.AssignmentRule;
import issrg.utils.repository.Entry;
import issrg.pba.rbac.xmlpolicy.XMLPolicyParser;
import issrg.pba.AuthTokenParser;
import issrg.utils.repository.VirtualRepository;
import issrg.pba.repository.AuthTokenRepository;
import issrg.pba.repository.UserEntry;
import issrg.utils.repository.AttributeRepository;
import issrg.utils.repository.MultiRepository;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.InputStream;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Date;
import java.util.Map;
import javax.naming.directory.Attribute;
import java.util.Vector;
import issrg.SAWS.*; // added for MSoD
import org.apache.log4j.*;// added for logging
/**
* This is the Permis implementation of the PBAAPI. It works with a variety of
* authorization token formats, in particular, it can handle X.509 Attribute
* Certificates and uses Role Based access control and the policy is the XML
* Policy that accords to Policy10.DTD.
*
* <p>When the object has been constructed successfully, the caller (the AEF -
* Access decision Enforcement Function; see ISO 10181-3 access control
* framework; or the PEP - Policy Enforcement Point) can use the object to
* make access decisions for various user
* requests.
*
* <p>In order to make a decision the caller must obtain the user's credentials.
* This can be done by calling any of the range of getCreds methods, providing
* both Push and Pull models. If Pull model is used, the user authorisation
* tokens are retrieved
* from the repository, specified in the constructor. After that the delegation
* chain
* is established, and the user set of credentials is calculated by parsing the
* tokens. The PermisRBAC object uses Role attributes from the authorisation
* tokens, for which the OID and
* allowed range of values are specified in the Policy (obtained at construction
* time). Thus the
* Credentials for the user are calculated and stored in the Subject object.
*
* <p>Now the decision method can be called for the Subject as many times as the
* AEF or PEP decides is appropriate before the credentials become outdated and
* need
* to be refreshed. Note also that the same Subject can only be used by the
* PermisRBAC
* object that created it. It cannot be used by other PermisRBAC object(s),
* even
* if they are initialised with the same Policy OID: to check this the object
* ascertains
* if the owner of the Subject object is itself and throws an exception at
* decision time if
* it is not. This is done to ensure the credentials of the Subject are up to
* date
* and are not forged or confused with credentials obtained from another
* PermisRBAC instance.
*
* <p>When calling the decision method, the AEF must pass the Action that the
* user
* wants to perform, and the Target the user wants to perform the action on. A
* set of other contextual parameters is passed as environmental variables.
* They
* can be used by the PermisRBAC object when calculating the decision, if the
* Policy
* requires so. The decision method either returns a boolean result (true
* meaning grant
* access, false meaning deny), or throws a PbaException, when a decision
* cannot be
* made.
*
* <p>If you need to know which roles the user has got (usually it is for
* auditing purposes),
* you can extract them using the {@link issrg.pba.rbac.RoleBasedCredentials#getRoleValues getRoleValues}
* method of the RoleBasedCredentials object. See the example in the
* RoleBasedCredentials
* documentation for that method.
*
* @author A Otenko
* @author E Ball
* @author D W Chadwick
* @version 0.2
*/
public class PermisRBAC implements issrg.pba.PBAAPI{
/**
* This is the name of the environmental variable used to locate the clock
* with current time.
* Its name is "time", so the XML should contain statements like this:
*
* <p><code>...<!-- IF-statement goes here. It compares if current time
* is "after 8am" -->
* <br><GE>
* <br> <Environment Parameter="time" Type="Time"/>
* <br> <Constant Type="Time" Value="*-*-*T8:00"/>
* <br></GE>
* </code>
*/
public final String TIME_VARIABLE="time";
private Clock clock; //= CustomisePERMIS.getSystemClock();
private AuthTokenRepository Repository;
private AuthTokenParser authParser;
// change private in protected
// date 15/11/2005
protected int TIMEOUT = 0;
private PolicyFinder policyFinder;
protected PermisRBAC(){}
Logger logger = Logger.getLogger("issrg.pba.PermisRBAC");
/**
* This method returns the boolean result of evaluating the Access Control
* Decision Function.
*
* @param S the subject wishing to carry out the action on the target
* @param A the action that the subject wishes to carry out
* @param T the target object on which the action is carried out
* @param Application_Context a list of application contextual parameters
*
* @return true, if the requested access should be granted; false otherwise
* @throws PbaException, if the decision could not be made, or it can't
* be enforced (e.g. an Obligation must be enforced - use a response
* method in such cases)
*/
public boolean decision(Subject S, Action A, Target T,
java.util.Map Application_Context) throws PbaException{
if (logger.isDebugEnabled())logger.debug("Decision Called");
if (logger.isDebugEnabled())logger.debug("Creating a response");
Response r = response(S, A, T, Application_Context);
if (logger.isDebugEnabled())logger.debug("Response Created");
if (r.getObligations()!=null) throw new DecisionWithObligationException("Cannot make a decision: some obligations must be enforced", r);
return r.isAuthorised();
}
/**
* This method makes a decision, and in addition to that can provide a set
* of Obligations that the system must fulfil upon enforcement of the
* decision.
*
* @param S the subject wishing to carry out the action on the target
* @param A the action that the subject wishes to carry out
* @param T the target object on which the action is carried out
* @param Application_Context a list of application contextual parameters
*/
public Response response(Subject S, Action A, Target T,
java.util.Map Application_Context) throws PbaException{
if (S==null || A==null || T==null){
throw new PbaException("Subject, Action and Target should not be null");
}
if (S.getOwner()!=this){
throw new PbaException("Cannot use the subject: created by a different object");
}
issrg.pba.CredentialsService cs = S.getService();
if (cs!=null){
cs.service(S);
}
Application_Context=initEnv(Application_Context);
// added for MSoD
Application_Context.put("Subject", S);
((Clock)Application_Context.get(TIME_VARIABLE)).latch(); // Application_Context should contain TIME_VARIABLE after initEnv
clock.latch();
return policyFinder.getAccessPolicy().response((issrg.pba.Credentials)S.exportCreds(), A, T, Application_Context);
}
/**
* This method returns the credentials of the subject whose Principal
* is supplied (e.g. LDAPDNPrincipal represents the Subject's LDAP DN).
* <b>(The PULL Model)</b>
*
* @param subjectDN is the name of the subject
*
* @return the Subject object
*/
public Subject getCreds(Principal subjectDN) throws PbaException{
return getCreds(subjectDN, (CredentialsService)null);
}
/**
* This method returns the credentials of the subject whose Principal
* is supplied (e.g. LDAPDNPrincipal represents the Subject's LDAP DN).
* <b>(The PULL Model)</b>
*
* <p>It does the same as <code>getCreds(Principal)</code>, but in
* addition sets a service specified by the AEF; for example session time,
* after which the credentials will be automatically expired.
*
* @param subjectDN is the name of the subject
*
* @return the Subject object
*
* @see getCreds(Principal)
*/
public Subject getCreds(Principal subjectDN,
CredentialsService service
) throws PbaException{
return getCreds(subjectDN, null, service);
}
/**
* This method returns the credentials of the subject whose Principal
* and Authorisation Tokens
* are supplied (e.g. LDAPDNPrincipal represents the Subject's LDAP DN,
* and byte arrays of BER-encoded Attribute Certificates represent the
* Authorisation Tokens).
* <b>(The PUSH Model)</b>
*
* @param subjectDN is the name of the subject
* @param creds is the array of raw Authorisation Tokens, which will be
* parsed by the default AuthTokenParser (e.g. BER-encoded X.509 ACs)
* or an array of ParsedTokens (already parsed by your custom code); in
* both cases containing the whole delegation chain must be provided
*
* @return the Subject object
*/
public Subject getCreds(Principal subjectDN,
Object [] creds
) throws PbaException{
return getCreds(subjectDN, creds, null);
}
/**
* This method returns the credentials of the subject whose Principal
* and Authorisation Tokens
* are supplied (e.g. LDAPDNPrincipal represents the Subject's LDAP DN,
* and byte arrays of BER-encoded Attribute Certificates represent the
* Authorisation Tokens).
* <b>(The PUSH Model)</b>
*
* @param subjectDN is the name of the subject
* @param creds is the array of raw Authorisation Tokens, which will be
* parsed by the default AuthTokenParser (e.g. BER-encoded X.509 ACs)
* or an array of ParsedTokens (already parsed by your custom code); in
* both cases containing the whole delegation chain must be provided
* @param service is the service to attach to the credentials
*
* @return the Subject object with CredentialService attached to it
*/
public Subject getCreds(Principal subjectDN,
Object [] creds,
CredentialsService service) throws PbaException{
return getCreds(new UserEntry(subjectDN), creds, policyFinder.getRepository(), service);
}
/**
* This method returns the credentials of the subject, given the subject
* Principal
* and an array of repository URLs where his credentials are stored -
* semi-pull
* model. The method doesn't check whether all of the repositories are
* connectable. If they are not, a partial or even empty set of credentials
* will be
* returned.
*
* @param subject - the Principal of the subject
* @param urls - the array of the URLs of the repositories where the
* subject's
* credentials are stored.
* @param authParser - the AuthTokenParser to use when parsing the
* Authorisation Tokens; if null, the default AuthTokenParser will be
* used
*
* @return the Subject object
*/
public Subject getCreds(Principal subject, String [] urls, issrg.pba.AuthTokenParser authParser) throws PbaException {
issrg.pba.repository.AuthTokenRepository repository;
repository = new issrg.simplePERMIS.SimplePERMISAuthTokenRepository(this.getRepositories(urls),authParser);
return getCreds(new UserEntry(subject),
null,
repository,
null
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -