permiswebservice.java

一个完整的XACML工程,学习XACML技术的好例子!

/*
* Copyright (c) 2006, University of Kent
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without 
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this 
* list of conditions and the following disclaimer.
* 
* Redistributions in binary form must reproduce the above copyright notice, 
* this list of conditions and the following disclaimer in the documentation 
* and/or other materials provided with the distribution. 
*
* 1. Neither the name of the University of Kent nor the names of its 
* contributors may be used to endorse or promote products derived from this 
* software without specific prior written permission. 
*
* 2. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS  
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
* PURPOSE ARE DISCLAIMED. 
*
* 3. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
* POSSIBILITY OF SUCH DAMAGE.
*
* 4. YOU AGREE THAT THE EXCLUSIONS IN PARAGRAPHS 2 AND 3 ABOVE ARE REASONABLE
* IN THE CIRCUMSTANCES.  IN PARTICULAR, YOU ACKNOWLEDGE (1) THAT THIS
* SOFTWARE HAS BEEN MADE AVAILABLE TO YOU FREE OF CHARGE, (2) THAT THIS
* SOFTWARE IS NOT "PRODUCT" QUALITY, BUT HAS BEEN PRODUCED BY A RESEARCH
* GROUP WHO DESIRE TO MAKE THIS SOFTWARE FREELY AVAILABLE TO PEOPLE WHO WISH
* TO USE IT, AND (3) THAT BECAUSE THIS SOFTWARE IS NOT OF "PRODUCT" QUALITY
* IT IS INEVITABLE THAT THERE WILL BE BUGS AND ERRORS, AND POSSIBLY MORE
* SERIOUS FAULTS, IN THIS SOFTWARE.
*
* 5. This license is governed, except to the extent that local laws
* necessarily apply, by the laws of England and Wales.
*/
/*
 * PermisWebService.java
 *
 * Created on 30 January 2006, 14:34
 *
 * By Linying Su
 *
 * To change this template, choose Tools | Options and locate the template under
 * the Source Creation and Management node. Right-click the template and choose
 * Open. You can then make changes to the template in the Source Editor.
 */

package issrg.web.service;

import issrg.pba.Action;
import issrg.pba.Credentials;
import issrg.pba.Obligations;
import issrg.pba.PbaException;
import issrg.pba.Response;
import issrg.pba.Subject;
import issrg.pba.rbac.AbsoluteValidityPeriod;
import issrg.pba.rbac.Argument;
import issrg.pba.rbac.BadURLException;
import issrg.pba.rbac.Clock;
import issrg.pba.rbac.CustomisePERMIS;
import issrg.pba.rbac.ExpirableCredentials;
import issrg.pba.rbac.IntersectionValidityPeriod;
import issrg.pba.rbac.LDAPDNPrincipal;
import issrg.pba.rbac.PermisAction;
import issrg.pba.rbac.PermisArgument;
import issrg.pba.rbac.PermisSubject;
import issrg.pba.rbac.PermisTarget;
import issrg.pba.rbac.RoleBasedCredentials;
import issrg.pba.rbac.SetOfSubsetsCredentials;
import issrg.pba.rbac.SignatureVerifier;
import issrg.pba.rbac.SimpleSignatureVerifier;
import issrg.pba.rbac.Time;
import issrg.pba.rbac.URLHandler;
import issrg.pba.rbac.ValidityPeriod;
import issrg.pba.rbac.x509.RepositoryACPolicyFinder;
import issrg.pba.rbac.xmlpolicy.ifstatement.EnvironmentNode;
import issrg.simplePERMIS.SimplePERMISToken;
import issrg.utils.repository.AttributeRepository;
import issrg.utils.repository.MultiRepository;
import issrg.utils.repository.VirtualRepository;
import java.io.*;
import java.util.*;
import issrg.utils.RFC2253NameParser;
import issrg.utils.RFC2253ParsingException;
import issrg.security.*;
import javax.xml.parsers.*;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.w3c.dom.*;
import issrg.config.files.*;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.*;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.lang.reflect.*;

import netscape.ldap.*;

/**
 *
 * @author Linying Su
 */
public class PermisWebService extends Clock {
    
    private static Log logger = LogFactory.getLog(PermisWebService.class.getName());

    private issrg.pba.rbac.PermisRBAC pba = null;    
    static final Date STARTUP=new GregorianCalendar().getTime();
    private Date time=STARTUP; // by default the clock is set to the time of the application startup
    private Document doc = null;
    private PermisWebService theClock = null;

    private static int PDP = 0;
    private static int CVS = 1;
    
    /**
     * Creates a new instance of PermisWebService 
     */
    
    public PermisWebService() throws PermisWebServiceException {

        DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
        factory.setValidating(false);
        try {
            this.doc = factory.newDocumentBuilder().newDocument();
        } catch (ParserConfigurationException pe) {
            throw new PermisWebServiceException("error:"+pe);
        }
        // if this CVS is run as a web service, the following statements should be commentted out.
        //if (this.pba==null) {
        //this.initialise("init.bat");
        //this.setLoglevel("log.cfg");
        //}
    }
    
    /**
     * This method is used to set log information by a configuration file
     * @param configFile, which is the configuratin file name
     * This file contains e.g.
     *
     *  log-level = debug
     *  layout    = %-5p - %m%n [optional]
     *  log-file  = /home/log/permis.log [optional]
     */
    
    public void setLogLevel(String configFile) throws PermisWebServiceException {
        Logger root = Logger.getRootLogger();
        Logger log = null;    
        Appender appender;     
        Level level;
        log = Logger.getLogger(PermisWebService.class);
        String priority = "debug";
        String file = null;
        Layout layout = new PatternLayout("%d{dd MM yyyy HH:mm:ss} %-5p %c %x - %m%n");  
        String fileName = configFile;
        issrg.web.service.Config config = new issrg.web.service.Config();
        Properties props = new Properties();           
        try {
            InputStream in = new FileInputStream(config.getURL(fileName));
            props.load(in);
            in.close();
            priority = props.getProperty("log-level");
            file = props.getProperty("log-file");
            String lay = props.getProperty("layout");
            if (lay!=null) layout = new PatternLayout(lay);
            if (file==null) {
                appender = new WriterAppender(layout, System.out);
            } else {
                appender = new org.apache.log4j.FileAppender(layout, file);
            }   
        } catch (Exception e) {
            appender = new WriterAppender(layout, System.out);
        }
        root.removeAllAppenders();
        BasicConfigurator.configure(appender);
        level = Level.toLevel(priority.toUpperCase());
        log.setLevel(level);
    }
    
    /**
     * This method is to construct PermisRBAC with the configuration file
     * @param inputFilename, which is the configuration file name
     * @param mode, which indicates what type of token parser will be used. This parameter can have any value at this implementation.
     */
    
    public void initialise(String inputFilename,int mode) throws PermisWebServiceException {
        String soa = null;
        String oid = null;
        AttributeRepository [] ar = null;
        issrg.utils.repository.VirtualRepository vr = null;
        SignatureVerifier sv=null;
        Hashtable files = new Hashtable();
        InputStream in = null;
        try{
            issrg.web.service.Config config = new issrg.web.service.Config();
            in = new FileInputStream(config.getURL(inputFilename));
        }catch(IOException ioe){
            throw new PermisWebServiceException("error:"+ioe);
        }catch (issrg.web.service.ConfigException ce) {
            throw new PermisWebServiceException("error:"+ce);
        }
        files.put(inputFilename, inputFilename);
        logger.info("Processing instructions from "+inputFilename);
        Hashtable setup = new Hashtable();

        String prev=""; // this is the instruction in the previous loop


        BufferedReader br=new BufferedReader(new InputStreamReader(in));
        String s=null;
        int line=0;
        try{
            while(true){
                try{
                    s=br.readLine();
                    boolean breakNow=s==null;
                    if (breakNow){
                        s="ini: clear"; // this line will cause the final processing of the data collected since the last "ini:"
                    }else{
                        line++;
                        logger.debug("# "+line+"\r\n"+s+"\r\n# ");
                    }

                    if (s==""){
                        logger.debug("empty line - ignored");
                    }else if (s.trim().startsWith("#")){
                        logger.debug("comment - ignored");
                    }else{
                        String instruction = s.substring(0, 4).intern();
                        boolean newInstr = instruction!="...:";
                        if (newInstr) prev=instruction;
                        else instruction=prev.intern();

                        String rhs = s.substring(4);

                        int idx=rhs.indexOf("=");
                        String var=rhs, val="";
                        if (idx>0){ // found an assignment - then split it into variable and value
                            var=rhs.substring(0, idx).trim().intern();
                            if ((idx+1)<rhs.length()) val=rhs.substring(idx+1);
                        }
                        rhs=rhs.trim().intern();

                        // now rhs is the right-hand-side of the instruction
                        // var is the variable in the assignment, val is the value of the variable.

                        if (instruction=="inc:"){ // include another batch file
                            logger.debug("include batch "+rhs);
                            this.initialise(rhs,mode); // call it recursively