org.jboss.as.test.integration.security.xacml.JBossPDPInteroperabilityTestCase.java Source code

Java tutorial

Introduction

Here is the source code for org.jboss.as.test.integration.security.xacml.JBossPDPInteroperabilityTestCase.java

Source

/*
 * JBoss, Home of Professional Open Source.
 * Copyright 2012, Red Hat, Inc., and individual contributors
 * as indicated by the @author tags. See the copyright.txt file in the
 * distribution for a full listing of individual contributors.
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, write to the Free
 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 */
package org.jboss.as.test.integration.security.xacml;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.util.HashMap;
import java.util.Map;

import javax.inject.Inject;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;

import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.text.StrSubstitutor;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.junit.Arquillian;
import org.jboss.logging.Logger;
import org.jboss.security.xacml.core.JBossPDP;
import org.jboss.security.xacml.core.model.context.ActionType;
import org.jboss.security.xacml.core.model.context.AttributeType;
import org.jboss.security.xacml.core.model.context.EnvironmentType;
import org.jboss.security.xacml.core.model.context.RequestType;
import org.jboss.security.xacml.core.model.context.ResourceType;
import org.jboss.security.xacml.core.model.context.SubjectType;
import org.jboss.security.xacml.factories.RequestAttributeFactory;
import org.jboss.security.xacml.factories.RequestResponseContextFactory;
import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
import org.jboss.security.xacml.interfaces.RequestContext;
import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.security.xacml.jaxb.LocatorType;
import org.jboss.security.xacml.jaxb.LocatorsType;
import org.jboss.security.xacml.jaxb.PDP;
import org.jboss.security.xacml.jaxb.PoliciesType;
import org.jboss.security.xacml.jaxb.PolicySetType;
import org.jboss.security.xacml.locators.JBossPolicySetLocator;
import org.jboss.shrinkwrap.api.ArchivePaths;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.EmptyAsset;
import org.jboss.shrinkwrap.api.spec.JavaArchive;
import org.junit.Test;
import org.junit.runner.RunWith;

/**
 * Testcases which test JBossPDP initialization a validates XACML Interoperability Use Cases. .
 *
 * @author Josef Cacek
 */
@RunWith(Arquillian.class)
public class JBossPDPInteroperabilityTestCase {

    private static Logger LOGGER = Logger.getLogger(JBossPDPInteroperabilityTestCase.class);

    @Inject
    JBossPDPServiceBean pdpServiceBean;

    // Public methods --------------------------------------------------------

    /**
     * Creates {@link JavaArchive} for the deployment.
     *
     * @return
     */
    @Deployment
    public static JavaArchive deployment() {
        final JavaArchive jar = ShrinkWrap.create(JavaArchive.class, "pdp-service-bean.jar");
        jar.addAsManifestResource(EmptyAsset.INSTANCE, ArchivePaths.create("beans.xml"));
        XACMLTestUtils.addCommonClassesToArchive(jar);
        XACMLTestUtils.addJBossDeploymentStructureToArchive(jar);
        XACMLTestUtils.addXACMLPoliciesToArchive(jar);

        //we need this because of "in-container" testing
        for (int i = 1; i <= 7; i++) {
            jar.addAsResources(JBossPDPServletInitializationTestCase.class.getPackage(),
                    XACMLTestUtils.TESTOBJECTS_REQUESTS + "/scenario2-testcase" + i + "-request.xml");
        }
        jar.addAsResource(JBossPDPServletInitializationTestCase.class.getPackage(),
                XACMLTestUtils.TESTOBJECTS_REQUESTS + "/med-example-request.xml");

        return jar;
    }

    /**
     * Validates the 7 Oasis XACML Interoperability Use Cases.
     *
     * @throws Exception
     */
    @Test
    public void testInteropTestWithXMLRequests() throws Exception {
        assertNotNull("PDPServiceBean should be injected.", pdpServiceBean);
        final PolicyDecisionPoint pdp = pdpServiceBean.getJBossPDP();
        assertNotNull("JBossPDP should be not-null", pdp);
        assertEquals("Case 1 should be deny", XACMLConstants.DECISION_DENY,
                getDecision(pdp, "scenario2-testcase1-request.xml"));
        assertEquals("Case 2 should be permit", XACMLConstants.DECISION_PERMIT,
                getDecision(pdp, "scenario2-testcase2-request.xml"));
        assertEquals("Case 3 should be permit", XACMLConstants.DECISION_PERMIT,
                getDecision(pdp, "scenario2-testcase3-request.xml"));
        assertEquals("Case 4 should be deny", XACMLConstants.DECISION_DENY,
                getDecision(pdp, "scenario2-testcase4-request.xml"));
        assertEquals("Case 5 should be deny", XACMLConstants.DECISION_DENY,
                getDecision(pdp, "scenario2-testcase5-request.xml"));
        assertEquals("Case 6 should be deny", XACMLConstants.DECISION_DENY,
                getDecision(pdp, "scenario2-testcase6-request.xml"));
        assertEquals("Case 7 should be permit", XACMLConstants.DECISION_PERMIT,
                getDecision(pdp, "scenario2-testcase7-request.xml"));
    }

    /**
     * Tests PDP evaluation of XACML requests provided as the objects (Oasis XACML Interoperability Use Cases).
     *
     * @throws Exception
     */
    @Test
    public void testInteropTestWithObjects() throws Exception {
        assertNotNull("PDPServiceBean should be injected.", pdpServiceBean);
        final PolicyDecisionPoint pdp = pdpServiceBean.getJBossPDP();
        assertNotNull("JBossPDP should be not-null", pdp);
        assertEquals("Case 1 should be deny", XACMLConstants.DECISION_DENY,
                getDecision(pdp, getRequestContext("false", "false", 10)));
        assertEquals("Case 2 should be permit", XACMLConstants.DECISION_PERMIT,
                getDecision(pdp, getRequestContext("false", "false", 1)));
        assertEquals("Case 3 should be permit", XACMLConstants.DECISION_PERMIT,
                getDecision(pdp, getRequestContext("true", "false", 5)));
        assertEquals("Case 4 should be deny", XACMLConstants.DECISION_DENY,
                getDecision(pdp, getRequestContext("false", "false", 9)));
        assertEquals("Case 5 should be deny", XACMLConstants.DECISION_DENY,
                getDecision(pdp, getRequestContext("true", "false", 10)));
        assertEquals("Case 6 should be deny", XACMLConstants.DECISION_DENY,
                getDecision(pdp, getRequestContext("true", "false", 15)));
        assertEquals("Case 7 should be permit", XACMLConstants.DECISION_PERMIT,
                getDecision(pdp, getRequestContext("true", "true", 10)));
    }

    /**
     * Tests loading XACML policies from a filesystem folder.
     *
     * @throws Exception
     */
    @Test
    public void testPoliciesLoadedFromDir() throws Exception {
        //create temporary folder for policies
        final File policyDir = new File("test-JBossPDP-Med-" + System.currentTimeMillis());
        final InputStream requestIS = getClass()
                .getResourceAsStream(XACMLTestUtils.TESTOBJECTS_REQUESTS + "/med-example-request.xml");
        try {
            policyDir.mkdirs();
            final JBossPDP pdp = createPDPForMed(policyDir);
            final String requestTemplate = IOUtils.toString(requestIS, "UTF-8");
            LOGGER.trace("REQUEST template: " + requestTemplate);
            final Map<String, Object> substitutionMap = new HashMap<String, Object>();

            substitutionMap.put(XACMLTestUtils.SUBST_SUBJECT_ID, "josef@med.example.com");
            assertEquals("Decision for josef@med.example.com should be DECISION_PERMIT",
                    XACMLConstants.DECISION_PERMIT,
                    getDecisionForStr(pdp, StrSubstitutor.replace(requestTemplate, substitutionMap)));

            substitutionMap.put(XACMLTestUtils.SUBST_SUBJECT_ID, "guest@med.example.com");
            assertEquals("Decision for guest@med.example.com should be DECISION_DENY", XACMLConstants.DECISION_DENY,
                    getDecisionForStr(pdp, StrSubstitutor.replace(requestTemplate, substitutionMap)));

            substitutionMap.put(XACMLTestUtils.SUBST_SUBJECT_ID, "hs@simpsons.com");
            assertEquals("Decision for hs@simpsons.com should be DECISION_DENY", XACMLConstants.DECISION_DENY,
                    getDecisionForStr(pdp, StrSubstitutor.replace(requestTemplate, substitutionMap)));

            substitutionMap.put(XACMLTestUtils.SUBST_SUBJECT_ID, "bs@simpsons.com");
            assertEquals("Decision for bs@simpsons.com should be DECISION_NOT_APPLICABLE",
                    XACMLConstants.DECISION_NOT_APPLICABLE,
                    getDecisionForStr(pdp, StrSubstitutor.replace(requestTemplate, substitutionMap)));

            substitutionMap.put(XACMLTestUtils.SUBST_SUBJECT_ID, "admin@acme.com");
            assertEquals("Decision for admin@acme.com should be DECISION_NOT_APPLICABLE",
                    XACMLConstants.DECISION_NOT_APPLICABLE,
                    getDecisionForStr(pdp, StrSubstitutor.replace(requestTemplate, substitutionMap)));

        } finally {
            FileUtils.deleteDirectory(policyDir);
            requestIS.close();
        }
    }

    // Private methods -------------------------------------------------------

    /**
     * Creates a {@link JBossPDP} instance filled with policies from Medical example (loaded from a directory in the
     * filesystem).
     *
     * @param policyDir
     * @return
     * @throws IOException
     */
    private JBossPDP createPDPForMed(final File policyDir) throws IOException {
        final File policySetFile = new File(policyDir, XACMLTestUtils.MED_EXAMPLE_POLICY_SET);
        final File policySetFile2 = new File(policyDir, XACMLTestUtils.MED_EXAMPLE_POLICY_SET2);

        //copy policy files to the temporary folder
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Copying policies to the " + policyDir.getAbsolutePath());
        }
        FileUtils.copyInputStreamToFile(
                getClass().getResourceAsStream(
                        XACMLTestUtils.TESTOBJECTS_POLICIES + "/" + XACMLTestUtils.MED_EXAMPLE_POLICY_SET),
                policySetFile);
        FileUtils.copyInputStreamToFile(
                getClass().getResourceAsStream(
                        XACMLTestUtils.TESTOBJECTS_POLICIES + "/" + XACMLTestUtils.MED_EXAMPLE_POLICY_SET2),
                policySetFile2);

        //create XML configuration for the PDP
        final PDP pdp = new PDP();
        final PoliciesType policies = new PoliciesType();
        final PolicySetType policySet = new PolicySetType();
        policySet.setLocation(policyDir.toURI().getPath());
        policies.getPolicySet().add(policySet);
        pdp.setPolicies(policies);
        final LocatorType locator = new LocatorType();
        locator.setName(JBossPolicySetLocator.class.getName());
        final LocatorsType locators = new LocatorsType();
        locators.getLocator().add(locator);
        pdp.setLocators(locators);

        return new JBossPDP(new JAXBElement<PDP>(new QName("urn:jboss:xacml:2.0", "jbosspdp"), PDP.class, pdp));
    }

    /**
     * Get the decision from the given PDP for the given request string (XML as a String).
     *
     * @param pdp
     * @param requestStr
     * @return
     * @throws Exception
     */
    private int getDecisionForStr(PolicyDecisionPoint pdp, String requestStr) throws Exception {
        final RequestContext request = RequestResponseContextFactory.createRequestCtx();
        request.readRequest(IOUtils.toInputStream(requestStr));
        return getDecision(pdp, request);
    }

    /**
     * Get the decision from the PDP.
     *
     * @param pdp
     * @param requestFileLoc a file where the xacml request is stored
     * @return
     * @throws Exception
     */
    private int getDecision(PolicyDecisionPoint pdp, String requestFileLoc) throws Exception {
        final RequestContext request = RequestResponseContextFactory.createRequestCtx();
        LOGGER.trace("Creating request from " + requestFileLoc);
        final InputStream requestStream = JBossPDPInteroperabilityTestCase.class
                .getResourceAsStream(XACMLTestUtils.TESTOBJECTS_REQUESTS + "/" + requestFileLoc);
        if (requestStream == null) {
            LOGGER.warn("INPUT IS NULL");
        }
        request.readRequest(requestStream);
        return getDecision(pdp, request);
    }

    /**
     * Gets the decision from the PDP.
     *
     * @param pdp
     * @param request
     * @return
     */
    private static int getDecision(PolicyDecisionPoint pdp, RequestContext request) {
        return pdp.evaluate(request).getDecision();
    }

    /**
     * Creates a single XACML request (instance of {@link RequestType}) with given parameters (subject's attribute values).
     *
     * @param reqTradeAppr
     * @param reqCreditAppr
     * @param buyPrice
     * @return
     * @throws Exception
     */
    private RequestContext getRequestContext(String reqTradeAppr, String reqCreditAppr, int buyPrice)
            throws Exception {
        final RequestType request = new RequestType();
        request.getSubject().add(createSubject(reqTradeAppr, reqCreditAppr, buyPrice));
        request.getResource().add(createResource());
        request.setAction(createAction());
        request.setEnvironment(new EnvironmentType());

        final RequestContext requestCtx = RequestResponseContextFactory.createRequestCtx();
        requestCtx.setRequest(request);

        return requestCtx;
    }

    /**
     * Creates a {@link SubjectType} with given attribute values. Some of the attribute values (as "subject-id" for instance)
     * are fixed.
     *
     * @param reqTradeAppr
     * @param reqCreditAppr
     * @param buyPrice
     * @return
     */
    private SubjectType createSubject(String reqTradeAppr, String reqCreditAppr, int buyPrice) {
        // Create a subject type
        SubjectType subject = new SubjectType();
        subject.setSubjectCategory("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject");
        // create the subject attributes
        AttributeType attSubjectID = RequestAttributeFactory.createStringAttributeType(
                "urn:oasis:names:tc:xacml:1.0:subject:subject-id", "xacml20.interop.com", "123456");
        subject.getAttribute().add(attSubjectID);

        AttributeType attUserName = RequestAttributeFactory.createStringAttributeType(
                "urn:xacml:2.0:interop:example:subject:user-name", "xacml20.interop.com", "John Smith");
        subject.getAttribute().add(attUserName);

        AttributeType attBuyNumShares = RequestAttributeFactory.createIntegerAttributeType(
                "urn:xacml:2.0:interop:example:subject:buy-num-shares", "xacml20.interop.com", 1000);
        subject.getAttribute().add(attBuyNumShares);

        AttributeType attBuyOfferShare = RequestAttributeFactory.createIntegerAttributeType(
                "urn:xacml:2.0:interop:example:subject:buy-offer-price", "xacml20.interop.com", buyPrice);
        subject.getAttribute().add(attBuyOfferShare);

        AttributeType attRequestExtCred = RequestAttributeFactory.createStringAttributeType(
                "urn:xacml:2.0:interop:example:subject:req-credit-ext-approval", "xacml20.interop.com",
                reqCreditAppr);
        subject.getAttribute().add(attRequestExtCred);

        AttributeType attRequestTradeApproval = RequestAttributeFactory.createStringAttributeType(
                "urn:xacml:2.0:interop:example:subject:req-trade-approval", "xacml20.interop.com", reqTradeAppr);
        subject.getAttribute().add(attRequestTradeApproval);

        return subject;
    }

    /**
     * Creates a {@link ResourceType} with several attributes.
     *
     * @return
     */
    private ResourceType createResource() {
        ResourceType resourceType = new ResourceType();

        AttributeType attResourceID = RequestAttributeFactory.createStringAttributeType(
                "urn:oasis:names:tc:xacml:1.0:resource:resource-id", "xacml20.interop.com", "CustomerAccount");
        resourceType.getAttribute().add(attResourceID);

        AttributeType attOwnerID = RequestAttributeFactory.createStringAttributeType(
                "urn:xacml:2.0:interop:example:resource:owner-id", "xacml20.interop.com", "123456");
        resourceType.getAttribute().add(attOwnerID);

        AttributeType attOwnerName = RequestAttributeFactory.createStringAttributeType(
                "urn:xacml:2.0:interop:example:resource:owner-name", "xacml20.interop.com", "John Smith");
        resourceType.getAttribute().add(attOwnerName);

        AttributeType attAccountStatus = RequestAttributeFactory.createStringAttributeType(
                "urn:xacml:2.0:interop:example:resource:account-status", "xacml20.interop.com", "Active");
        resourceType.getAttribute().add(attAccountStatus);

        AttributeType attCreditLine = RequestAttributeFactory.createIntegerAttributeType(
                "urn:xacml:2.0:interop:example:resource:credit-line", "xacml20.interop.com", 15000);
        resourceType.getAttribute().add(attCreditLine);

        AttributeType attCurrentCredit = RequestAttributeFactory.createIntegerAttributeType(
                "urn:xacml:2.0:interop:example:resource:current-credit", "xacml20.interop.com", 10000);
        resourceType.getAttribute().add(attCurrentCredit);

        AttributeType attTradeLimit = RequestAttributeFactory.createIntegerAttributeType(
                "urn:xacml:2.0:interop:example:resource:trade-limit", "xacml20.interop.com", 10000);
        resourceType.getAttribute().add(attTradeLimit);
        return resourceType;
    }

    /**
     * Creates a simple {@link ActionType} with a single attribute - action-id=Buy.
     *
     * @return
     */
    private ActionType createAction() {
        final ActionType actionType = new ActionType();
        final AttributeType attActionID = RequestAttributeFactory.createStringAttributeType(
                "urn:oasis:names:tc:xacml:1.0:action:action-id", "xacml20.interop.com", "Buy");
        actionType.getAttribute().add(attActionID);
        return actionType;
    }
}