Java Code Examples for org.apache.neethi.PolicyEngine#getPolicy()

The following examples show how to use org.apache.neethi.PolicyEngine#getPolicy() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: DiscoveryMgtUtils.java    From carbon-commons with Apache License 2.0 6 votes vote down vote up
private static Policy getPolicy(String key, Registry registry)
        throws DiscoveryException, RegistryException {

    if (!registry.resourceExists(key)) {
        throw new DiscoveryException("Policy resource " + key + " does not exist");
    }

    Resource policy = registry.get(key);
    ByteArrayInputStream in = new ByteArrayInputStream((byte[]) policy.getContent());
    try {
        StAXOMBuilder builder = new StAXOMBuilder(in);
        Policy secPolicy = PolicyEngine.getPolicy(builder.getDocumentElement());
        policy.discard();
        return secPolicy;
    } catch (XMLStreamException e) {
        policy.discard();
        throw new DiscoveryException("Error while loading the policy from resource " + key, e);
    }
}
 
Example 2
Source File: DBDeployer.java    From micro-integrator with Apache License 2.0 6 votes vote down vote up
/**
 * Helper method to handle security policies.
 *
 * @param file deployment data file.
 * @param axisService to be modified.
 * @return true if security is enabled, false otherwise.
 * @throws DataServiceFault
 */
private boolean handleSecurityProxy(DeploymentFileData file, AxisService axisService) throws DataServiceFault {
    try (FileInputStream fis = new FileInputStream(file.getFile().getAbsoluteFile())) {
        boolean secEnabled = false;
        StAXOMBuilder builder = new StAXOMBuilder(fis);
        OMElement documentElement =  builder.getDocumentElement();
        OMElement enableSecElement= documentElement.getFirstChildWithName(new QName(DBSFields.ENABLESEC));
        if (enableSecElement != null) {
            secEnabled = true;
        }
        OMElement policyElement= documentElement.getFirstChildWithName(new QName(DBSFields.POLICY));
        if (policyElement != null) {
            String policyKey = policyElement.getAttributeValue(new QName(DBSFields.POLICY_KEY));
            if (null == policyKey) {
                throw new DataServiceFault("Policy key element should contain a policy key in "
                        + file.getFile().getName());
            }
            Policy policy = PolicyEngine.getPolicy(DBUtils.getInputStreamFromPath(policyKey));
            axisService.getPolicySubject().attachPolicy(policy);
        }
        return secEnabled;
    }catch (Exception e) {
        throw new DataServiceFault(e, "Error in processing security policy");
    }
}
 
Example 3
Source File: IdentityBaseUtil.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
public static Policy getSignOnlyPolicy() throws IdentityException {

        Policy policy;

        try {
            OMElement policyOM = AXIOMUtil.stringToOM(policyString);
            PolicyEngine policyEngine = new PolicyEngine();
            policy = policyEngine.getPolicy(policyOM);
        } catch (Exception e) {
            String msg = "error building policy from " + policyString;
            log.error(msg);
            throw IdentityException.error(msg, e);
        }

        return policy;

    }
 
Example 4
Source File: DiscoveryMgtUtils.java    From carbon-commons with Apache License 2.0 5 votes vote down vote up
/**
 * Get the client side security policy for the remote discovery proxy. This method first checks
 * whether a resource named DiscoveryConstants.DISCOVERY_CLIENT_POLICY is available at the
 * root of the configuration registry. If not it attempts to load the policy from a file named
 * DiscoveryConstants.DISCOVERY_CLIENT_POLICY which should reside in the configuration file
 * directory of Carbon.
 *
 * @param registry Configuration registry
 * @return a Policy instance or null
 * @throws RegistryException If the registry cannot be accessed
 * @throws XMLStreamException If the policy XML cannot be parsed
 */
public static Policy getClientSecurityPolicy(Registry registry) throws RegistryException, 
        XMLStreamException {
    //TODO: Improve this logic so that user can put the security policy anywhere in the registry

    InputStream in;
    Resource policyResource = null;
    if (registry.resourceExists(DiscoveryConstants.DISCOVERY_CLIENT_POLICY)) {
        policyResource = registry.get(DiscoveryConstants.DISCOVERY_CLIENT_POLICY);
        in = policyResource.getContentStream();
    } else {
        String file = CarbonUtils.getCarbonConfigDirPath() + File.separator +
            DiscoveryConstants.DISCOVERY_CLIENT_POLICY;
        try {
            in = new FileInputStream(file);
        } catch (FileNotFoundException ignored) {
            return null;
        }
    }

    Policy policy = null;
    if (in != null) {
        StAXOMBuilder builder = new StAXOMBuilder(in);
        policy = PolicyEngine.getPolicy(builder.getDocumentElement());
    }

    if (policyResource != null) {
        policyResource.discard();
    }
    return policy;
}
 
Example 5
Source File: Utils.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
public static Policy getSecurityPolicy() {

        String policyString = "        <wsp:Policy wsu:Id=\"UTOverTransport\" xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\"\n" +
                "                    xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">\n" +
                "          <wsp:ExactlyOne>\n" +
                "            <wsp:All>\n" +
                "              <sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" +
                "                <wsp:Policy>\n" +
                "                  <sp:TransportToken>\n" +
                "                    <wsp:Policy>\n" +
                "                      <sp:HttpsToken RequireClientCertificate=\"true\"/>\n" +
                "                    </wsp:Policy>\n" +
                "                  </sp:TransportToken>\n" +
                "                  <sp:AlgorithmSuite>\n" +
                "                    <wsp:Policy>\n" +
                "                      <sp:Basic256/>\n" +
                "                    </wsp:Policy>\n" +
                "                  </sp:AlgorithmSuite>\n" +
                "                  <sp:Layout>\n" +
                "                    <wsp:Policy>\n" +
                "                      <sp:Lax/>\n" +
                "                    </wsp:Policy>\n" +
                "                  </sp:Layout>\n" +
                "                  <sp:IncludeTimestamp/>\n" +
                "                </wsp:Policy>\n" +
                "              </sp:TransportBinding>\n" +
                "            </wsp:All>\n" +
                "          </wsp:ExactlyOne>\n" +
                "        </wsp:Policy>";

        return PolicyEngine.getPolicy(new ByteArrayInputStream(policyString.getBytes()));

    }
 
Example 6
Source File: SecurityConfigAdmin.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
private Policy loadPolicy(Resource resource) throws org.wso2.carbon.registry.api.RegistryException,
        XMLStreamException {

    InputStream in = resource.getContentStream();
    XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance();
    xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
    XMLStreamReader parser = xmlInputFactory.createXMLStreamReader(in);
    StAXOMBuilder builder = new StAXOMBuilder(parser);

    OMElement policyElement = builder.getDocumentElement();
    return PolicyEngine.getPolicy(policyElement);

}
 
Example 7
Source File: Utils.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
public static Policy getSecurityPolicy() {

        String policyString = "        <wsp:Policy wsu:Id=\"UTOverTransport\" xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\"\n" +
                "                    xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">\n" +
                "          <wsp:ExactlyOne>\n" +
                "            <wsp:All>\n" +
                "              <sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" +
                "                <wsp:Policy>\n" +
                "                  <sp:TransportToken>\n" +
                "                    <wsp:Policy>\n" +
                "                      <sp:HttpsToken RequireClientCertificate=\"true\"/>\n" +
                "                    </wsp:Policy>\n" +
                "                  </sp:TransportToken>\n" +
                "                  <sp:AlgorithmSuite>\n" +
                "                    <wsp:Policy>\n" +
                "                      <sp:Basic256/>\n" +
                "                    </wsp:Policy>\n" +
                "                  </sp:AlgorithmSuite>\n" +
                "                  <sp:Layout>\n" +
                "                    <wsp:Policy>\n" +
                "                      <sp:Lax/>\n" +
                "                    </wsp:Policy>\n" +
                "                  </sp:Layout>\n" +
                "                  <sp:IncludeTimestamp/>\n" +
                "                </wsp:Policy>\n" +
                "              </sp:TransportBinding>\n" +
                "            </wsp:All>\n" +
                "          </wsp:ExactlyOne>\n" +
                "        </wsp:Policy>";

        return PolicyEngine.getPolicy(new ByteArrayInputStream(policyString.getBytes()));

    }
 
Example 8
Source File: SecurityWithServiceDescriptorTest.java    From product-ei with Apache License 2.0 5 votes vote down vote up
private static Policy loadPolicy(String xmlPath, String clientKey, String userName)
		throws Exception {

	StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
	Policy policy = PolicyEngine.getPolicy(builder.getDocumentElement());

	RampartConfig rc = new RampartConfig();

	rc.setUser(userName);
	rc.setUserCertAlias("wso2carbon");
	rc.setEncryptionUser("wso2carbon");
	rc.setPwCbClass(SecurityWithServiceDescriptorTest.class.getName());

	CryptoConfig sigCryptoConfig = new CryptoConfig();
	sigCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");

	Properties prop1 = new Properties();
	prop1.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
	prop1.put("org.apache.ws.security.crypto.merlin.file", clientKey);
	prop1.put("org.apache.ws.security.crypto.merlin.keystore.password", "wso2carbon");
	sigCryptoConfig.setProp(prop1);

	CryptoConfig encrCryptoConfig = new CryptoConfig();
	encrCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");

	Properties prop2 = new Properties();
	prop2.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
	prop2.put("org.apache.ws.security.crypto.merlin.file", clientKey);
	prop2.put("org.apache.ws.security.crypto.merlin.keystore.password", "wso2carbon");
	encrCryptoConfig.setProp(prop2);

	rc.setSigCryptoConfig(sigCryptoConfig);
	rc.setEncrCryptoConfig(encrCryptoConfig);

	policy.addAssertion(rc);
	return policy;
}
 
Example 9
Source File: SecurityConfigAdmin.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
public void applySecurity(String serviceName, String scenarioId, KerberosConfigData kerberosConfigurations)
        throws SecurityConfigException {

    if (kerberosConfigurations == null) {
        log.error("Kerberos configurations provided are invalid.");
        throw new SecurityConfigException("Kerberos configuration parameters are null. " +
                "Please specify valid kerberos configurations.");
    }

    AxisService service = axisConfig.getServiceForActivation(serviceName);
    if (service == null) {
        throw new SecurityConfigException("nullService");
    }
    // Disable security if already a policy is applied
    this.disableSecurityOnService(serviceName); //todo fix the method

    OMElement policyElement = loadPolicyAsXML(scenarioId, null);
    OMElement carbonSecConfigs = addUserParameters(policyElement, null, null, null, kerberosConfigurations,
            false, null);

    policyElement.addChild(buildRampartConfigXML(null, null, kerberosConfigurations));
    Policy policy = PolicyEngine.getPolicy(policyElement);
    //service.getPolicySubject().attachPolicy(policy);
    try {
        persistPolicy(service, policyElement, policy.getId());
        applyPolicy(service, policy, carbonSecConfigs);
        this.getPOXCache().remove(serviceName);
    } catch (Exception e) {
        throw new SecurityConfigException("Error while persisting policy in registry ", e);
    }

}
 
Example 10
Source File: StockQuoteClient.java    From product-ei with Apache License 2.0 4 votes vote down vote up
private static Policy loadPolicy(String xmlPath) throws Exception {
    StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
    return PolicyEngine.getPolicy(builder.getDocumentElement());
}
 
Example 11
Source File: SecurityConfigAdmin.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
public void applySecurity(String serviceName, String scenarioId, String policyPath,
                          String[] trustedStores, String privateStore,
                          String[] userGroups) throws SecurityConfigException {

    AxisService service = axisConfig.getServiceForActivation(serviceName);
    OMElement carbonSecConfigs = null;
    if (service == null) {
        throw new SecurityConfigException("Service not available.");
    }

    if (userGroups != null) {
        Arrays.sort(userGroups);
        if (Arrays.binarySearch(userGroups, CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME) > -1) {
            log.error("Security breach. A user is attempting to enable anonymous for UT access");
            throw new SecurityConfigException("Invalid data provided"); // obscure error message
        }
    }
    // First disable security and remove all applied policies before applying a new policy
    this.disableSecurityOnService(serviceName);

    OMElement policyElement = loadPolicyAsXML(scenarioId, policyPath);
    SecurityScenario scenario = SecurityScenarioDatabase.get(scenarioId);
    boolean isTrustEnabled = scenario.getModules().contains(SecurityConstants.TRUST_MODULE);

    if ((isTrustEnabled || (userGroups != null && userGroups.length > 0))) {
        carbonSecConfigs = addUserParameters(policyElement, trustedStores, privateStore, userGroups, null,
                isTrustEnabled, policyPath);
    }
    // If policy is taken from registry (custom policy) it needs to have rampartConfigs defined it.
    if (StringUtils.isNotBlank(policyPath)) {
        policyElement.addChild(buildRampartConfigXML(privateStore, trustedStores, null));
    }

    Policy policy = PolicyEngine.getPolicy(policyElement);
    try {
        persistPolicy(service, policyElement, policy.getId());
        applyPolicy(service, policy, carbonSecConfigs);
        String serviceGroupId = service.getAxisServiceGroup().getServiceGroupName();
        if (userGroups != null) {
            for (String value : userGroups) {
                AuthorizationManager acAdmin = realm.getAuthorizationManager();

                acAdmin.authorizeRole(value, serviceGroupId + "/" + service.getName(),
                        UserCoreConstants.INVOKE_SERVICE_PERMISSION);
            }
        }
        if (policyPath != null &&
                scenarioId.equals(SecurityConstants.POLICY_FROM_REG_SCENARIO)) {
            Parameter pathParam = new Parameter(SecurityConstants.SECURITY_POLICY_PATH,
                    policyPath);
            service.addParameter(pathParam);
        }

    } catch (Exception e) {
        throw new SecurityConfigException("Error while persisting policy in registry", e);
    }
}
 
Example 12
Source File: SecureSample.java    From product-ei with Apache License 2.0 4 votes vote down vote up
private static Policy loadPolicy(String path) throws Exception {
    InputStream resource = new FileInputStream(path);
    StAXOMBuilder builder = new StAXOMBuilder(resource);
    return PolicyEngine.getPolicy(builder.getDocumentElement());
}
 
Example 13
Source File: SecureSample.java    From micro-integrator with Apache License 2.0 4 votes vote down vote up
private static Policy loadPolicy(String path) throws Exception {
    InputStream resource = new FileInputStream(path);
    StAXOMBuilder builder = new StAXOMBuilder(resource);
    return PolicyEngine.getPolicy(builder.getDocumentElement());
}
 
Example 14
Source File: PolicyUtil.java    From micro-integrator with Apache License 2.0 4 votes vote down vote up
public static OMElement getEmptyPolicyAsOMElement() {
    ByteArrayInputStream bais = new ByteArrayInputStream(EMPTY_POLICY.getBytes());
    Policy policy = PolicyEngine.getPolicy(bais);

    return getPolicyAsOMElement(policy);
}
 
Example 15
Source File: PolicyUtil.java    From micro-integrator with Apache License 2.0 4 votes vote down vote up
public static Policy getPolicyFromOMElement(OMElement policyElement) {
    return PolicyEngine.getPolicy(policyElement);
}
 
Example 16
Source File: SecureSample.java    From micro-integrator with Apache License 2.0 4 votes vote down vote up
private static Policy loadPolicy(String path) throws Exception {
    InputStream resource = new FileInputStream(path);
    StAXOMBuilder builder = new StAXOMBuilder(resource);
    return PolicyEngine.getPolicy(builder.getDocumentElement());
}
 
Example 17
Source File: StockQuoteClient.java    From micro-integrator with Apache License 2.0 4 votes vote down vote up
private static Policy loadPolicy(String xmlPath) throws Exception {
    StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
    return PolicyEngine.getPolicy(builder.getDocumentElement());
}
 
Example 18
Source File: StockQuoteClient.java    From micro-integrator with Apache License 2.0 4 votes vote down vote up
private static Policy loadPolicy(String xmlPath) throws Exception {
    StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
    return PolicyEngine.getPolicy(builder.getDocumentElement());
}
 
Example 19
Source File: SecurityDeploymentInterceptor.java    From carbon-identity with Apache License 2.0 3 votes vote down vote up
private Policy loadPolicy(Resource resource) throws org.wso2.carbon.registry.api.RegistryException, XMLStreamException {

        InputStream in = resource.getContentStream();
        XMLStreamReader parser = XMLInputFactory.newInstance().createXMLStreamReader(in);
        StAXOMBuilder builder = new StAXOMBuilder(parser);

        OMElement policyElement = builder.getDocumentElement();
        return PolicyEngine.getPolicy(policyElement);

    }