org.apache.neethi.PolicyEngine Java Examples
The following examples show how to use
org.apache.neethi.PolicyEngine.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: DiscoveryMgtUtils.java From carbon-commons with Apache License 2.0 | 6 votes |
|
private static Policy getPolicy(String key, Registry registry)
throws DiscoveryException, RegistryException {
if (!registry.resourceExists(key)) {
throw new DiscoveryException("Policy resource " + key + " does not exist");
}
Resource policy = registry.get(key);
ByteArrayInputStream in = new ByteArrayInputStream((byte[]) policy.getContent());
try {
StAXOMBuilder builder = new StAXOMBuilder(in);
Policy secPolicy = PolicyEngine.getPolicy(builder.getDocumentElement());
policy.discard();
return secPolicy;
} catch (XMLStreamException e) {
policy.discard();
throw new DiscoveryException("Error while loading the policy from resource " + key, e);
}
}
Example #2
| Source File: ThrottleHandler.java From carbon-apimgt with Apache License 2.0 | 6 votes |
|
/**
* This method will intialize subscription level throttling context and throttle object.
* This method need to be called for each and every request of spike arrest is enabled.
* If throttle context for incoming message is already created method will do nothing. Else
* it will create throttle object and context.
*/
private void initThrottleForHardLimitThrottling() {
OMElement hardThrottlingPolicy = createHardThrottlingPolicy();
if (hardThrottlingPolicy != null) {
Throttle tempThrottle;
try {
tempThrottle = ThrottleFactory.createMediatorThrottle(
PolicyEngine.getPolicy(hardThrottlingPolicy));
ThrottleConfiguration newThrottleConfig = tempThrottle.getThrottleConfiguration(ThrottleConstants
.ROLE_BASED_THROTTLE_KEY);
ThrottleContext hardThrottling = ThrottleContextFactory.createThrottleContext(ThrottleConstants
.ROLE_BASE,
newThrottleConfig);
tempThrottle.addThrottleContext(APIThrottleConstants.HARD_THROTTLING_CONFIGURATION, hardThrottling);
if (throttle != null) {
throttle.addThrottleContext(APIThrottleConstants.HARD_THROTTLING_CONFIGURATION, hardThrottling);
} else {
throttle = tempThrottle;
}
} catch (ThrottleException e) {
log.error("Error occurred while creating policy file for Hard Throttling.", e);
}
}
}
Example #3
| Source File: DBDeployer.java From micro-integrator with Apache License 2.0 | 6 votes |
|
/**
* Helper method to handle security policies.
*
* @param file deployment data file.
* @param axisService to be modified.
* @return true if security is enabled, false otherwise.
* @throws DataServiceFault
*/
private boolean handleSecurityProxy(DeploymentFileData file, AxisService axisService) throws DataServiceFault {
try (FileInputStream fis = new FileInputStream(file.getFile().getAbsoluteFile())) {
boolean secEnabled = false;
StAXOMBuilder builder = new StAXOMBuilder(fis);
OMElement documentElement = builder.getDocumentElement();
OMElement enableSecElement= documentElement.getFirstChildWithName(new QName(DBSFields.ENABLESEC));
if (enableSecElement != null) {
secEnabled = true;
}
OMElement policyElement= documentElement.getFirstChildWithName(new QName(DBSFields.POLICY));
if (policyElement != null) {
String policyKey = policyElement.getAttributeValue(new QName(DBSFields.POLICY_KEY));
if (null == policyKey) {
throw new DataServiceFault("Policy key element should contain a policy key in "
+ file.getFile().getName());
}
Policy policy = PolicyEngine.getPolicy(DBUtils.getInputStreamFromPath(policyKey));
axisService.getPolicySubject().attachPolicy(policy);
}
return secEnabled;
}catch (Exception e) {
throw new DataServiceFault(e, "Error in processing security policy");
}
}
Example #4
| Source File: IdentityBaseUtil.java From carbon-identity with Apache License 2.0 | 6 votes |
|
public static Policy getSignOnlyPolicy() throws IdentityException {
Policy policy;
try {
OMElement policyOM = AXIOMUtil.stringToOM(policyString);
PolicyEngine policyEngine = new PolicyEngine();
policy = policyEngine.getPolicy(policyOM);
} catch (Exception e) {
String msg = "error building policy from " + policyString;
log.error(msg);
throw IdentityException.error(msg, e);
}
return policy;
}
Example #5
| Source File: DiscoveryMgtUtils.java From carbon-commons with Apache License 2.0 | 5 votes |
|
/**
* Get the client side security policy for the remote discovery proxy. This method first checks
* whether a resource named DiscoveryConstants.DISCOVERY_CLIENT_POLICY is available at the
* root of the configuration registry. If not it attempts to load the policy from a file named
* DiscoveryConstants.DISCOVERY_CLIENT_POLICY which should reside in the configuration file
* directory of Carbon.
*
* @param registry Configuration registry
* @return a Policy instance or null
* @throws RegistryException If the registry cannot be accessed
* @throws XMLStreamException If the policy XML cannot be parsed
*/
public static Policy getClientSecurityPolicy(Registry registry) throws RegistryException,
XMLStreamException {
//TODO: Improve this logic so that user can put the security policy anywhere in the registry
InputStream in;
Resource policyResource = null;
if (registry.resourceExists(DiscoveryConstants.DISCOVERY_CLIENT_POLICY)) {
policyResource = registry.get(DiscoveryConstants.DISCOVERY_CLIENT_POLICY);
in = policyResource.getContentStream();
} else {
String file = CarbonUtils.getCarbonConfigDirPath() + File.separator +
DiscoveryConstants.DISCOVERY_CLIENT_POLICY;
try {
in = new FileInputStream(file);
} catch (FileNotFoundException ignored) {
return null;
}
}
Policy policy = null;
if (in != null) {
StAXOMBuilder builder = new StAXOMBuilder(in);
policy = PolicyEngine.getPolicy(builder.getDocumentElement());
}
if (policyResource != null) {
policyResource.discard();
}
return policy;
}
Example #6
| Source File: Utils.java From carbon-identity with Apache License 2.0 | 5 votes |
|
public static Policy getSecurityPolicy() {
String policyString = " <wsp:Policy wsu:Id=\"UTOverTransport\" xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\"\n" +
" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">\n" +
" <wsp:ExactlyOne>\n" +
" <wsp:All>\n" +
" <sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" +
" <wsp:Policy>\n" +
" <sp:TransportToken>\n" +
" <wsp:Policy>\n" +
" <sp:HttpsToken RequireClientCertificate=\"true\"/>\n" +
" </wsp:Policy>\n" +
" </sp:TransportToken>\n" +
" <sp:AlgorithmSuite>\n" +
" <wsp:Policy>\n" +
" <sp:Basic256/>\n" +
" </wsp:Policy>\n" +
" </sp:AlgorithmSuite>\n" +
" <sp:Layout>\n" +
" <wsp:Policy>\n" +
" <sp:Lax/>\n" +
" </wsp:Policy>\n" +
" </sp:Layout>\n" +
" <sp:IncludeTimestamp/>\n" +
" </wsp:Policy>\n" +
" </sp:TransportBinding>\n" +
" </wsp:All>\n" +
" </wsp:ExactlyOne>\n" +
" </wsp:Policy>";
return PolicyEngine.getPolicy(new ByteArrayInputStream(policyString.getBytes()));
}
Example #7
| Source File: Utils.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
public static Policy getSecurityPolicy() {
String policyString = " <wsp:Policy wsu:Id=\"UTOverTransport\" xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\"\n" +
" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">\n" +
" <wsp:ExactlyOne>\n" +
" <wsp:All>\n" +
" <sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" +
" <wsp:Policy>\n" +
" <sp:TransportToken>\n" +
" <wsp:Policy>\n" +
" <sp:HttpsToken RequireClientCertificate=\"true\"/>\n" +
" </wsp:Policy>\n" +
" </sp:TransportToken>\n" +
" <sp:AlgorithmSuite>\n" +
" <wsp:Policy>\n" +
" <sp:Basic256/>\n" +
" </wsp:Policy>\n" +
" </sp:AlgorithmSuite>\n" +
" <sp:Layout>\n" +
" <wsp:Policy>\n" +
" <sp:Lax/>\n" +
" </wsp:Policy>\n" +
" </sp:Layout>\n" +
" <sp:IncludeTimestamp/>\n" +
" </wsp:Policy>\n" +
" </sp:TransportBinding>\n" +
" </wsp:All>\n" +
" </wsp:ExactlyOne>\n" +
" </wsp:Policy>";
return PolicyEngine.getPolicy(new ByteArrayInputStream(policyString.getBytes()));
}
Example #8
| Source File: SecurityWithServiceDescriptorTest.java From product-ei with Apache License 2.0 | 5 votes |
|
private static Policy loadPolicy(String xmlPath, String clientKey, String userName)
throws Exception {
StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
Policy policy = PolicyEngine.getPolicy(builder.getDocumentElement());
RampartConfig rc = new RampartConfig();
rc.setUser(userName);
rc.setUserCertAlias("wso2carbon");
rc.setEncryptionUser("wso2carbon");
rc.setPwCbClass(SecurityWithServiceDescriptorTest.class.getName());
CryptoConfig sigCryptoConfig = new CryptoConfig();
sigCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");
Properties prop1 = new Properties();
prop1.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
prop1.put("org.apache.ws.security.crypto.merlin.file", clientKey);
prop1.put("org.apache.ws.security.crypto.merlin.keystore.password", "wso2carbon");
sigCryptoConfig.setProp(prop1);
CryptoConfig encrCryptoConfig = new CryptoConfig();
encrCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");
Properties prop2 = new Properties();
prop2.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
prop2.put("org.apache.ws.security.crypto.merlin.file", clientKey);
prop2.put("org.apache.ws.security.crypto.merlin.keystore.password", "wso2carbon");
encrCryptoConfig.setProp(prop2);
rc.setSigCryptoConfig(sigCryptoConfig);
rc.setEncrCryptoConfig(encrCryptoConfig);
policy.addAssertion(rc);
return policy;
}
Example #9
| Source File: SecurityConfigAdmin.java From carbon-identity with Apache License 2.0 | 5 votes |
|
private Policy loadPolicy(Resource resource) throws org.wso2.carbon.registry.api.RegistryException,
XMLStreamException {
InputStream in = resource.getContentStream();
XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance();
xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
XMLStreamReader parser = xmlInputFactory.createXMLStreamReader(in);
StAXOMBuilder builder = new StAXOMBuilder(parser);
OMElement policyElement = builder.getDocumentElement();
return PolicyEngine.getPolicy(policyElement);
}
Example #10
| Source File: SecurityConfigAdmin.java From carbon-identity with Apache License 2.0 | 5 votes |
|
public void applySecurity(String serviceName, String scenarioId, KerberosConfigData kerberosConfigurations)
throws SecurityConfigException {
if (kerberosConfigurations == null) {
log.error("Kerberos configurations provided are invalid.");
throw new SecurityConfigException("Kerberos configuration parameters are null. " +
"Please specify valid kerberos configurations.");
}
AxisService service = axisConfig.getServiceForActivation(serviceName);
if (service == null) {
throw new SecurityConfigException("nullService");
}
// Disable security if already a policy is applied
this.disableSecurityOnService(serviceName); //todo fix the method
OMElement policyElement = loadPolicyAsXML(scenarioId, null);
OMElement carbonSecConfigs = addUserParameters(policyElement, null, null, null, kerberosConfigurations,
false, null);
policyElement.addChild(buildRampartConfigXML(null, null, kerberosConfigurations));
Policy policy = PolicyEngine.getPolicy(policyElement);
//service.getPolicySubject().attachPolicy(policy);
try {
persistPolicy(service, policyElement, policy.getId());
applyPolicy(service, policy, carbonSecConfigs);
this.getPOXCache().remove(serviceName);
} catch (Exception e) {
throw new SecurityConfigException("Error while persisting policy in registry ", e);
}
}
Example #11
| Source File: SecureSample.java From product-ei with Apache License 2.0 | 4 votes |
|
private static Policy loadPolicy(String path) throws Exception {
InputStream resource = new FileInputStream(path);
StAXOMBuilder builder = new StAXOMBuilder(resource);
return PolicyEngine.getPolicy(builder.getDocumentElement());
}
Example #12
| Source File: SecurityConfigAdmin.java From carbon-identity with Apache License 2.0 | 4 votes |
|
public void applySecurity(String serviceName, String scenarioId, String policyPath,
String[] trustedStores, String privateStore,
String[] userGroups) throws SecurityConfigException {
AxisService service = axisConfig.getServiceForActivation(serviceName);
OMElement carbonSecConfigs = null;
if (service == null) {
throw new SecurityConfigException("Service not available.");
}
if (userGroups != null) {
Arrays.sort(userGroups);
if (Arrays.binarySearch(userGroups, CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME) > -1) {
log.error("Security breach. A user is attempting to enable anonymous for UT access");
throw new SecurityConfigException("Invalid data provided"); // obscure error message
}
}
// First disable security and remove all applied policies before applying a new policy
this.disableSecurityOnService(serviceName);
OMElement policyElement = loadPolicyAsXML(scenarioId, policyPath);
SecurityScenario scenario = SecurityScenarioDatabase.get(scenarioId);
boolean isTrustEnabled = scenario.getModules().contains(SecurityConstants.TRUST_MODULE);
if ((isTrustEnabled || (userGroups != null && userGroups.length > 0))) {
carbonSecConfigs = addUserParameters(policyElement, trustedStores, privateStore, userGroups, null,
isTrustEnabled, policyPath);
}
// If policy is taken from registry (custom policy) it needs to have rampartConfigs defined it.
if (StringUtils.isNotBlank(policyPath)) {
policyElement.addChild(buildRampartConfigXML(privateStore, trustedStores, null));
}
Policy policy = PolicyEngine.getPolicy(policyElement);
try {
persistPolicy(service, policyElement, policy.getId());
applyPolicy(service, policy, carbonSecConfigs);
String serviceGroupId = service.getAxisServiceGroup().getServiceGroupName();
if (userGroups != null) {
for (String value : userGroups) {
AuthorizationManager acAdmin = realm.getAuthorizationManager();
acAdmin.authorizeRole(value, serviceGroupId + "/" + service.getName(),
UserCoreConstants.INVOKE_SERVICE_PERMISSION);
}
}
if (policyPath != null &&
scenarioId.equals(SecurityConstants.POLICY_FROM_REG_SCENARIO)) {
Parameter pathParam = new Parameter(SecurityConstants.SECURITY_POLICY_PATH,
policyPath);
service.addParameter(pathParam);
}
} catch (Exception e) {
throw new SecurityConfigException("Error while persisting policy in registry", e);
}
}
Example #13
| Source File: SecureSample.java From micro-integrator with Apache License 2.0 | 4 votes |
|
private static Policy loadPolicy(String path) throws Exception {
InputStream resource = new FileInputStream(path);
StAXOMBuilder builder = new StAXOMBuilder(resource);
return PolicyEngine.getPolicy(builder.getDocumentElement());
}
Example #14
| Source File: StockQuoteClient.java From product-ei with Apache License 2.0 | 4 votes |
|
private static Policy loadPolicy(String xmlPath) throws Exception {
StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
return PolicyEngine.getPolicy(builder.getDocumentElement());
}
Example #15
| Source File: PolicyUtil.java From micro-integrator with Apache License 2.0 | 4 votes |
|
public static OMElement getEmptyPolicyAsOMElement() {
ByteArrayInputStream bais = new ByteArrayInputStream(EMPTY_POLICY.getBytes());
Policy policy = PolicyEngine.getPolicy(bais);
return getPolicyAsOMElement(policy);
}
Example #16
| Source File: PolicyUtil.java From micro-integrator with Apache License 2.0 | 4 votes |
|
public static Policy getPolicyFromOMElement(OMElement policyElement) {
return PolicyEngine.getPolicy(policyElement);
}
Example #17
| Source File: SecureSample.java From micro-integrator with Apache License 2.0 | 4 votes |
|
private static Policy loadPolicy(String path) throws Exception {
InputStream resource = new FileInputStream(path);
StAXOMBuilder builder = new StAXOMBuilder(resource);
return PolicyEngine.getPolicy(builder.getDocumentElement());
}
Example #18
| Source File: StockQuoteClient.java From micro-integrator with Apache License 2.0 | 4 votes |
|
private static Policy loadPolicy(String xmlPath) throws Exception {
StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
return PolicyEngine.getPolicy(builder.getDocumentElement());
}
Example #19
| Source File: StockQuoteClient.java From micro-integrator with Apache License 2.0 | 4 votes |
|
private static Policy loadPolicy(String xmlPath) throws Exception {
StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
return PolicyEngine.getPolicy(builder.getDocumentElement());
}
Example #20
| Source File: SecurityDeploymentInterceptor.java From carbon-identity with Apache License 2.0 | 3 votes |
|
private Policy loadPolicy(Resource resource) throws org.wso2.carbon.registry.api.RegistryException, XMLStreamException {
InputStream in = resource.getContentStream();
XMLStreamReader parser = XMLInputFactory.newInstance().createXMLStreamReader(in);
StAXOMBuilder builder = new StAXOMBuilder(parser);
OMElement policyElement = builder.getDocumentElement();
return PolicyEngine.getPolicy(policyElement);
}
