iSharkFly-Docs/java-tutorials
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bael 4020 (#11188)

Browse Source 
* [BAEL-4849] Article code

* [BAEL-4968] Article code

* [BAEL-4968] Article code

* [BAEL-4968] Article code

* [BAEL-4968] Remove extra comments

* [BAEL-4020] Article code
This commit is contained in:
psevestre 2021-08-31 23:24:38 -03:00 committed by GitHub
parent f19d76fac2
commit 3d628220d6
7 changed files with 462 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
libraries-security/pom.xml
View File

@ -78,6 +78,29 @@
<artifactId>sshd-core</artifactId> <artifactId>sshd-core</artifactId>
<version>${apache-mina.version}</version> <version>${apache-mina.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.xacml4j</groupId>
<artifactId>xacml-core</artifactId>
<version>${xacml4j.version}</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.xacml4j</groupId>
<artifactId>xacml-test</artifactId>
<version>${xacml4j.version}</version>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies> </dependencies>
<properties> <properties>
@ -90,6 +113,7 @@
<jsch.version>0.1.55</jsch.version> <jsch.version>0.1.55</jsch.version>
<apache-mina.version>2.5.1</apache-mina.version> <apache-mina.version>2.5.1</apache-mina.version>
<spring-security-oauth2.version>2.4.0.RELEASE</spring-security-oauth2.version> <spring-security-oauth2.version>2.4.0.RELEASE</spring-security-oauth2.version>
<xacml4j.version>1.4.0</xacml4j.version>
</properties> </properties>
</project> </project>

2
libraries-security/src/main/java/com/baeldung/scribejava/ScribejavaApplication.java
View File

@ -2,9 +2,11 @@ package com.baeldung.scribejava;
import org.springframework.boot.SpringApplication; import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.web.servlet.ServletComponentScan;
@SpringBootApplication @SpringBootApplication
@ServletComponentScan
public class ScribejavaApplication { public class ScribejavaApplication {
public static void main(String[] args) { public static void main(String[] args) {

27
libraries-security/src/main/java/com/baeldung/scribejava/controller/RBACController.java Normal file
View File

@ -0,0 +1,27 @@
package com.baeldung.scribejava.controller;
import java.io.IOException;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.servlet.ServletException;
import javax.servlet.annotation.HttpConstraint;
import javax.servlet.annotation.ServletSecurity;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@WebServlet(name="rbac", urlPatterns = {"/protected"})
@DeclareRoles("USER")
@ServletSecurity(
@HttpConstraint(rolesAllowed = "USER")
)
public class RBACController extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
resp.getWriter().println("Hello, USER");
}
}

233
libraries-security/src/test/java/com/baeldung/xacml4j/NightlyWithdrawalPolicyUnitTest.java Normal file
View File

@ -0,0 +1,233 @@
package com.baeldung.xacml4j;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import java.util.ArrayList;
import java.util.List;
import org.junit.Test;
import org.xacml4j.v20.Xacml20TestUtility;
import org.xacml4j.v30.Attribute;
import org.xacml4j.v30.Categories;
import org.xacml4j.v30.Category;
import org.xacml4j.v30.CompositeDecisionRule;
import org.xacml4j.v30.Decision;
import org.xacml4j.v30.Entity;
import org.xacml4j.v30.RequestContext;
import org.xacml4j.v30.ResponseContext;
import org.xacml4j.v30.Result;
import org.xacml4j.v30.XacmlPolicyTestSupport;
import org.xacml4j.v30.pdp.PolicyDecisionPoint;
import org.xacml4j.v30.pdp.PolicyDecisionPointBuilder;
import org.xacml4j.v30.spi.combine.DecisionCombiningAlgorithmProviderBuilder;
import org.xacml4j.v30.spi.function.FunctionProviderBuilder;
import org.xacml4j.v30.spi.pip.PolicyInformationPointBuilder;
import org.xacml4j.v30.spi.repository.InMemoryPolicyRepository;
import org.xacml4j.v30.spi.repository.PolicyRepository;
import org.xacml4j.v30.types.DoubleExp;
import org.xacml4j.v30.types.StringExp;
import org.xacml4j.v30.types.TimeExp;
public class NightlyWithdrawalPolicyUnitTest extends XacmlPolicyTestSupport {
private static final String POLICY_SET = "xacml4j/NightlyWithdrawalsPolicy.xml";
@Test
public void testWhenNightlyWithdrawalOver500_thenFail() throws Exception {
PolicyDecisionPoint pdp = buildPDP(POLICY_SET);
// Action category
Attribute actionAttribute = Attribute.builder("urn:oasis:names:tc:xacml:1.0:action:action-id")
.value(StringExp.of("withdrawal"))
.build();
Entity actionEntity = Entity.builder()
.attribute(actionAttribute)
.build();
Category actionCategory = Category.builder(Categories.ACTION)
.entity(actionEntity)
.build();
// Environment Category
Attribute timeAttribute = Attribute.builder("urn:oasis:names:tc:xacml:1.0:environment:current-time")
.includeInResult(false)
.value(TimeExp.of("21:00:00"))
.build();
Entity timeEntity = Entity.builder()
.attribute(timeAttribute)
.build();
Category environmentCategory = Category.builder(Categories.ENVIRONMENT)
.entity(timeEntity)
.build();
// ATM category
Attribute amountAttribute = Attribute.builder("urn:baeldung:atm:withdrawal:amount")
.value(DoubleExp.of("1200.00"))
.build();
Entity atmEntity = Entity.builder()
.attribute(amountAttribute)
.build();
Category atmCategory = Category.builder(Categories.parse("urn:baeldung:atm:withdrawal"))
.entity(atmEntity)
.build();
RequestContext request = RequestContext.builder()
.attributes(actionCategory, environmentCategory, atmCategory)
.build();
ResponseContext response = pdp.decide(request);
assertNotNull(response);
assertTrue("Shoud have at least one result", response.getResults() != null && !response.getResults()
.isEmpty());
Result result = response.getResults()
.iterator()
.next();
assertTrue("Evaluation should succeed", result.getStatus()
.isSuccess());
assertEquals("Should DENY withdrawal", Decision.DENY, result.getDecision());
}
@Test
public void testWhenNightlyWithdrawalUnder500_thenSuccess() throws Exception {
PolicyDecisionPoint pdp = buildPDP(POLICY_SET);
// Action category
Attribute actionAttribute = Attribute.builder("urn:oasis:names:tc:xacml:1.0:action:action-id")
.includeInResult(false)
.value(StringExp.of("withdrawal"))
.build();
Entity actionEntity = Entity.builder()
.attribute(actionAttribute)
.build();
Category actionCategory = Category.builder(Categories.ACTION)
.entity(actionEntity)
.build();
// Environment Category
Attribute timeAttribute = Attribute.builder("urn:oasis:names:tc:xacml:1.0:environment:current-time")
.includeInResult(false)
.value(TimeExp.of("21:00:00"))
.build();
Entity timeEntity = Entity.builder()
.attribute(timeAttribute)
.build();
Category environmentCategory = Category.builder(Categories.ENVIRONMENT)
.entity(timeEntity)
.build();
// ATM category
Attribute amountAttribute = Attribute.builder("urn:baeldung:atm:withdrawal:amount")
.value(DoubleExp.of("499.00"))
.build();
Entity atmEntity = Entity.builder()
.attribute(amountAttribute)
.build();
Category atmCategory = Category.builder(Categories.parse("urn:baeldung:atm:withdrawal"))
.entity(atmEntity)
.build();
RequestContext request = RequestContext.builder()
.attributes(actionCategory, environmentCategory, atmCategory)
.build();
ResponseContext response = pdp.decide(request);
assertNotNull(response);
assertTrue("Shoud have at least one result",
response.getResults() != null && !response.getResults().isEmpty());
Result result = response.getResults().iterator().next();
assertTrue("Evaluation should succeed", result.getStatus().isSuccess());
assertEquals("Should PERMIT withdrawal", Decision.PERMIT, result.getDecision());
}
@Test
public void testWhenBusinessHoursWithdrawalOver500_thenSuccess() throws Exception {
PolicyDecisionPoint pdp = buildPDP(POLICY_SET);
// Action category
Attribute actionAttribute = Attribute.builder("urn:oasis:names:tc:xacml:1.0:action:action-id")
.includeInResult(false)
.value(StringExp.of("withdrawal"))
.build();
Entity actionEntity = Entity.builder()
.attribute(actionAttribute)
.build();
Category actionCategory = Category.builder(Categories.ACTION)
.entity(actionEntity)
.build();
// Environment Category
Attribute timeAttribute = Attribute.builder("urn:oasis:names:tc:xacml:1.0:environment:current-time")
.includeInResult(false)
.value(TimeExp.of("12:00:00"))
.build();
Entity timeEntity = Entity.builder()
.attribute(timeAttribute)
.build();
Category environmentCategory = Category.builder(Categories.ENVIRONMENT)
.entity(timeEntity)
.build();
// ATM category
Attribute amountAttribute = Attribute.builder("urn:baeldung:atm:withdrawal:amount")
.value(DoubleExp.of("2000.00"))
.build();
Entity atmEntity = Entity.builder()
.attribute(amountAttribute)
.build();
Category atmCategory = Category.builder(Categories.parse("urn:baeldung:atm:withdrawal"))
.entity(atmEntity)
.build();
RequestContext request = RequestContext.builder()
.attributes(actionCategory, environmentCategory, atmCategory)
.build();
ResponseContext response = pdp.decide(request);
assertNotNull(response);
assertTrue("Shoud have at least one result", response.getResults() != null && !response.getResults()
.isEmpty());
Result result = response.getResults()
.iterator()
.next();
assertTrue("Evaluation should succeed", result.getStatus().isSuccess());
assertEquals("Should PERMIT withdrawal", Decision.PERMIT, result.getDecision());
}
private PolicyDecisionPoint buildPDP(String... policyResources) throws Exception {
PolicyRepository repository = new InMemoryPolicyRepository("tes-repository", FunctionProviderBuilder.builder()
.defaultFunctions()
.build(),
DecisionCombiningAlgorithmProviderBuilder.builder()
.withDefaultAlgorithms()
.create());
List<CompositeDecisionRule> policies = new ArrayList<CompositeDecisionRule>(policyResources.length);
for (String policyResource : policyResources) {
CompositeDecisionRule policy = repository.importPolicy(Xacml20TestUtility.getClasspathResource(policyResource));
log.info("Policy: {}", policy);
policies.add(policy);
}
return PolicyDecisionPointBuilder.builder("testPdp")
.policyRepository(repository)
.pip(PolicyInformationPointBuilder.builder("testPip")
.defaultResolvers()
.build())
.rootPolicy(policies.get(0))
.build();
}
}

137
libraries-security/src/test/resources/xacml4j/NightlyWithdrawalsPolicy.xml Normal file
View File

@ -0,0 +1,137 @@
<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd"
PolicyId="urn:baeldung:atm:WithdrawalPolicy"
Version="1.0"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
<Description>
Withdrawal policy example
</Description>
<Target/>
<Rule RuleId="urn:oasis:names:tc:baeldung:WithDrawalPolicy:Rule1" Effect="Deny">
<Description>
Deny withdrawals over $500 between 20:00 and 08:00
</Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">withdrawal</AttributeValue>
<AttributeDesignator
DataType="http://www.w3.org/2001/XMLSchema#string"
MustBePresent="true"
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-in-range">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
<AttributeDesignator
DataType="http://www.w3.org/2001/XMLSchema#time"
MustBePresent="true"
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment"
AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time"/>
</Apply>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">08:00:00</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">20:00:00</AttributeValue>
</Apply>
</Apply>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:double-greater-than">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:double-one-and-only">
<AttributeDesignator
DataType="http://www.w3.org/2001/XMLSchema#double"
MustBePresent="true"
Category="urn:baeldung:atm:withdrawal"
AttributeId="urn:baeldung:atm:withdrawal:amount"/>
</Apply>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#double">500.00</AttributeValue>
</Apply>
</Apply>
</Condition>
</Rule>
<Rule RuleId="urn:oasis:names:tc:baeldung:WithDrawalPolicy:Rule2" Effect="Permit">
<Description>
Permit withdrawals under $500 between 20:00 and 08:00
</Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">withdrawal</AttributeValue>
<AttributeDesignator
DataType="http://www.w3.org/2001/XMLSchema#string"
MustBePresent="true"
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-in-range">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
<AttributeDesignator
DataType="http://www.w3.org/2001/XMLSchema#time"
MustBePresent="true"
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment"
AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time"/>
</Apply>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">08:00:00</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">20:00:00</AttributeValue>
</Apply>
</Apply>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:double-less-than-or-equal">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:double-one-and-only">
<AttributeDesignator
DataType="http://www.w3.org/2001/XMLSchema#double"
MustBePresent="true"
Category="urn:baeldung:atm:withdrawal"
AttributeId="urn:baeldung:atm:withdrawal:amount"/>
</Apply>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#double">500.00</AttributeValue>
</Apply>
</Apply>
</Condition>
</Rule>
<Rule RuleId="urn:oasis:names:tc:baeldung:WithDrawalPolicy:Rule3" Effect="Permit">
<Description>
Permit withdrawals of any value between 08:00 and 20:00
</Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">withdrawal</AttributeValue>
<AttributeDesignator
DataType="http://www.w3.org/2001/XMLSchema#string"
MustBePresent="true"
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-in-range">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
<AttributeDesignator
DataType="http://www.w3.org/2001/XMLSchema#time"
MustBePresent="true"
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment"
AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time"/>
</Apply>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">08:00:00</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">20:00:00</AttributeValue>
</Apply>
</Condition>
</Rule>
</Policy>

30
libraries-security/src/test/resources/xacml4j/Request.xml Normal file
View File

@ -0,0 +1,30 @@
<?xml version="1.0" encoding="UTF-8"?>
<Request
xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd"
CombinedDecision="true"
ReturnPolicyIdList="false">
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
<Attribute
IncludeInResult="false"
AttributeId="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">withdrawal</AttributeValue>
</Attribute>
</Attributes>
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
<Attribute
IncludeInResult="false"
AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">21:00:00</AttributeValue>
</Attribute>
</Attributes>
<Attributes Category="urn:baeldung:atm:withdrawal">
<Attribute
IncludeInResult="false"
AttributeId="urn:baeldung:atm:withdrawal:amount">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#decimal">1200</AttributeValue>
</Attribute>
</Attributes>
</Request>

9
libraries-security/src/test/resources/xacml4j/Response.xml Normal file
View File

@ -0,0 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?>
<Response xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
<Result>
<Decision>NotApplicable</Decision>
<Status>
<StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
</Status>
</Result>
</Response>