From 320f56775bf44a7463d99371051257f575e9d14d Mon Sep 17 00:00:00 2001 From: cdanger Date: Wed, 25 Jan 2017 20:42:43 +0100 Subject: [PATCH 01/11] updating poms for 6.0.1-SNAPSHOT development --- dist/pom.xml | 2 +- pom.xml | 2 +- rest-service/pom.xml | 2 +- upgrader/pom.xml | 2 +- webapp/pom.xml | 5 ++--- 5 files changed, 6 insertions(+), 7 deletions(-) diff --git a/dist/pom.xml b/dist/pom.xml index 255fa0d..3e28586 100644 --- a/dist/pom.xml +++ b/dist/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 6.0.0-SNAPSHOT + 6.0.1-SNAPSHOT .. authzforce-ce-server-dist diff --git a/pom.xml b/pom.xml index ea1451b..c89845c 100644 --- a/pom.xml +++ b/pom.xml @@ -8,7 +8,7 @@ authzforce-ce-server - 6.0.0-SNAPSHOT + 6.0.1-SNAPSHOT pom ${project.groupId}:${project.artifactId} AuthZForce CE Server diff --git a/rest-service/pom.xml b/rest-service/pom.xml index f75be6c..126a4c9 100644 --- a/rest-service/pom.xml +++ b/rest-service/pom.xml @@ -4,7 +4,7 @@ org.ow2.authzforce authzforce-ce-server - 6.0.0-SNAPSHOT + 6.0.1-SNAPSHOT .. authzforce-ce-server-rest-service diff --git a/upgrader/pom.xml b/upgrader/pom.xml index 6da60b0..30ad1d5 100644 --- a/upgrader/pom.xml +++ b/upgrader/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 6.0.0-SNAPSHOT + 6.0.1-SNAPSHOT .. authzforce-ce-server-upgrader diff --git a/webapp/pom.xml b/webapp/pom.xml index 73df101..8cdc771 100644 --- a/webapp/pom.xml +++ b/webapp/pom.xml @@ -1,10 +1,9 @@ - + 4.0.0 org.ow2.authzforce authzforce-ce-server - 6.0.0-SNAPSHOT + 6.0.1-SNAPSHOT .. authzforce-ce-server-webapp From 4b7ee292e7937d4445b2c45fdb1f27dee8485688 Mon Sep 17 00:00:00 2001 From: cdanger Date: Wed, 25 Jan 2017 21:13:39 +0100 Subject: [PATCH 02/11] updating develop poms to master versions to avoid merge conflicts --- dist/pom.xml | 2 +- pom.xml | 2 +- rest-service/pom.xml | 2 +- upgrader/pom.xml | 2 +- webapp/pom.xml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/dist/pom.xml b/dist/pom.xml index 3e28586..07420f3 100644 --- a/dist/pom.xml +++ b/dist/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 6.0.1-SNAPSHOT + 6.0.0 .. authzforce-ce-server-dist diff --git a/pom.xml b/pom.xml index c89845c..dd63513 100644 --- a/pom.xml +++ b/pom.xml @@ -8,7 +8,7 @@ authzforce-ce-server - 6.0.1-SNAPSHOT + 6.0.0 pom ${project.groupId}:${project.artifactId} AuthZForce CE Server diff --git a/rest-service/pom.xml b/rest-service/pom.xml index 126a4c9..7965242 100644 --- a/rest-service/pom.xml +++ b/rest-service/pom.xml @@ -4,7 +4,7 @@ org.ow2.authzforce authzforce-ce-server - 6.0.1-SNAPSHOT + 6.0.0 .. authzforce-ce-server-rest-service diff --git a/upgrader/pom.xml b/upgrader/pom.xml index 30ad1d5..04e44a4 100644 --- a/upgrader/pom.xml +++ b/upgrader/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 6.0.1-SNAPSHOT + 6.0.0 .. authzforce-ce-server-upgrader diff --git a/webapp/pom.xml b/webapp/pom.xml index 8cdc771..1ad53e7 100644 --- a/webapp/pom.xml +++ b/webapp/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 6.0.1-SNAPSHOT + 6.0.0 .. authzforce-ce-server-webapp From 2a3772adbd206e182d7789812b1010c5749c71ae Mon Sep 17 00:00:00 2001 From: cdanger Date: Wed, 25 Jan 2017 21:13:40 +0100 Subject: [PATCH 03/11] Updating develop poms back to pre merge state --- dist/pom.xml | 2 +- pom.xml | 2 +- rest-service/pom.xml | 2 +- upgrader/pom.xml | 2 +- webapp/pom.xml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/dist/pom.xml b/dist/pom.xml index 07420f3..3e28586 100644 --- a/dist/pom.xml +++ b/dist/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 6.0.0 + 6.0.1-SNAPSHOT .. authzforce-ce-server-dist diff --git a/pom.xml b/pom.xml index dd63513..c89845c 100644 --- a/pom.xml +++ b/pom.xml @@ -8,7 +8,7 @@ authzforce-ce-server - 6.0.0 + 6.0.1-SNAPSHOT pom ${project.groupId}:${project.artifactId} AuthZForce CE Server diff --git a/rest-service/pom.xml b/rest-service/pom.xml index 7965242..126a4c9 100644 --- a/rest-service/pom.xml +++ b/rest-service/pom.xml @@ -4,7 +4,7 @@ org.ow2.authzforce authzforce-ce-server - 6.0.0 + 6.0.1-SNAPSHOT .. authzforce-ce-server-rest-service diff --git a/upgrader/pom.xml b/upgrader/pom.xml index 04e44a4..30ad1d5 100644 --- a/upgrader/pom.xml +++ b/upgrader/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 6.0.0 + 6.0.1-SNAPSHOT .. authzforce-ce-server-upgrader diff --git a/webapp/pom.xml b/webapp/pom.xml index 1ad53e7..8cdc771 100644 --- a/webapp/pom.xml +++ b/webapp/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 6.0.0 + 6.0.1-SNAPSHOT .. authzforce-ce-server-webapp From b9681358b3a8149064889511fd19dc7845bf6a45 Mon Sep 17 00:00:00 2001 From: Cyril Dangerville Date: Fri, 27 Jan 2017 11:39:57 +0100 Subject: [PATCH 04/11] Added new features from new release 6.0.0 --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index cfa5e72..fea84bc 100644 --- a/README.md +++ b/README.md @@ -55,11 +55,11 @@ AuthzForce provides XACML PIP features in the form of *Attribute Providers*. Mor * Optional policy version rolling (when the maximum of versions per policy has been reached, oldest versions are automatically removed to make place). ### REST API -* Defined in standard [Web Application Description Language and XML schema](https://github.com/authzforce/rest-api-model/tree/develop/src/main/resources) so that you can automatically generate client code. -* Provides access to all PAP/PDP features mentioned in previous sections. +* Provides access to all PAP/PDP features mentioned in previous sections with possibility to have PDP-only instances (i.e. without PAP features). * Multi-tenant: allows to have multiple domains/tenants, each with its own PAP/PDP, in particular its own policy repository. * Conformance with [REST Profile of XACML v3.0 Version 1.0](http://docs.oasis-open.org/xacml/xacml-rest/v1.0/xacml-rest-v1.0.html) -* [Fast Infoset](http://www.itu.int/en/ITU-T/asn1/Pages/Fast-Infoset.aspx) support for requests/responses. +* Supported data formats: JSON, XML, [Fast Infoset](http://www.itu.int/en/ITU-T/asn1/Pages/Fast-Infoset.aspx). +* Defined in standard [Web Application Description Language and XML schema](https://github.com/authzforce/rest-api-model/tree/develop/src/main/resources) so that you can automatically generate client code. ### High availability and load-balancing * Integration with file synchronization tools (e.g. [csync2](http://oss.linbit.com/csync2/)) or distributed filesystems (e.g. NFS and CIFS) to build clusters of AuthZForce Servers. From 3fac752be65a4dee6b87eeb943f2c83ba3bb51ec Mon Sep 17 00:00:00 2001 From: Cyril Dangerville Date: Fri, 10 Feb 2017 16:39:38 +0100 Subject: [PATCH 05/11] Added Documentation and Distribution sections --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index fea84bc..fb05bbe 100644 --- a/README.md +++ b/README.md @@ -64,6 +64,16 @@ AuthzForce provides XACML PIP features in the form of *Attribute Providers*. Mor ### High availability and load-balancing * Integration with file synchronization tools (e.g. [csync2](http://oss.linbit.com/csync2/)) or distributed filesystems (e.g. NFS and CIFS) to build clusters of AuthZForce Servers. +## Distribution (downloads) +Every release is distributed as follows: +- Ubuntu/Debian package (recommended option): `.deb`; +- Other Linux distributions: `.tar.gz`; +- Docker image. + +For download links, please go to the specific [release page](https://github.com/authzforce/server/releases). + +## Documentation +For links to the documentation of a release, please go to the specific [release page](https://github.com/authzforce/server/releases). ## Support Use the *Issues* tab on the Github repository page. From cc9d6661cdfe9c980561ad72b4061e897873943c Mon Sep 17 00:00:00 2001 From: Cyril Dangerville Date: Tue, 14 Feb 2017 16:03:05 +0100 Subject: [PATCH 06/11] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index fb05bbe..71f3760 100644 --- a/README.md +++ b/README.md @@ -94,16 +94,16 @@ The sources for the manuals are located in [fiware repository](http://github.com ### Releasing 1. From the develop branch, prepare a release (example using a HTTP proxy): 

-    $ mvn -Dhttps.proxyHost=proxyhostname -Dhttps.proxyPort=3128 jgitflow:release-start
+    $ mvn -Dhttps.proxyHost=proxyhostname -Dhttps.proxyPort=8080 jgitflow:release-start
1. Update the CHANGELOG according to keepachangelog.com. 1. To perform the release (example using a HTTP proxy): 

-    $ mvn -Dhttps.proxyHost=proxyhostname -Dhttps.proxyPort=3128 jgitflow:release-finish
+    $ mvn -Dhttps.proxyHost=proxyhostname -Dhttps.proxyPort=8080 jgitflow:release-finish
If, after deployment, the command does not succeed because of some issue with the branches. Fix the issue, then re-run the same command but with 'noDeploy' option set to true to avoid re-deployment: 

-    $ mvn -Dhttps.proxyHost=proxyhostname -Dhttps.proxyPort=3128 -DnoDeploy=true jgitflow:release-finish
+    $ mvn -Dhttps.proxyHost=proxyhostname -Dhttps.proxyPort=8080 -DnoDeploy=true jgitflow:release-finish
More info on jgitflow: http://jgitflow.bitbucket.org/ 1. Connect and log in to the OSS Nexus Repository Manager: https://oss.sonatype.org/ From cf8dabfa57a82d6b9aaad1eae8ad841669b9748d Mon Sep 17 00:00:00 2001 From: cdanger Date: Mon, 20 Feb 2017 02:23:49 +0100 Subject: [PATCH 07/11] - upgraded super parent version to 5.0.0 - new RESTfulPdpBasedAuthzInterceptorTest based on CXF developer coheigea's SAML/XACML 2.0 RESTful PDP based authorizing CXF interceptor, and also the same as EmbeddedPDPBasedAuthzInterceptorTest in authzforce-ce-core (src/test/java) but using the REST API instead of Java API /** * The client authenticates to the STS using a username/password, and gets a signed holder-of-key SAML Assertion in return. This is presented to the service, who verifies proof-of-possession + the * signature of the STS on the assertion. The CXF endpoint extracts roles from the Assertion + populates the security context. Note that the CXF endpoint requires a "role" Claim via the security * policy. * * The CXF Endpoint has configured the XACMLAuthorizingInterceptor, which creates a XACML 3.0 request for dispatch to the PDP, and then enforces the PDP's decision. The mocked PDP is a REST service, * that requires that a user must have role "boss" to access the "doubleIt" operation ("alice" has this role, "bob" does not). */ --- .gitignore | 1 + dist/.gitignore | 1 + pom.xml | 8 +- .../service/jaxrs/DomainResourceImpl.java | 4 +- webapp/pom.xml | 625 ++++++++++-------- .../xacml/common/CommonCallbackHandler.java | 68 ++ .../xacml/common/DoubleItPortTypeImpl.java | 49 ++ .../sts/xacml/common/RolesClaimsHandler.java | 70 ++ .../cxf/sts/xacml/common/STSServer.java | 46 ++ .../cxf/sts/xacml/common/TokenTestUtils.java | 53 ++ .../authzforce/web/test/DomainAPIHelper.java | 2 +- ...inTestWithoutAutoSyncOrVersionRolling.java | 12 +- .../web/test/XacmlToJsonConversion.java | 83 +++ .../web/test/pep/cxf/PdpServer.java | 46 ++ .../cxf/RESTfulPdpBasedAuthzInterceptor.java | 291 ++++++++ .../RESTfulPdpBasedAuthzInterceptorTest.java | 141 ++++ .../authzforce/web/test/pep/cxf/Server.java | 53 ++ .../test/pep/cxf/WSS4JBasicAuthFilter.java | 55 ++ .../test/resources/META-INF/spring/client.xml | 6 +- .../cxf/sts/xacml/common/DoubleItLogical.wsdl | 60 ++ .../coheigea/cxf/sts/xacml/common/cxf-sts.xml | 97 +++ .../xacml/common/ws-trust-1.4-service.wsdl | 257 +++++++ .../web/test/pep/cxf/DoubleItSecure.wsdl | 125 ++++ .../web/test/pep/cxf/cxf-doubleit-service.xml | 117 ++++ .../web/test/pep/cxf/cxf-pdp-service.xml | 63 ++ .../web/test/pep/cxf/cxf-ws-client.xml | 68 ++ .../ow2/authzforce/web/test/pep/cxf/pdp.xml | 8 + .../cxf/policies/boss_permission_policy.xml | 41 ++ .../pep/cxf/policies/boss_role_policy.xml | 26 + .../resources/stsClientKeystore.properties | 24 + .../src/test/resources/stsKeystore.properties | 23 + .../resources/stsServiceKeystore.properties | 24 + webapp/src/test/resources/stsclientstore.jks | Bin 0 -> 4436 bytes webapp/src/test/resources/stsservicestore.jks | Bin 0 -> 3350 bytes webapp/src/test/resources/stsstore.jks | Bin 0 -> 3978 bytes 35 files changed, 2243 insertions(+), 304 deletions(-) create mode 100644 webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/CommonCallbackHandler.java create mode 100644 webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/DoubleItPortTypeImpl.java create mode 100644 webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/RolesClaimsHandler.java create mode 100644 webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/STSServer.java create mode 100644 webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/TokenTestUtils.java create mode 100644 webapp/src/test/java/org/ow2/authzforce/web/test/XacmlToJsonConversion.java create mode 100644 webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/PdpServer.java create mode 100644 webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptor.java create mode 100644 webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptorTest.java create mode 100644 webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/Server.java create mode 100644 webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/WSS4JBasicAuthFilter.java create mode 100644 webapp/src/test/resources/org/apache/coheigea/cxf/sts/xacml/common/DoubleItLogical.wsdl create mode 100644 webapp/src/test/resources/org/apache/coheigea/cxf/sts/xacml/common/cxf-sts.xml create mode 100644 webapp/src/test/resources/org/apache/coheigea/cxf/sts/xacml/common/ws-trust-1.4-service.wsdl create mode 100644 webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/DoubleItSecure.wsdl create mode 100644 webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/cxf-doubleit-service.xml create mode 100644 webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/cxf-pdp-service.xml create mode 100644 webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/cxf-ws-client.xml create mode 100644 webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/pdp.xml create mode 100644 webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/policies/boss_permission_policy.xml create mode 100644 webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/policies/boss_role_policy.xml create mode 100644 webapp/src/test/resources/stsClientKeystore.properties create mode 100644 webapp/src/test/resources/stsKeystore.properties create mode 100644 webapp/src/test/resources/stsServiceKeystore.properties create mode 100644 webapp/src/test/resources/stsclientstore.jks create mode 100644 webapp/src/test/resources/stsservicestore.jks create mode 100644 webapp/src/test/resources/stsstore.jks diff --git a/.gitignore b/.gitignore index 2920513..483a753 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ /.settings/ /.README.md.html /.CHANGELOG.md.html +/.pmd diff --git a/dist/.gitignore b/dist/.gitignore index 3756988..e1978ba 100644 --- a/dist/.gitignore +++ b/dist/.gitignore @@ -2,3 +2,4 @@ /.classpath /.project /CHANGES.txt +/.pmd diff --git a/pom.xml b/pom.xml index c89845c..bae4daf 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ org.ow2.authzforce authzforce-ce-parent - 4.1.1 + 5.0.0 authzforce-ce-server @@ -15,10 +15,10 @@ https://github.com/authzforce/server https://github.com/authzforce/server - 6.1.0 - 6.2.0 + 7.0.1-SNAPSHOT + 6.2.1-SNAPSHOT - 7.0.0 + 7.0.1-SNAPSHOT scm:git:${git.url.base}.git diff --git a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DomainResourceImpl.java b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DomainResourceImpl.java index cf986ce..555920b 100644 --- a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DomainResourceImpl.java +++ b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DomainResourceImpl.java @@ -51,7 +51,7 @@ import org.ow2.authzforce.core.pap.api.dao.ReadablePdpProperties; import org.ow2.authzforce.core.pap.api.dao.TooManyPoliciesException; import org.ow2.authzforce.core.pap.api.dao.WritablePdpProperties; -import org.ow2.authzforce.core.pdp.api.PDP; +import org.ow2.authzforce.core.pdp.api.PDPEngine; import org.ow2.authzforce.rest.api.jaxrs.AttributeProvidersResource; import org.ow2.authzforce.rest.api.jaxrs.DomainPropertiesResource; import org.ow2.authzforce.rest.api.jaxrs.DomainResource; @@ -295,7 +295,7 @@ public DomainPropertiesResource getDomainPropertiesResource() @Override public Response requestPolicyDecision(final Request request) { - final PDP pdp = domainDAO.getPDP(); + final PDPEngine pdp = domainDAO.getPDP(); if (pdp == null) { throw NULL_PDP_INTERNAL_SERVER_ERROR_EXCEPTION; diff --git a/webapp/pom.xml b/webapp/pom.xml index 8cdc771..b535c47 100644 --- a/webapp/pom.xml +++ b/webapp/pom.xml @@ -1,289 +1,340 @@ - 4.0.0 - - org.ow2.authzforce - authzforce-ce-server - 6.0.1-SNAPSHOT - .. - - authzforce-ce-server-webapp - ${project.groupId}:${project.artifactId} - war - Web application packaging for AuthZForce (PAP/PDP) REST service - https://github.com/authzforce/server/rest-service - - - 8.0.32 - - - scm:git:${git.url.base}.git - scm:git:${git.url.base}.git - HEAD - ${git.url.base}/webapp - - - - - - - - - - - - - - javax.servlet - javax.servlet-api - provided - - - org.springframework - spring-web - ${spring.version} - - - - commons-logging - commons-logging - - - - - org.logback-extensions - logback-ext-spring - - - fr.xebia.extras - xebia-logfilter-extras - 1.0.1 - - - - com.sun.xml.fastinfoset - FastInfoset - 1.2.13 - - - jsr173 - javax.xml - - - jsr173_api - javax.xml.bind - - - - - - org.codehaus.jettison - jettison - 1.3.8 - - - org.apache.cxf - cxf-rt-rs-extension-providers - ${cxf.version} - - - - org.apache.cxf - cxf-rt-rs-service-description - - - ${project.groupId} - ${artifactId.prefix}-pap-dao-flat-file - - - ${project.groupId} - ${project.parent.artifactId}-rest-service - ${project.parent.version} - - - - org.springframework - spring-test - ${spring.version} - test - - - org.testng - testng - test - - - org.apache.tomcat.embed - tomcat-embed-core - ${tomcat.version} - test - - - org.apache.tomcat.embed - tomcat-embed-logging-juli - ${tomcat.version} - test - - - org.slf4j - jul-to-slf4j - ${slf4j.version} - test - - - org.apache.cxf - cxf-rt-rs-client - test - - - ${project.groupId} - ${artifactId.prefix}-core - tests - test - - - - - - org.apache.maven.plugins - maven-pmd-plugin - - - true - - - - verify - - check - cpd-check - - - - - - org.codehaus.mojo - findbugs-maven-plugin - - - verify - - check - - - - - - - org.owasp - dependency-check-maven - - - owasp-dependency-check-suppression.xml - - - - - check - - - - - - - com.mycila - license-maven-plugin - -
license/thales-gpl.header.txt
- - src/main/java/org/ow2/authzforce/webapp/org/apache/** - - - src/main/java/** - src/test/java/** - - - - - format-sources-license - process-sources - - format - - - - format-test-sources-license - process-test-sources - - format - - - - - - - maven-resources-plugin - - - copy-resources - validate - - copy-resources - - - true - ${basedir}/target/server/conf - - - src/test/server.conf - true - - - - - - - - - org.apache.maven.plugins - maven-surefire-plugin - - - - - src/test/resources/test.suites/xml_pdp_only.xml - src/test/resources/test.suites/xml_full.xml - src/test/resources/test.suites/fast_infoset.xml - src/test/resources/test.suites/json.xml - src/test/resources/test.suites/others.xml - - 1 - - false - - all - - - - surefire.testng.verbose - - 2 - - - - - - + 4.0.0 + + org.ow2.authzforce + authzforce-ce-server + 6.0.1-SNAPSHOT + .. + + authzforce-ce-server-webapp + ${project.groupId}:${project.artifactId} + war + Web application packaging for AuthZForce (PAP/PDP) REST service + https://github.com/authzforce/server/rest-service + + + 8.0.32 + + + scm:git:${git.url.base}.git + scm:git:${git.url.base}.git + HEAD + ${git.url.base}/webapp + + + + + + + + + + + + + + javax.servlet + javax.servlet-api + provided + + + org.springframework + spring-web + ${spring.version} + + + + commons-logging + commons-logging + + + + + org.logback-extensions + logback-ext-spring + + + fr.xebia.extras + xebia-logfilter-extras + 1.0.1 + + + + com.sun.xml.fastinfoset + FastInfoset + 1.2.13 + + + jsr173 + javax.xml + + + jsr173_api + javax.xml.bind + + + + + + org.codehaus.jettison + jettison + 1.3.8 + + + org.apache.cxf + cxf-rt-rs-extension-providers + ${cxf.version} + + + + org.apache.cxf + cxf-rt-rs-service-description + + + ${project.groupId} + ${artifactId.prefix}-pap-dao-flat-file + + + ${project.groupId} + ${project.parent.artifactId}-rest-service + ${project.parent.version} + + + + org.springframework + spring-test + ${spring.version} + test + + + org.testng + testng + test + + + org.apache.tomcat.embed + tomcat-embed-core + ${tomcat.version} + test + + + org.apache.tomcat.embed + tomcat-embed-logging-juli + ${tomcat.version} + test + + + org.slf4j + jul-to-slf4j + ${slf4j.version} + test + + + org.apache.cxf + cxf-rt-rs-client + test + + + org.apache.cxf + cxf-testutils + ${cxf.version} + test + + + org.apache.cxf + cxf-rt-frontend-jaxws + ${cxf.version} + test + + + org.apache.cxf + cxf-rt-transports-http-jetty + ${cxf.version} + test + + + org.apache.cxf.services.sts + cxf-services-sts-core + ${cxf.version} + test + + + junit + junit + 4.11 + test + + + ${project.groupId} + ${artifactId.prefix}-core + tests + test + + + + + + org.apache.maven.plugins + maven-pmd-plugin + + + true + + target/generated-sources/xjc + target/generated-test-sources/xjc + target/generated-test-sources/cxf + + + + + verify + + check + cpd-check + + + + + + org.codehaus.mojo + findbugs-maven-plugin + + org.ow2.authzforce.* + + + + verify + + check + + + + + + + org.owasp + dependency-check-maven + + + owasp-dependency-check-suppression.xml + + + + + check + + + + + + + com.mycila + license-maven-plugin + +
license/thales-gpl.header.txt
+ + src/main/java/org/ow2/authzforce/webapp/org/apache/** + + + src/main/java/** + src/test/java/** + + + + + format-sources-license + process-sources + + format + + + + format-test-sources-license + process-test-sources + + format + + + + + + + maven-resources-plugin + + + copy-resources + validate + + copy-resources + + + true + ${basedir}/target/server/conf + + + src/test/server.conf + true + + + + + + + + org.apache.cxf + cxf-codegen-plugin + ${cxf.version} + + + generate-sources + + + ${basedir}/target/generated-test-sources/cxf + + + + + ${basedir}/src/test/resources/org/apache/coheigea/cxf/sts/xacml/common/DoubleItLogical.wsdl + + + + + + wsdl2java + + + + + + + org.apache.maven.plugins + maven-surefire-plugin + + + + + src/test/resources/test.suites/xml_pdp_only.xml + src/test/resources/test.suites/xml_full.xml + src/test/resources/test.suites/fast_infoset.xml + src/test/resources/test.suites/json.xml + src/test/resources/test.suites/others.xml + + 1 + + false + + all + + + + surefire.testng.verbose + + 2 + + + + + + diff --git a/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/CommonCallbackHandler.java b/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/CommonCallbackHandler.java new file mode 100644 index 0000000..fbfe2f9 --- /dev/null +++ b/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/CommonCallbackHandler.java @@ -0,0 +1,68 @@ +/** + * Copyright (C) 2012-2017 Thales Services SAS. + * + * This file is part of AuthZForce CE. + * + * AuthZForce CE is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * AuthZForce CE is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with AuthZForce CE. If not, see . + */ +package org.apache.coheigea.cxf.sts.xacml.common; + +import java.io.IOException; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; + +import org.apache.wss4j.common.ext.WSPasswordCallback; + +public class CommonCallbackHandler implements CallbackHandler +{ + + @Override + public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException + { + for (final Callback callback : callbacks) + { + if (callback instanceof WSPasswordCallback) + { // CXF + final WSPasswordCallback pc = (WSPasswordCallback) callback; + if ("myclientkey".equals(pc.getIdentifier())) + { + pc.setPassword("ckpass"); + break; + } + else if ("myservicekey".equals(pc.getIdentifier())) + { + pc.setPassword("skpass"); + break; + } + else if ("alice".equals(pc.getIdentifier())) + { + pc.setPassword("security"); + break; + } + else if ("bob".equals(pc.getIdentifier())) + { + pc.setPassword("security"); + break; + } + else if ("mystskey".equals(pc.getIdentifier())) + { + pc.setPassword("stskpass"); + break; + } + } + } + } +} diff --git a/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/DoubleItPortTypeImpl.java b/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/DoubleItPortTypeImpl.java new file mode 100644 index 0000000..c0253ee --- /dev/null +++ b/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/DoubleItPortTypeImpl.java @@ -0,0 +1,49 @@ +/** + * Copyright (C) 2012-2017 Thales Services SAS. + * + * This file is part of AuthZForce CE. + * + * AuthZForce CE is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * AuthZForce CE is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with AuthZForce CE. If not, see . + */ +package org.apache.coheigea.cxf.sts.xacml.common; + +import java.security.Principal; + +import javax.annotation.Resource; +import javax.jws.WebService; +import javax.xml.ws.WebServiceContext; + +import org.apache.cxf.feature.Features; +import org.example.contract.doubleit.DoubleItPortType; +import org.junit.Assert; + +@WebService(targetNamespace = "http://www.example.org/contract/DoubleIt", + serviceName = "DoubleItService", + endpointInterface = "org.example.contract.doubleit.DoubleItPortType") +@Features(features = "org.apache.cxf.feature.LoggingFeature") +public class DoubleItPortTypeImpl implements DoubleItPortType { + + @Resource + WebServiceContext wsContext; + + public int doubleIt(int numberToDouble) { + Principal pr = wsContext.getUserPrincipal(); + + Assert.assertNotNull("Principal must not be null", pr); + Assert.assertNotNull("Principal.getName() must not return null", pr.getName()); + + return numberToDouble * 2; + } + +} diff --git a/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/RolesClaimsHandler.java b/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/RolesClaimsHandler.java new file mode 100644 index 0000000..84f7038 --- /dev/null +++ b/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/RolesClaimsHandler.java @@ -0,0 +1,70 @@ +/** + * Copyright (C) 2012-2017 Thales Services SAS. + * + * This file is part of AuthZForce CE. + * + * AuthZForce CE is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * AuthZForce CE is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with AuthZForce CE. If not, see . + */ +package org.apache.coheigea.cxf.sts.xacml.common; + +import java.net.URI; +import java.util.ArrayList; +import java.util.List; + +import org.apache.cxf.rt.security.claims.Claim; +import org.apache.cxf.rt.security.claims.ClaimCollection; +import org.apache.cxf.sts.claims.ClaimsHandler; +import org.apache.cxf.sts.claims.ClaimsParameters; +import org.apache.cxf.sts.claims.ProcessedClaim; +import org.apache.cxf.sts.claims.ProcessedClaimCollection; + +/** + * A ClaimsHandler implementation that works with Roles. + */ +public class RolesClaimsHandler implements ClaimsHandler { + + public static final URI ROLE = + URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"); + + public ProcessedClaimCollection retrieveClaimValues( + ClaimCollection claims, ClaimsParameters parameters) { + + if (claims != null && claims.size() > 0) { + ProcessedClaimCollection claimCollection = new ProcessedClaimCollection(); + for (Claim requestClaim : claims) { + ProcessedClaim claim = new ProcessedClaim(); + claim.setClaimType(requestClaim.getClaimType()); + if (ROLE.equals(requestClaim.getClaimType())) { + claim.setIssuer("STS"); + if ("alice".equals(parameters.getPrincipal().getName())) { + claim.addValue("boss"); + claim.addValue("employee"); + } else if ("bob".equals(parameters.getPrincipal().getName())) { + claim.addValue("employee"); + } + } + claimCollection.add(claim); + } + return claimCollection; + } + return null; + } + + public List getSupportedClaimTypes() { + List list = new ArrayList(); + list.add(ROLE); + return list; + } + +} diff --git a/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/STSServer.java b/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/STSServer.java new file mode 100644 index 0000000..ecd37f4 --- /dev/null +++ b/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/STSServer.java @@ -0,0 +1,46 @@ +/** + * Copyright (C) 2012-2017 Thales Services SAS. + * + * This file is part of AuthZForce CE. + * + * AuthZForce CE is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * AuthZForce CE is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with AuthZForce CE. If not, see . + */ +package org.apache.coheigea.cxf.sts.xacml.common; + +import java.net.URL; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; + +public class STSServer extends AbstractBusTestServerBase { + + public STSServer() { + + } + + protected void run() { + URL busFile = STSServer.class.getResource("cxf-sts.xml"); + Bus busLocal = new SpringBusFactory().createBus(busFile); + BusFactory.setDefaultBus(busLocal); + setBus(busLocal); + + try { + new STSServer(); + } catch (Exception e) { + e.printStackTrace(); + } + } +} diff --git a/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/TokenTestUtils.java b/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/TokenTestUtils.java new file mode 100644 index 0000000..4bf22f3 --- /dev/null +++ b/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/TokenTestUtils.java @@ -0,0 +1,53 @@ +/** + * Copyright (C) 2012-2017 Thales Services SAS. + * + * This file is part of AuthZForce CE. + * + * AuthZForce CE is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * AuthZForce CE is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with AuthZForce CE. If not, see . + */ +package org.apache.coheigea.cxf.sts.xacml.common; + +import javax.xml.ws.BindingProvider; + +import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.trust.STSClient; + +public final class TokenTestUtils { + + private TokenTestUtils() { + // complete + } + + public static void updateSTSPort(BindingProvider p, String port) { + STSClient stsClient = (STSClient)p.getRequestContext().get(SecurityConstants.STS_CLIENT); + if (stsClient != null) { + String location = stsClient.getWsdlLocation(); + if (location != null && location.contains("8080")) { + stsClient.setWsdlLocation(location.replace("8080", port)); + } else if (location != null && location.contains("8443")) { + stsClient.setWsdlLocation(location.replace("8443", port)); + } + } + stsClient = (STSClient)p.getRequestContext().get(SecurityConstants.STS_CLIENT + ".sct"); + if (stsClient != null) { + String location = stsClient.getWsdlLocation(); + if (location.contains("8080")) { + stsClient.setWsdlLocation(location.replace("8080", port)); + } else if (location.contains("8443")) { + stsClient.setWsdlLocation(location.replace("8443", port)); + } + } + } + +} diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/DomainAPIHelper.java b/webapp/src/test/java/org/ow2/authzforce/web/test/DomainAPIHelper.java index d1e68d4..f5d5efd 100644 --- a/webapp/src/test/java/org/ow2/authzforce/web/test/DomainAPIHelper.java +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/DomainAPIHelper.java @@ -42,7 +42,7 @@ import oasis.names.tc.xacml._3_0.core.schema.wd_17.Response; import org.ow2.authzforce.core.pdp.impl.PdpModelHandler; -import org.ow2.authzforce.core.test.utils.TestUtils; +import org.ow2.authzforce.core.pdp.impl.test.utils.TestUtils; import org.ow2.authzforce.core.xmlns.pdp.Pdp; import org.ow2.authzforce.core.xmlns.pdp.StaticRefBasedRootPolicyProvider; import org.ow2.authzforce.pap.dao.flatfile.FlatFileDAOUtils; diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/DomainMainTestWithoutAutoSyncOrVersionRolling.java b/webapp/src/test/java/org/ow2/authzforce/web/test/DomainMainTestWithoutAutoSyncOrVersionRolling.java index 1f0015d..852bf81 100644 --- a/webapp/src/test/java/org/ow2/authzforce/web/test/DomainMainTestWithoutAutoSyncOrVersionRolling.java +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/DomainMainTestWithoutAutoSyncOrVersionRolling.java @@ -62,10 +62,10 @@ import org.apache.cxf.jaxrs.client.WebClient; import org.ow2.authzforce.core.pdp.impl.DefaultRequestFilter; import org.ow2.authzforce.core.pdp.impl.MultiDecisionRequestFilter; -import org.ow2.authzforce.core.test.custom.TestCombinedDecisionResultFilter; -import org.ow2.authzforce.core.test.custom.TestDNSNameValueEqualFunction; -import org.ow2.authzforce.core.test.custom.TestDNSNameWithPortValue; -import org.ow2.authzforce.core.test.custom.TestOnPermitApplySecondCombiningAlg; +import org.ow2.authzforce.core.pdp.impl.test.custom.TestCombinedDecisionResultFilter; +import org.ow2.authzforce.core.pdp.impl.test.custom.TestDNSNameValueEqualFunction; +import org.ow2.authzforce.core.pdp.impl.test.custom.TestDNSNameWithPortValue; +import org.ow2.authzforce.core.pdp.impl.test.custom.TestOnPermitApplySecondCombiningAlg; import org.ow2.authzforce.core.xmlns.test.TestAttributeProvider; import org.ow2.authzforce.pap.dao.flatfile.FlatFileBasedDomainsDAO; import org.ow2.authzforce.pap.dao.flatfile.FlatFileBasedDomainsDAO.PdpCoreFeature; @@ -86,7 +86,7 @@ import org.ow2.authzforce.rest.api.xmlns.PdpPropertiesUpdate; import org.ow2.authzforce.rest.api.xmlns.ResourceContent; import org.ow2.authzforce.rest.api.xmlns.Resources; -import org.ow2.authzforce.xacml.identifiers.XACMLCategory; +import org.ow2.authzforce.xacml.identifiers.XACMLAttributeCategory; import org.ow2.authzforce.xacml.identifiers.XPATHVersion; import org.ow2.authzforce.xmlns.pdp.ext.AbstractAttributeProvider; import org.slf4j.Logger; @@ -1494,7 +1494,7 @@ public void requestPDPDumb() throws JAXBException * This test is mostly for enablePdpOnly=true */ final Request xacmlReq = new Request(new RequestDefaults(XPATHVersion.V2_0.getURI()), Collections.singletonList(new Attributes(null, Collections. emptyList(), - XACMLCategory.XACML_1_0_SUBJECT_CATEGORY_ACCESS_SUBJECT.value(), null)), null, false, false); + XACMLAttributeCategory.XACML_1_0_ACCESS_SUBJECT.value(), null)), null, false, false); testDomain.getPdpResource().requestPolicyDecision(xacmlReq); } diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/XacmlToJsonConversion.java b/webapp/src/test/java/org/ow2/authzforce/web/test/XacmlToJsonConversion.java new file mode 100644 index 0000000..0e2278e --- /dev/null +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/XacmlToJsonConversion.java @@ -0,0 +1,83 @@ +/** + * Copyright (C) 2012-2017 Thales Services SAS. + * + * This file is part of AuthZForce CE. + * + * AuthZForce CE is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * AuthZForce CE is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with AuthZForce CE. If not, see . + */ +package org.ow2.authzforce.web.test; + +import java.io.File; +import java.io.IOException; +import java.util.Collections; + +import javax.xml.stream.FactoryConfigurationError; +import javax.xml.stream.XMLEventReader; +import javax.xml.stream.XMLEventWriter; +import javax.xml.stream.XMLInputFactory; +import javax.xml.stream.XMLStreamException; +import javax.xml.transform.stax.StAXSource; +import javax.xml.transform.stream.StreamSource; +import javax.xml.validation.Validator; + +import org.codehaus.jettison.mapped.MappedXMLOutputFactory; +import org.ow2.authzforce.core.pdp.api.JaxbXACMLUtils; +import org.xml.sax.ErrorHandler; +import org.xml.sax.SAXException; +import org.xml.sax.SAXParseException; + +public class XacmlToJsonConversion +{ + + public static void main(final String[] args) throws XMLStreamException, FactoryConfigurationError, SAXException, IOException + { + final String xmlDocFilepath = "src/test/resources/xacml.samples/policy.xml"; + + /* + * replace new StreamSource(new File(xmlDocFilepath)) with new StringReader(xml) if input xml is XML string + */ + final XMLEventReader reader = XMLInputFactory.newInstance().createXMLEventReader(new StreamSource(new File(xmlDocFilepath))); + final Validator validator = JaxbXACMLUtils.XACML_3_0_SCHEMA.newValidator(); + validator.validate(new StAXSource(reader)); + validator.setErrorHandler(new ErrorHandler() + { + + @Override + public void warning(final SAXParseException exception) throws SAXException + { + System.out.println(exception); + } + + @Override + public void fatalError(final SAXParseException exception) throws SAXException + { + System.out.println(exception); + + } + + @Override + public void error(final SAXParseException exception) throws SAXException + { + System.out.println(exception); + + } + }); + + final XMLEventWriter writer = new MappedXMLOutputFactory(Collections.emptyMap()).createXMLEventWriter(System.out); + writer.add(reader); + writer.close(); + reader.close(); + + } +} diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/PdpServer.java b/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/PdpServer.java new file mode 100644 index 0000000..bcdc037 --- /dev/null +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/PdpServer.java @@ -0,0 +1,46 @@ +/** + * Copyright (C) 2012-2017 Thales Services SAS. + * + * This file is part of AuthZForce CE. + * + * AuthZForce CE is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * AuthZForce CE is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with AuthZForce CE. If not, see . + */ +package org.ow2.authzforce.web.test.pep.cxf; + +import java.net.URL; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; + +public class PdpServer extends AbstractBusTestServerBase { + + public PdpServer() { + + } + + protected void run() { + URL busFile = PdpServer.class.getResource("cxf-pdp.xml"); + Bus busLocal = new SpringBusFactory().createBus(busFile); + BusFactory.setDefaultBus(busLocal); + setBus(busLocal); + + try { + new PdpServer(); + } catch (Exception e) { + e.printStackTrace(); + } + } +} diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptor.java b/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptor.java new file mode 100644 index 0000000..f5bf4c5 --- /dev/null +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptor.java @@ -0,0 +1,291 @@ +/** + * Copyright (C) 2012-2017 Thales Services SAS. + * + * This file is part of AuthZForce CE. + * + * AuthZForce CE is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * AuthZForce CE is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with AuthZForce CE. If not, see . + */ +package org.ow2.authzforce.web.test.pep.cxf; + +import static org.ow2.authzforce.xacml.identifiers.XACMLAttributeCategory.XACML_1_0_ACCESS_SUBJECT; +import static org.ow2.authzforce.xacml.identifiers.XACMLAttributeCategory.XACML_3_0_ACTION; +import static org.ow2.authzforce.xacml.identifiers.XACMLAttributeCategory.XACML_3_0_RESOURCE; + +import java.security.Principal; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.Set; + +import javax.xml.namespace.QName; + +import oasis.names.tc.xacml._3_0.core.schema.wd_17.Attribute; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.Attributes; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.Request; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.Response; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.Result; + +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.interceptor.security.AccessDeniedException; +import org.apache.cxf.message.Message; +import org.apache.cxf.phase.AbstractPhaseInterceptor; +import org.apache.cxf.phase.Phase; +import org.apache.cxf.rt.security.saml.xacml.CXFMessageParser; +import org.apache.cxf.rt.security.saml.xacml.XACMLConstants; +import org.apache.cxf.security.LoginSecurityContext; +import org.apache.cxf.security.SecurityContext; +import org.apache.wss4j.common.ext.WSSecurityException; +import org.ow2.authzforce.core.pdp.api.HashCollections; +import org.ow2.authzforce.rest.api.jaxrs.PdpResource; +import org.ow2.authzforce.xacml.identifiers.XACMLAttributeId; +import org.ow2.authzforce.xacml.identifiers.XACMLDatatypeId; +import org.slf4j.LoggerFactory; + +/** + * This class represents a so-called XACML PEP that, for every CXF service request, creates an XACML 3.0 authorization decision Request to a PDP using AuthzForce Server's RESTful API, given a + * Principal, list of roles - typically coming from SAML token - and MessageContext. The principal name is inserted as the Subject ID, and the list of roles associated with that principal are inserted + * as Subject roles. The action to send defaults to "execute". It is an adaptation of + * https://github.com/coheigea/testcases/blob/master/apache/cxf/cxf-sts-xacml/src/test/java/org/apache/coheigea/cxf/sts/xacml/authorization/xacml3/XACML3AuthorizingInterceptor.java, except it uses + * AuthzForce RESTful API for PDP evaluation instead of OpenAZ API. + * + * For a SOAP Service, the resource-id Attribute refers to the "{serviceNamespace}serviceName#{operationNamespace}operationName" String (shortened to "{serviceNamespace}serviceName#operationName" if + * the namespaces are identical). The "{serviceNamespace}serviceName", "{operationNamespace}operationName" and resource URI are also sent to simplify processing at the PDP side. + * + * For a REST service the request URL is the resource. You can also configure the ability to send the truncated request URI instead for a SOAP or REST service. + */ +public class RESTfulPdpBasedAuthzInterceptor extends AbstractPhaseInterceptor +{ + + private static final org.slf4j.Logger LOGGER = LoggerFactory.getLogger(RESTfulPdpBasedAuthzInterceptor.class); + + private static final String DEFAULT_SOAP_ACTION = "execute"; + + private final PdpResource pdp; + + /** + * Create Authorization interceptor (XACML PEP) using input {@code pdp} as XACML PDP + * + * @param pdp + * XACML PDP + */ + public RESTfulPdpBasedAuthzInterceptor(final PdpResource pdp) + { + super(Phase.PRE_INVOKE); + this.pdp = pdp; + } + + @Override + public void handleMessage(final Message message) throws Fault + { + final SecurityContext sc = message.get(SecurityContext.class); + if (sc instanceof LoginSecurityContext) + { + final Principal principal = sc.getUserPrincipal(); + final LoginSecurityContext loginSecurityContext = (LoginSecurityContext) sc; + final Set principalRoles = loginSecurityContext.getUserRoles(); + final Set roles; + if (principalRoles == null) + { + roles = Collections.emptySet(); + } + else + { + roles = HashCollections.newUpdatableSet(principalRoles.size()); + for (final Principal p : principalRoles) + { + if (p != principal) + { + roles.add(p.getName()); + } + } + } + + try + { + if (authorize(principal, roles, message)) + { + return; + } + } + catch (final Exception e) + { + LOGGER.debug("Unauthorized", e); + throw new AccessDeniedException("Unauthorized"); + } + } + else + { + LOGGER.debug("The SecurityContext was not an instance of LoginSecurityContext. No authorization is possible as a result"); + } + + throw new AccessDeniedException("Unauthorized"); + } + + protected boolean authorize(final Principal principal, final Set roles, final Message message) throws Exception + { + final Request request = createRequest(principal, roles, message); + LOGGER.debug("XACML Request: {}", request); + + // Evaluate the request + final Response response = pdp.requestPolicyDecision(request); + + if (response == null || response.getResults().isEmpty()) + { + return false; + } + + final Result result = response.getResults().get(0); + // Handle any Obligations returned by the PDP + handleObligationsOrAdvice(request, principal, message, result); + + LOGGER.debug("XACML authorization result: {}", result); + return result.getDecision() == DecisionType.PERMIT; + } + + private static Request createRequest(final Principal principal, final Set roles, final Message message) throws WSSecurityException + { + assert roles != null; + + final CXFMessageParser messageParser = new CXFMessageParser(message); + final String issuer = messageParser.getIssuer(); + + /* + * 3 attribute categories, 7 total attributes + */ + + // Subject attributes + // Subject ID + final AttributeValueType subjectIdVal = new AttributeValueType(Collections.singletonList(principal.getName()), XACMLDatatypeId.STRING.value(), null); + final Attribute subjectIdAtt = new Attribute(Collections.singletonList(subjectIdVal), XACMLAttributeId.XACML_1_0_SUBJECT_ID.value(), issuer, false); + + // Subject role(s) + final Attribute subjectRoleAtt = new Attribute(stringsToAttributeValues(roles, XACMLDatatypeId.ANY_URI.value()), XACMLAttributeId.XACML_2_0_SUBJECT_ROLE.value(), issuer, false); + + final Attributes subjectCategory = new Attributes(null, Arrays.asList(subjectIdAtt, subjectRoleAtt), XACML_1_0_ACCESS_SUBJECT.value(), null); + + // Resource attributes + // Resource ID + final AttributeValueType resourceIdVal = new AttributeValueType(Collections.singletonList(getResourceId(messageParser)), XACMLDatatypeId.STRING.value(), null); + final Attribute resourceIdAtt = new Attribute(Collections.singletonList(resourceIdVal), XACMLAttributeId.XACML_1_0_RESOURCE_ID.value(), null, false); + + // Resource - WSDL-defined Service ID / Operation / Endpoint + List resourceAtts; + if (messageParser.isSOAPService()) + { + // WSDL Service + final QName wsdlService = messageParser.getWSDLService(); + if (wsdlService == null) + { + resourceAtts = new ArrayList<>(3); + resourceAtts.add(resourceIdAtt); + } + else + { + resourceAtts = new ArrayList<>(4); + resourceAtts.add(resourceIdAtt); + + final AttributeValueType resourceServiceIdAttVal = new AttributeValueType(Collections.singletonList(wsdlService.toString()), XACMLDatatypeId.STRING.value(), null); + final Attribute resourceServiceIdAtt = new Attribute(Collections.singletonList(resourceServiceIdAttVal), XACMLConstants.RESOURCE_WSDL_SERVICE_ID, null, false); + resourceAtts.add(resourceServiceIdAtt); + } + + // WSDL Operation + final QName wsdlOperation = messageParser.getWSDLOperation(); + final AttributeValueType resourceOperationIdAttVal = new AttributeValueType(Collections.singletonList(wsdlOperation.toString()), XACMLDatatypeId.STRING.value(), null); + final Attribute resourceOperationIdAtt = new Attribute(Collections.singletonList(resourceOperationIdAttVal), XACMLConstants.RESOURCE_WSDL_OPERATION_ID, null, false); + resourceAtts.add(resourceOperationIdAtt); + + // WSDL Endpoint + final String endpointURI = messageParser.getResourceURI(false); + final AttributeValueType resourceWSDLEndpointAttVal = new AttributeValueType(Collections.singletonList(endpointURI), XACMLDatatypeId.STRING.value(), null); + final Attribute resourceWSDLEndpointAtt = new Attribute(Collections.singletonList(resourceWSDLEndpointAttVal), XACMLConstants.RESOURCE_WSDL_ENDPOINT, null, false); + resourceAtts.add(resourceWSDLEndpointAtt); + } + else + { + resourceAtts = Collections.singletonList(resourceIdAtt); + } + + final Attributes resourceCategory = new Attributes(null, resourceAtts, XACML_3_0_RESOURCE.value(), null); + + // Action ID + final String actionToUse = messageParser.getAction(DEFAULT_SOAP_ACTION); + final AttributeValueType actionIdAttVal = new AttributeValueType(Collections.singletonList(actionToUse), XACMLDatatypeId.STRING.value(), null); + final Attribute actionIdAtt = new Attribute(Collections.singletonList(actionIdAttVal), XACMLAttributeId.XACML_1_0_ACTION_ID.value(), null, false); + + final Attributes actionCategory = new Attributes(null, Collections.singletonList(actionIdAtt), XACML_3_0_ACTION.value(), null); + + // Environment - current date/time will be set by the PDP + + return new Request(null, Arrays.asList(subjectCategory, resourceCategory, actionCategory), null, false, false); + } + + private static List stringsToAttributeValues(final Set strings, final String datatype) + { + assert strings != null; + + final List attVals = new ArrayList<>(strings.size()); + for (final String string : strings) + { + attVals.add(new AttributeValueType(Collections.singletonList(string), datatype, null)); + } + + return attVals; + } + + private static String getResourceId(final CXFMessageParser messageParser) + { + final String resourceId; + if (messageParser.isSOAPService()) + { + final QName serviceName = messageParser.getWSDLService(); + final QName operationName = messageParser.getWSDLOperation(); + + if (serviceName != null) + { + final String resourceIdPrefix = serviceName.toString() + "#"; + if (serviceName.getNamespaceURI() != null && serviceName.getNamespaceURI().equals(operationName.getNamespaceURI())) + { + resourceId = resourceIdPrefix + operationName.getLocalPart(); + } + else + { + resourceId = resourceIdPrefix + operationName.toString(); + } + } + else + { + resourceId = operationName.toString(); + } + } + else + { + resourceId = messageParser.getResourceURI(false); + } + + return resourceId; + } + + /** + * Handle any Obligations returned by the PDP. Does nothing by default. Override this method if you want to handle Obligations/Advice in a specific way + */ + protected void handleObligationsOrAdvice(final Request request, final Principal principal, final Message message, final Result result) throws Exception + { + // Do nothing by default + } + +} diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptorTest.java b/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptorTest.java new file mode 100644 index 0000000..9d9bc74 --- /dev/null +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptorTest.java @@ -0,0 +1,141 @@ +/** + * Copyright (C) 2012-2017 Thales Services SAS. + * + * This file is part of AuthZForce CE. + * + * AuthZForce CE is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * AuthZForce CE is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with AuthZForce CE. If not, see . + */ +package org.ow2.authzforce.web.test.pep.cxf; + +import java.net.URL; + +import javax.xml.namespace.QName; +import javax.xml.ws.BindingProvider; +import javax.xml.ws.Service; + +import org.apache.coheigea.cxf.sts.xacml.common.STSServer; +import org.apache.coheigea.cxf.sts.xacml.common.TokenTestUtils; +import org.apache.cxf.Bus; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.endpoint.Client; +import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; +import org.example.contract.doubleit.DoubleItPortType; +import org.testng.annotations.BeforeClass; + +/** + * The client authenticates to the STS using a username/password, and gets a signed holder-of-key SAML Assertion in return. This is presented to the service, who verifies proof-of-possession + the + * signature of the STS on the assertion. The CXF endpoint extracts roles from the Assertion + populates the security context. Note that the CXF endpoint requires a "role" Claim via the security + * policy. + * + * The CXF Endpoint has configured the XACMLAuthorizingInterceptor, which creates a XACML 3.0 request for dispatch to the PDP, and then enforces the PDP's decision. The PDP is a REST service, + * that requires that a user must have role "boss" to access the "doubleIt" operation ("alice" has this role, "bob" does not). + */ +public class RESTfulPdpBasedAuthzInterceptorTest extends AbstractBusClientServerTestBase +{ + + // public static final String PDP_PORT = allocatePort(PdpServer.class); + static + { + allocatePort(PdpServer.class); + } + + private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt"; + private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService"); + + private static final String PORT = allocatePort(Server.class); + private static final String STS_PORT = allocatePort(STSServer.class); + + @BeforeClass + public static void startServers() throws Exception + { + assertTrue("Server failed to launch", + // run the server in the same process + // set this to false to fork + launchServer(Server.class, true)); + assertTrue("Server failed to launch", + // run the server in the same process + // set this to false to fork + launchServer(STSServer.class, true)); + assertTrue("Server failed to launch", + // run the server in the same process + // set this to false to fork + launchServer(PdpServer.class, true)); + } + + @org.junit.Test + public void testAuthorizedRequest() throws Exception + { + + final SpringBusFactory bf = new SpringBusFactory(); + final URL busFile = RESTfulPdpBasedAuthzInterceptorTest.class.getResource("cxf-ws-client.xml"); + + final Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + final URL wsdl = RESTfulPdpBasedAuthzInterceptorTest.class.getResource("DoubleItSecure.wsdl"); + final Service service = Service.create(wsdl, SERVICE_QNAME); + final QName portQName = new QName(NAMESPACE, "DoubleItTransportPort"); + final DoubleItPortType transportPort = service.getPort(portQName, DoubleItPortType.class); + updateAddressPort(transportPort, PORT); + + final Client client = ClientProxy.getClient(transportPort); + client.getRequestContext().put("ws-security.username", "alice"); + + TokenTestUtils.updateSTSPort((BindingProvider) transportPort, STS_PORT); + + doubleIt(transportPort, 25); + } + + @org.junit.Test + public void testUnauthorizedRequest() throws Exception + { + + final SpringBusFactory bf = new SpringBusFactory(); + final URL busFile = RESTfulPdpBasedAuthzInterceptorTest.class.getResource("cxf-ws-client.xml"); + + final Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + final URL wsdl = RESTfulPdpBasedAuthzInterceptorTest.class.getResource("DoubleItSecure.wsdl"); + final Service service = Service.create(wsdl, SERVICE_QNAME); + final QName portQName = new QName(NAMESPACE, "DoubleItTransportPort"); + final DoubleItPortType transportPort = service.getPort(portQName, DoubleItPortType.class); + updateAddressPort(transportPort, PORT); + + final Client client = ClientProxy.getClient(transportPort); + client.getRequestContext().put("ws-security.username", "bob"); + + TokenTestUtils.updateSTSPort((BindingProvider) transportPort, STS_PORT); + + try + { + doubleIt(transportPort, 25); + fail("Failure expected on bob"); + } + catch (final Exception ex) + { + // expected + } + } + + private static void doubleIt(final DoubleItPortType port, final int numToDouble) + { + final int resp = port.doubleIt(numToDouble); + assertEquals(numToDouble * 2, resp); + } + +} diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/Server.java b/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/Server.java new file mode 100644 index 0000000..f6b51c1 --- /dev/null +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/Server.java @@ -0,0 +1,53 @@ +/** + * Copyright (C) 2012-2017 Thales Services SAS. + * + * This file is part of AuthZForce CE. + * + * AuthZForce CE is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * AuthZForce CE is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with AuthZForce CE. If not, see . + */ +package org.ow2.authzforce.web.test.pep.cxf; + +import java.net.URL; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; + +public class Server extends AbstractBusTestServerBase +{ + + public Server() + { + + } + + @Override + protected void run() + { + final URL busFile = Server.class.getResource("cxf-doubleit-service.xml"); + final Bus busLocal = new SpringBusFactory().createBus(busFile); + BusFactory.setDefaultBus(busLocal); + setBus(busLocal); + + try + { + new Server(); + } + catch (final Exception e) + { + e.printStackTrace(); + } + } +} diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/WSS4JBasicAuthFilter.java b/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/WSS4JBasicAuthFilter.java new file mode 100644 index 0000000..6674c8e --- /dev/null +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/WSS4JBasicAuthFilter.java @@ -0,0 +1,55 @@ +/** + * Copyright (C) 2012-2017 Thales Services SAS. + * + * This file is part of AuthZForce CE. + * + * AuthZForce CE is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * AuthZForce CE is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with AuthZForce CE. If not, see . + */ +package org.ow2.authzforce.web.test.pep.cxf; + +import java.io.IOException; + +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerRequestFilter; +import javax.ws.rs.core.Response; + +import org.apache.cxf.configuration.security.AuthorizationPolicy; +import org.apache.cxf.jaxrs.utils.ExceptionUtils; +import org.apache.cxf.jaxrs.utils.JAXRSUtils; +import org.apache.cxf.message.Message; +import org.apache.cxf.rt.security.saml.interceptor.WSS4JBasicAuthValidator; + +/** + * Extends the WSS4J validator as a JAX-RS request filter + */ +public class WSS4JBasicAuthFilter extends WSS4JBasicAuthValidator implements ContainerRequestFilter { + + public void filter(ContainerRequestContext requestContext) throws IOException { + Message message = JAXRSUtils.getCurrentMessage(); + AuthorizationPolicy policy = message.get(AuthorizationPolicy.class); + + if (policy == null || policy.getUserName() == null || policy.getPassword() == null) { + requestContext.abortWith( + Response.status(401).header("WWW-Authenticate", "Basic realm=\"IdP\"").build()); + return; + } + + try { + super.validate(message); + } catch (Exception ex) { + throw ExceptionUtils.toInternalServerErrorException(ex, null); + } + } + +} diff --git a/webapp/src/test/resources/META-INF/spring/client.xml b/webapp/src/test/resources/META-INF/spring/client.xml index 3c2a1fd..10b8586 100644 --- a/webapp/src/test/resources/META-INF/spring/client.xml +++ b/webapp/src/test/resources/META-INF/spring/client.xml @@ -1,7 +1,7 @@ + http://www.springframework.org/schema/util/spring-util.xsd"> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/webapp/src/test/resources/org/apache/coheigea/cxf/sts/xacml/common/cxf-sts.xml b/webapp/src/test/resources/org/apache/coheigea/cxf/sts/xacml/common/cxf-sts.xml new file mode 100644 index 0000000..9b2c18e --- /dev/null +++ b/webapp/src/test/resources/org/apache/coheigea/cxf/sts/xacml/common/cxf-sts.xml @@ -0,0 +1,97 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + https://localhost:(\d)*/doubleit/services/doubleittransport.* + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/webapp/src/test/resources/org/apache/coheigea/cxf/sts/xacml/common/ws-trust-1.4-service.wsdl b/webapp/src/test/resources/org/apache/coheigea/cxf/sts/xacml/common/ws-trust-1.4-service.wsdl new file mode 100644 index 0000000..eb6d06c --- /dev/null +++ b/webapp/src/test/resources/org/apache/coheigea/cxf/sts/xacml/common/ws-trust-1.4-service.wsdl @@ -0,0 +1,257 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/DoubleItSecure.wsdl b/webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/DoubleItSecure.wsdl new file mode 100644 index 0000000..09dbcbe --- /dev/null +++ b/webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/DoubleItSecure.wsdl @@ -0,0 +1,125 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/cxf-doubleit-service.xml b/webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/cxf-doubleit-service.xml new file mode 100644 index 0000000..f650dd8 --- /dev/null +++ b/webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/cxf-doubleit-service.xml @@ -0,0 +1,117 @@ + + + + + + + + + + + + + + + + + + + + + bob + security + Basic + + + + + classpath:/xml.xsd + classpath:/atom.xsd + classpath:/xacml-core-v3-schema-wd-17.xsd + classpath:/pdp-ext-base.xsd + classpath:/xsd/authz-rest-api.xsd + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/cxf-pdp-service.xml b/webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/cxf-pdp-service.xml new file mode 100644 index 0000000..1d38419 --- /dev/null +++ b/webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/cxf-pdp-service.xml @@ -0,0 +1,63 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/cxf-ws-client.xml b/webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/cxf-ws-client.xml new file mode 100644 index 0000000..6d443b2 --- /dev/null +++ b/webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/cxf-ws-client.xml @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/pdp.xml b/webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/pdp.xml new file mode 100644 index 0000000..6839b30 --- /dev/null +++ b/webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/pdp.xml @@ -0,0 +1,8 @@ + + + + ${PARENT_DIR}/policies/boss_permission_policy.xml + + + + diff --git a/webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/policies/boss_permission_policy.xml b/webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/policies/boss_permission_policy.xml new file mode 100644 index 0000000..917cb96 --- /dev/null +++ b/webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/policies/boss_permission_policy.xml @@ -0,0 +1,41 @@ + + + + + + + + + + + {http://www.example.org/contract/DoubleIt}DoubleItService#DoubleIt + + + + + + + + execute + + + + + + + + + + diff --git a/webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/policies/boss_role_policy.xml b/webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/policies/boss_role_policy.xml new file mode 100644 index 0000000..7c14dc6 --- /dev/null +++ b/webapp/src/test/resources/org/ow2/authzforce/web/test/pep/cxf/policies/boss_role_policy.xml @@ -0,0 +1,26 @@ + + + + + + + boss + + + + + + + + org.apache.permissions.doubleit + + + diff --git a/webapp/src/test/resources/stsClientKeystore.properties b/webapp/src/test/resources/stsClientKeystore.properties new file mode 100644 index 0000000..849f326 --- /dev/null +++ b/webapp/src/test/resources/stsClientKeystore.properties @@ -0,0 +1,24 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin +org.apache.ws.security.crypto.merlin.keystore.type=jks +org.apache.ws.security.crypto.merlin.keystore.password=cspass +org.apache.ws.security.crypto.merlin.keystore.alias=myclientkey +org.apache.ws.security.crypto.merlin.keystore.file=stsclientstore.jks + diff --git a/webapp/src/test/resources/stsKeystore.properties b/webapp/src/test/resources/stsKeystore.properties new file mode 100644 index 0000000..2f132ea --- /dev/null +++ b/webapp/src/test/resources/stsKeystore.properties @@ -0,0 +1,23 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin +org.apache.ws.security.crypto.merlin.keystore.type=jks +org.apache.ws.security.crypto.merlin.keystore.password=stsspass +org.apache.ws.security.crypto.merlin.keystore.file=stsstore.jks + diff --git a/webapp/src/test/resources/stsServiceKeystore.properties b/webapp/src/test/resources/stsServiceKeystore.properties new file mode 100644 index 0000000..af7bebe --- /dev/null +++ b/webapp/src/test/resources/stsServiceKeystore.properties @@ -0,0 +1,24 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin +org.apache.ws.security.crypto.merlin.keystore.type=jks +org.apache.ws.security.crypto.merlin.keystore.password=sspass +org.apache.ws.security.crypto.merlin.keystore.alias=myservicekey +org.apache.ws.security.crypto.merlin.keystore.file=stsservicestore.jks + diff --git a/webapp/src/test/resources/stsclientstore.jks b/webapp/src/test/resources/stsclientstore.jks new file mode 100644 index 0000000000000000000000000000000000000000..23168a909516c0ee220c11b2388ba042be769ee6 GIT binary patch literal 4436 zcmds)c{r478^GrsV=!Z63{oA8rL6G|5o3u+oU$BCmWl==ju~SaQPx2kd|4{#Bs+x` zR2<|Ol$2x3K3V!C9BZF5DIw>ZvGlpR`p&t|pPfJ6>%E@mx!?DC@9Tc<-}8G{XIEz- z5D1ig!Pf4)(kd$AUlwpbHOYpj*ErLmont(m0- zP81a8gd#C0Gh3`N(U;&)B@=z9IAKtTGtY%V1_cGFuoF>nqmXesL9x#t$Onib+4BY) zYoNq-6b=Wff!a7NbuFB_({_{^XQ;U`{HAiDWo@klzzyM|U1V1y4oagz@+MZI+C=^P z5&~s<^(p%P$}#OVJ=X-@_)48OM2_hk+0!WE>X6~Ltnk`0RfScc1n|xq--z6|bI-xb z+o2ZC`c)0-g{k=ZXrT}vsbt9+oMq;tkGJ0D0asKGhm4P;^a+pHIJ@evSbc=%zS7(q z@>F)-9ozqGztO9Xiz4{?{*O>D00QJi0YYFDAOMQ9t0XP}6NL#ob)Z&a!e4IQu@@?bIFl1gHk68>Wt^_b8UCCr5g_4;?s8K1r{TR zr~Bg-#+OHqhk8y_RX2#*!m<N0<;K3-;oO$Pq#iwuC6|1v`(u!aD0#r} zE*(uR!;56Xd(X9nS-U5mj`Y6mR~}a`KzX%>0)93Mi2i51+=v@EARiHS_>2RX4j2X7 z&&EOaCJw5jOs@s5#kup24Nj3{@yr2P=M37JQ$vXfgT{dcxHu5&uxN~B* zl474WsJVp{Yr}s^ntuk77PV@l-!ksW?Bj+7hB!r>v3!_$BU*P(5AGFbEEAV>z2K&! zTbHq(V6il^qBWm}0!HaG7jLD!=O;25<*ba~I;Ub-=k;UjSMnjs$4}K)bzQ4^bHTP! zje&fh+~lSvUrf>O8*DR~IRXUToBsLSa`&Nka!I6%WN1w8gq!O3MA{%dxewmy_Sc1eJockDMlBLu4ML%|!}-EhdN7oKI`|hg6Qum(LyeSA2m= zb>>{SX&?#uZ&!dde{xd)kc2N0F%KT(`8l}yabx~4+{j1nDI%gr#zio=Piesv+Dn(t zNxjm(@Z{=^+lxQgePAX2v~cyUax`7(N4aZ`F=g!nBBzXyVes}(%GV#fZQIeTB6DWG zF!^S?)r;wc{>_(uj;{^=5>Rs>|FF+o<##!u( zcO5S<^Z97pmt+y%^aw5tABo~dAbC;(s2h!{i3343bxrk+BV7~RzcB>A{?woC`+?j2 zxjFDGjQSCrgm;H&RsAob#ogtT;T<)hFIx@g-@0}aR&*84-5VP=DU4IoHtLEcOJ@-M ziuE4goAUAZhYnNj(e(n%+Oqjyu*jx3%kGE)e2MHa=PSC7mgq{q&=Xm_Lv!ftq4W^j z1B||u!lZX+Nkb97cHZnzH}JZLl%RfWsdqv5 z;OYv$_Y7;+Sv>V)Y*bSUQf$YY*3N>fyJ`dMB|lmHl6v5{pw&nSk18PWZn5reqa{`` znsQ<hL}j6PQFDW%-BSJ*GDec9(}XGcp2Rioc17tMtwu&9bkk8qz3>u#m${ZBNa! zuGC|f5rDAE=tlBl+t;QvmZtfzjj{%ef>yGzj!=RFFhCKCX1gH-76r{OI5ziWIwo~bVs(84|{+ghAGbDjj%yWZRa^#9i3=A&K_o6@imhUO;j1z08F@BOk3nr>|&+gc9qP8tW zq;^6=0fE3c=#PA8o4>}RahRbZe?858Rwpv`WrfK=OA|exrdyo#vqVyKVe?LL9u1~T z$3Q$%C*t=Ncvy7{!WrTEYG$Q$w0W*NMDIvcm4TGQw9MnX4QI6rYaVw!o?vRH554)` zjDH>#GiZEbGKrFmZ<-InJCx(sQGGqooFwaoL};z5%pseP(aqb|Be%G6wUSo&Tj)barWFsLC=6MG(+#Dji%)wDFdvp$N*MbLXsJP_DB;f% zhuu#(@G(p-x)D2AQkT>IWk@v(7|*KY5B#JBG*N>;o^y_h7JSN(m{bbc6K9`PcT7a2 zNQvIR@Clt$ODQd3M3&&iQ2i%oex%OtdUrcBO{iC}CfMY=cy}8+II}&|hHz?qV{iWW zz;?1tN0eXd1L;xyLk%LdjS*0atA2dcW=Ob~=} zvV-je=R15#>l7De9Prxi_GT+`zw(#eNxgb>6Ne}q70dt9lkgz>U+ma zZO9>M!QvSs449O)Q`f(XZm{X_Sz-=?1CqZ!r=K(^-;l#c{a?SeKD#~(fk2>) z1>4x!ae>}G-fq}H2n0|-G-J0zSWYV(0#z92Qy>X8&RC`t7!-g)IUq|JRy2&+N(#u$ z${`zN7`4m|04yvJka!o306AD;R&Z7%)XDRIVp8kw4)g+W1P zC<4iCWQo$ldO8q%a99r?v>+(J^uv${e}8`kMj{H1cpO>`6#emo9Dp!_;n&_g19ypV zqtT!usDf5jQbsG;h;S=1P0XhGx5|Z>zO@nn3j{`tWmJOLSF&3Z zuSt-PY_IA{<{9-Azodg0Q#0P%D0J?0s@JN_ThkQnNPRO=!Hf<46Jch8_r(;k1$oy!6e6%2yMhZA}Phb`>RY0}L;LoWCFmt?T^^g#i#Civ$ROB!CCp$*9s!9=I@E(58c%9z`}2FFhvYF+P?^{jx`Q z2S^-bo=d`s-5`+`{>zvQVsSRH;O|r((iXvRG4n&hSwI*7eBD|!hJ0X*YRQH+7aA_r zJjoTepvm^T{>!OLE@f)!`R?HoZK{ol&y35*_icp~iF$)v4i!6gU?qHTy7!9A`0B82 zh|5GpWxcQ^oD$O`l_$S5R5kf=X4I!`c5NAbKF6FLG9vG@F2b>WVN-sOplhScRQTesR%eK}o0P@K9UyU=0UcD`DXBju?!ma^QvO ztNSqP$66@2`m4hVoRO&matXmnhE4&9NW3m@S_w(u8D(IBd~5H-bH$gKh&$_X0hN|) zxWwW7-lKSIgot}5z0kiR?oj7d;KXbEv7*88Q9ZXIQsxAtxU^dT>QcNiNr+|!*mJ&m z)Q~f1Ft#lk|`o z-kCT_RMD>H6pfTMBb2rx;krqJ!Gz;nOMswMZHiD*!l*ozl~@&Q)*y9eES!2MQB>qG z-$J&+=<=dt=?6(rDBddFKeRf4+I8N}{G+0aZ>LVHKS%$}u| zaTWbR?tGB*Fh;SYJtMA7w$1sEFZqk!nR~l~RH|Qi4FzWOh+&6~jpZ~JF`0gabfd7z zcjGnGqctBUAKc)l-t8HyA)Vpo!9HyscGp^)kjt$K@+TKI*V4US_O*)LE-_3gxi(%g z;^i!86eHE!N2$#cl*nn%^o|8!!j$7#73$$Dx({7fIP2Z%FxhQl8q+oQuFtJz15U;W z?azYvRkDo>CW^RCMlp z4@n1FzV_F-obH=6xSm#KU7!`}ZLNIMC8*YEu~p2+wZP1%anJR0@;YDdSpPfdG5K9O z-)zB&_y&KWx@R+|O*%GS_IISg)j$&bFav3n??|g887BL#Us?D`lOXZwe?yuH)*oe! zC%B>c7?RjP8ru~nawX40kGh?>W?w|^Y*+RPw^PiIDUxDzYVx{i8)FR1)EO6go zn=n7q2Wht>)Zc5cx{~!I$#J)G?pQn0^fdVHNgy7!W)r!Ak?5J&+=L}AY+p^;Lh8F$ zQ;`doG^6V1*${bK`??BRa>eLn%W}mU#8P~dqvF1Mc+H;vHvJi6z`tnvQP67VZ=a;& z++%Uj$jk}H14nV+LAaj*LYXZf#Fw&63q(&DX6{>!dJ^?}{HI8NDoFgy1O)?x^C0nk zxZtm1GKekN#HN2p8nP;o8l`8*}mz(Q+50ldU65 z+IfWRbrGSg?Q8P4?$5PtYf+H&o6n2C({A=>XYdyrZtK*z;y%w;8S6APZMn#eaT$RN z^ugmC9elna60M>4=IxJ(8OUPPIGwTBzqJ?m@%ae!&z(i^`z#DYa=7Ci9o${;-aeZ` z#h^h@Q3<28IhJC;!<#1f>#zRm-M`82&CFm;M=BYkce!;KR@7As-|H-!yx36{^14-L ze(qeS16^GvsAz0ZKaZ@aqDzayNu*-E?rGdtZOT?H9WcNbMQeB)wNbeKT)-KkO*_Nh zs1{3|v`bXCHsvq(3OSR`KJcEOGLRB%sZ~>W-Ifhir#zt6jD-Ada-b21YT9`BKPAr` zb@aQ%itF#HKAAWAtrK|LR literal 0 HcmV?d00001 diff --git a/webapp/src/test/resources/stsstore.jks b/webapp/src/test/resources/stsstore.jks new file mode 100644 index 0000000000000000000000000000000000000000..e805906aadf5055a49caaf72093a8a5312dc7172 GIT binary patch literal 3978 zcmdtkc{J2(9{})~F}4{qVJzu{LD`qz*iFcmv{)f~ZcJ80uKb|w^`#jJ2o#%VL&-e4p!iR+qFc=I0 z4K8TFVSMyZ{{Vk4S|}8#qbtjwL5nOP3Q+-Ic~B}ma3owAAq0nW!;n!3=2s7oD5ZsK zj?Mgu`PFg3nG(}&r-~j{X*A4UB+jK-9KRj97Cg(csuMKPwRWve$<%Jxm1&kc;B0fe zzoSd$4$+HBUO&SY%rJ<0$HYygWtrmodP%$dH>(FdaUPqUdQx9vgsEoQHNJi54NH`k zI5uUW8WdeQUp8OXPJF#{WJG&Qms-b%{+GL0T)9QGDl#CasMp=2DejBVe>S!4)Z?_b1$HdOnjhSK`Q#6c>chyZq!pY z=eetyTqC>p!m-;)vDS6hxCo%KerNXhjJJfg!@6#FmRoDGV}1FVZb}NnV9yIebi&o? z8E`EaP(1LQyd$FM+wjG75yy-Jc_0SFoYZ_Ix~501Z9`S}*_5EzZw0BlB!)Y)cOENI zE#Xa|w~C}*U;m$h6k6JlT{*t<8ylM|Cy)~@)Z#*)*`rzuFJbrVx)+$07aZ1^H|`ty z`X1%KujPyK&7Idj5Baq}b~bj}8jniV7fY&3O{${h$ewDI&({;U(-XoE8dCOAd#4U= z_cBV?z0{^c{FK6YdAa`H9r(8M$9G{O^&_FP*RsSo{5e{BSWeG;gxJ21tox2n0YAFd*n_=@Yb^#4(zjPSC;szw3=1YtQt^HB|AjJ9Kea;?U`#thY%#@nybu>*cGv8L#En|8?8 ziSFN%d2mkYt?e20$xAA5z6p!-k=pCz&2AQk+teGg?w`v)L#&Aw4)c*omL4P6Ua0z- z_b~^4T77HSVBe`Wkv@{ke&cz&uZZj(UA3@>8zx-w?T_`$dtRInCDycmMR37k@SG^P zFc1aD0+LXbB(X>_q=?fC%zRveolMzIQJ=wgr?1U!G+z&Z-JEqfB-jdo&5=Lc!vsrm z!J=QOJW;C}Mu3wa4#^F0!Qp?bE*jK6Tu`-?BOVu9O;z8`lOZ)LcX~Rzy;3*1iAsZWeS5<_hFG`mi;v!rDBivVBB0NiLE#9?80@C)$CH+hgSTV&26?*D82?a*wSXAs zn_Rdxi#jZQY*7eV0KZxY+;ZL~%fFmGtEJF30CZPLu^9ea()>F_o@w4Pf1i0(PMaGU z80K^&$hQ2#`Dnv&BOcEL3%P`o8J8|QQkyM|1Pf%*H=gH$7WazC z_e~=)ld;BeHS@VJ)xE#hu$t3Z14qd>HLKB6$&aX-iUq#LZJiC4V>{r%S4S%k&9!X# zqHxmt1RW8RJw(;mPG3Pp4MId|6(YW6+@r$rBUagpb8&a$Qj)*K1YZNdubd`>5SakL z@ko&$?O}rTx!|LJN#!74zIWiyd_l-GF^^t0kp>vzO338jsjhAJfIo-&vO+8;Y^P9u;WYSr7>POY+c$EVR>5eg_ zjabp&&CwA&jo(x=u77Nhs8^Q@n#fPS+-Uc*C2ZCSg@?V+bg`(OGW<4%Q}b`F^HEVE4-wfa*RkTE#dkfURXcnW%=&{FAihlNpYtzD0oYX zx3@n*6;NJ6Ms67y^TqT0LsrBA(Ir-}99EW6T2uuONUc^yXlcph&mF5x(E>E}R++LG z0^l#4+uuR*`Xf%LVE2y}^E_hgEG!i?ru4i6f=x3t5L} zhQ<7fJT<%aoMhWPu8x2YZ*b5uE*82^df_wM(Fwefe)=Td*`z`~J9$Q#Ww|T*=v+=i zcXnH86-y>_*qS`A)xncH*lFmOwp##3+l-1tSyPO2hMM{?rBVw|Tk_LPd5whjhoBGh ir6ld+&DX Date: Tue, 21 Feb 2017 00:04:29 +0100 Subject: [PATCH 08/11] -Upgraded dependencies: authzforce-ce-core -> 7.1.0 authzforce-ce-core-pap-api -> 6.3.0 authzforce-ce-pap-dao-flat-file -> 8.0.0 --- CHANGELOG.md | 24 ++++++++++++++++++++++++ pom.xml | 6 +++--- 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2a8c782..f405b4e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,30 @@ All notable changes to this project are documented in this file following the [K Issues reported on [GitHub](https://github.com/authzforce/server/issues) are referenced in the form of `[GH-N]`, where N is the issue number. Issues reported on [OW2](https://jira.ow2.org/browse/AUTHZFORCE/) are mentioned in the form of `[OW2-N]`, where N is the issue number. +## Unreleased +### Changed +- Version of AuthzForce dependencies: + - Parent project (authzforce-ce-parent): 5.0.0 + - authzforce-ce-pap-dao-flat-file: 8.0.0 + - authzforce-ce-core-pap-api: 6.3.0 + - authzforce-ce-core: 7.1.0 + - authzforce-ce-core-pdp-api: 9.0.0 + -> API changes (non-backward compatible) for PDP extensions: DecisionCache, DecisionResultFilter + +- Versions of third-party dependencies: + - SLF4J: 1.7.22 + - Spring: 4.3.6 + - Guava: 21.0 + - CXF: 3.1.10 + - Logback-classic: 1.1.9 + +### Added +- Class [RESTfulPdpBasedAuthzInterceptor](webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptor): an example of PEP using PDP's REST API in the form of a CXF interceptor. More info on the test scenario in the associated test class [RESTfulPdpBasedAuthzInterceptorTest](webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptorTest). + +### Fixed +- [OW2-25] NullPointerException when parsing Apply expressions using invalid/unsupported Function ID. This is the final fix addressing higher-order functions. Initial fix in v7.0.0 only addressed first-order ones. + + ## 6.0.0 ### Added - [GH-8] JSON support on the REST API using [*mapped* convention](http://cxf.apache.org/docs/json-support.html) with configurable namespace-to-JSON-prefix mappings (new configuration file `xmlns-to-json-key-prefix-map.properties`) diff --git a/pom.xml b/pom.xml index bae4daf..b7629d4 100644 --- a/pom.xml +++ b/pom.xml @@ -15,10 +15,10 @@ https://github.com/authzforce/server https://github.com/authzforce/server - 7.0.1-SNAPSHOT - 6.2.1-SNAPSHOT + 7.1.0 + 6.3.0 - 7.0.1-SNAPSHOT + 8.0.0 scm:git:${git.url.base}.git From 51b236d4d50a84e17ed1800e68bcd65d8138738f Mon Sep 17 00:00:00 2001 From: cdanger Date: Tue, 21 Feb 2017 00:24:57 +0100 Subject: [PATCH 09/11] updating poms for 7.0.0 branch with snapshot versions --- dist/pom.xml | 2 +- pom.xml | 2 +- rest-service/pom.xml | 2 +- upgrader/pom.xml | 2 +- webapp/pom.xml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/dist/pom.xml b/dist/pom.xml index 3e28586..7ac3015 100644 --- a/dist/pom.xml +++ b/dist/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 6.0.1-SNAPSHOT + 7.0.0-SNAPSHOT .. authzforce-ce-server-dist diff --git a/pom.xml b/pom.xml index b7629d4..f2772c6 100644 --- a/pom.xml +++ b/pom.xml @@ -8,7 +8,7 @@ authzforce-ce-server - 6.0.1-SNAPSHOT + 7.0.0-SNAPSHOT pom ${project.groupId}:${project.artifactId} AuthZForce CE Server diff --git a/rest-service/pom.xml b/rest-service/pom.xml index 126a4c9..85e7c38 100644 --- a/rest-service/pom.xml +++ b/rest-service/pom.xml @@ -4,7 +4,7 @@ org.ow2.authzforce authzforce-ce-server - 6.0.1-SNAPSHOT + 7.0.0-SNAPSHOT .. authzforce-ce-server-rest-service diff --git a/upgrader/pom.xml b/upgrader/pom.xml index 30ad1d5..dbd96e8 100644 --- a/upgrader/pom.xml +++ b/upgrader/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 6.0.1-SNAPSHOT + 7.0.0-SNAPSHOT .. authzforce-ce-server-upgrader diff --git a/webapp/pom.xml b/webapp/pom.xml index b535c47..8eaa170 100644 --- a/webapp/pom.xml +++ b/webapp/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 6.0.1-SNAPSHOT + 7.0.0-SNAPSHOT .. authzforce-ce-server-webapp From c06949fe87d6ef9e6801dfc402662b3d0ac29837 Mon Sep 17 00:00:00 2001 From: cdanger Date: Tue, 21 Feb 2017 00:33:30 +0100 Subject: [PATCH 10/11] Set new version in changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f405b4e..08358a2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ All notable changes to this project are documented in this file following the [K Issues reported on [GitHub](https://github.com/authzforce/server/issues) are referenced in the form of `[GH-N]`, where N is the issue number. Issues reported on [OW2](https://jira.ow2.org/browse/AUTHZFORCE/) are mentioned in the form of `[OW2-N]`, where N is the issue number. -## Unreleased +## 7.0.0 ### Changed - Version of AuthzForce dependencies: - Parent project (authzforce-ce-parent): 5.0.0 From 3d3741fb8763080f8b5666e14abefce8fa5cc03b Mon Sep 17 00:00:00 2001 From: cdanger Date: Tue, 21 Feb 2017 00:33:43 +0100 Subject: [PATCH 11/11] updating poms for branch'release/7.0.0' with non-snapshot versions --- dist/pom.xml | 2 +- pom.xml | 2 +- rest-service/pom.xml | 2 +- upgrader/pom.xml | 2 +- webapp/pom.xml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/dist/pom.xml b/dist/pom.xml index 7ac3015..be6f358 100644 --- a/dist/pom.xml +++ b/dist/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 7.0.0-SNAPSHOT + 7.0.0 .. authzforce-ce-server-dist diff --git a/pom.xml b/pom.xml index f2772c6..8979e4b 100644 --- a/pom.xml +++ b/pom.xml @@ -8,7 +8,7 @@ authzforce-ce-server - 7.0.0-SNAPSHOT + 7.0.0 pom ${project.groupId}:${project.artifactId} AuthZForce CE Server diff --git a/rest-service/pom.xml b/rest-service/pom.xml index 85e7c38..609e47d 100644 --- a/rest-service/pom.xml +++ b/rest-service/pom.xml @@ -4,7 +4,7 @@ org.ow2.authzforce authzforce-ce-server - 7.0.0-SNAPSHOT + 7.0.0 .. authzforce-ce-server-rest-service diff --git a/upgrader/pom.xml b/upgrader/pom.xml index dbd96e8..d59c48c 100644 --- a/upgrader/pom.xml +++ b/upgrader/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 7.0.0-SNAPSHOT + 7.0.0 .. authzforce-ce-server-upgrader diff --git a/webapp/pom.xml b/webapp/pom.xml index 8eaa170..b00bc37 100644 --- a/webapp/pom.xml +++ b/webapp/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 7.0.0-SNAPSHOT + 7.0.0 .. authzforce-ce-server-webapp