/*
* Copyright (c) 2005-2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.security.config;
import org.apache.axiom.om.util.UUIDGenerator;
import org.apache.axis2.AxisFault;
import org.apache.axis2.description.*;
import org.apache.axis2.engine.AxisConfiguration;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.neethi.Policy;
import org.wso2.carbon.core.RegistryResources;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.registry.core.jdbc.utils.Transaction;
import org.wso2.carbon.security.SecurityServiceHolder;
import org.wso2.carbon.utils.ServerException;
import javax.xml.stream.XMLOutputFactory;
import javax.xml.stream.XMLStreamWriter;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
public class SecurityServiceAdmin {
private Registry registry = null;
protected AxisConfiguration axisConfig = null;
private static Log log = LogFactory.getLog(SecurityServiceAdmin.class);
public SecurityServiceAdmin(AxisConfiguration config) throws ServerException {
this.axisConfig = config;
try {
this.registry = SecurityServiceHolder.getRegistryService().getConfigSystemRegistry();
} catch (Exception e) {
String msg = "Error when retrieving the system config registry";
log.error(msg);
throw new ServerException(msg, e);
}
}
public SecurityServiceAdmin(AxisConfiguration config, Registry registry) {
this.axisConfig = config;
this.registry = registry;
}
/**
* This method add Policy to service at the Registry. Does not add the
* policy to Axis2. To all Bindings available
*
* @param axisService
* @param policy
* @param policyType
* @param requiredModules
* @throws Exception
*/
public void addSecurityPolicyToAllBindings(AxisService axisService, Policy policy)
throws ServerException {
try {
String policyString = policy.toString();
ByteArrayInputStream bais = new ByteArrayInputStream(policyString.getBytes());
if (policy.getId() == null) {
// Generate an ID
policy.setId(UUIDGenerator.getUUID());
}
String servicePath = RegistryResources.SERVICE_GROUPS
+ axisService.getAxisServiceGroup().getServiceGroupName()
+ RegistryResources.SERVICES + axisService.getName();
String policiesPath = servicePath + RegistryResources.POLICIES;
String policyResourcePath = servicePath + RegistryResources.POLICIES + policy.getId();
if (!registry.resourceExists(policyResourcePath)) {
Resource policyResource = registry.newResource();
policyResource.setProperty(RegistryResources.ServiceProperties.POLICY_UUID, policy
.getId());
// do a performance improvement
ByteArrayOutputStream baos = new ByteArrayOutputStream();
XMLStreamWriter writer = XMLOutputFactory.newInstance().createXMLStreamWriter(baos);
policy.serialize(writer);
writer.flush();
policyResource.setContent((String) baos.toString());
policyResource.setProperty(RegistryResources.ServiceProperties.POLICY_TYPE, ""
+ PolicyInclude.BINDING_POLICY);
registry.put(policyResourcePath, policyResource);
}
Map endPointMap = axisService.getEndpoints();
List<String> lst = new ArrayList<String>();
for (Object o : endPointMap.entrySet()) {
Map.Entry entry = (Map.Entry) o;
AxisEndpoint point = (AxisEndpoint) entry.getValue();
AxisBinding binding = point.getBinding();
binding.getPolicySubject().attachPolicy(policy);
String bindingName = binding.getName().getLocalPart();
if (lst.contains(bindingName)) {
continue;
} else {
lst.add(bindingName);
}
// Add the new policy to the registry
}
boolean transactionStarted = Transaction.isStarted();
if (!transactionStarted) {
registry.beginTransaction();
}
Iterator<String> ite = lst.iterator();
while (ite.hasNext()) {
String bindingName = ite.next();
String bindingResourcePath = servicePath
+ RegistryResources.ServiceProperties.BINDINGS + bindingName;
Resource bindingResource = null;
if(registry.resourceExists(bindingResourcePath)){
bindingResource = registry.get(bindingResourcePath);
}else{
bindingResource = registry.newResource();
}
bindingResource.addProperty(RegistryResources.ServiceProperties.POLICY_UUID,
policy.getId());
registry.put(bindingResourcePath, bindingResource);
}
if (!transactionStarted) {
registry.commitTransaction();
}
// at axis2
} catch (Exception e) {
log.error(e);
try {
registry.rollbackTransaction();
} catch (Exception ex) {
throw new ServerException("Unable to rollback transaction");
}
throw new ServerException("addPoliciesToService");
}
}
public void removeSecurityPolicyFromAllBindings(AxisService axisService, String uuid)
throws ServerException {
try {
String servicePath = RegistryResources.SERVICE_GROUPS
+ axisService.getAxisServiceGroup().getServiceGroupName()
+ RegistryResources.SERVICES + axisService.getName();
String policiesPath = servicePath + RegistryResources.POLICIES;
// The following logic has been moved to SecurityConfigAdmin
// Please verify and remove the following commented out block permanently
/*String policyResourcePath = servicePath + RegistryResources.POLICIES + uuid;
if (registry.resourceExists(policyResourcePath)) {
registry.delete(policyResourcePath);
}*/
Map endPointMap = axisService.getEndpoints();
List<String> lst = new ArrayList<String>();
for (Object o : endPointMap.entrySet()) {
Map.Entry entry = (Map.Entry) o;
AxisEndpoint point = (AxisEndpoint) entry.getValue();
AxisBinding binding = point.getBinding();
binding.getPolicySubject().detachPolicyComponent(uuid);
String bindingName = binding.getName().getLocalPart();
if (lst.contains(bindingName)) {
continue;
} else {
lst.add(bindingName);
}
// Add the new policy to the registry
}
boolean transactionStarted = Transaction.isStarted();
if (!transactionStarted) {
registry.beginTransaction();
}
Iterator<String> ite = lst.iterator();
while (ite.hasNext()) {
String bindingName = ite.next();
String bindingResourcePath = servicePath
+ RegistryResources.ServiceProperties.BINDINGS + bindingName;
Resource bindingResource = registry.get(bindingResourcePath);
List uuids = bindingResource.getPropertyValues(RegistryResources.ServiceProperties.POLICY_UUID);
uuids.remove(uuid);
bindingResource.setProperty(RegistryResources.ServiceProperties.POLICY_UUID, uuids);
registry.put(bindingResourcePath, bindingResource);
}
if (!transactionStarted) {
registry.commitTransaction();
}
// at axis2
} catch (Exception e) {
log.error(e);
try {
registry.rollbackTransaction();
} catch (Exception ex) {
throw new ServerException("Unable to rollback transaction");
}
throw new ServerException("addPoliciesToService");
}
}
public void setServiceParameterElement(String serviceName, Parameter parameter)
throws AxisFault {
AxisService axisService = axisConfig.getService(serviceName);
if (axisService == null) {
throw new AxisFault("Invalid service name '" + serviceName + "'");
}
Parameter p = axisService.getParameter(parameter.getName());
if (p != null) {
if (!p.isLocked()) {
axisService.addParameter(parameter);
}
} else {
axisService.addParameter(parameter);
}
}
}