-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adding initial version of the sample
- Loading branch information
0 parents
commit 9722754
Showing
22 changed files
with
703 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
HELP.md | ||
/target/ | ||
!.mvn/wrapper/maven-wrapper.jar | ||
|
||
### STS ### | ||
.apt_generated | ||
.classpath | ||
.factorypath | ||
.project | ||
.settings | ||
.springBeans | ||
.sts4-cache | ||
|
||
### IntelliJ IDEA ### | ||
.idea | ||
*.iws | ||
*.iml | ||
*.ipr | ||
|
||
### NetBeans ### | ||
/nbproject/private/ | ||
/nbbuild/ | ||
/dist/ | ||
/nbdist/ | ||
/.nb-gradle/ | ||
/build/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<project xmlns="http:https://maven.apache.org/POM/4.0.0" xmlns:xsi="http:https://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="http:https://maven.apache.org/POM/4.0.0 http:https://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
<modelVersion>4.0.0</modelVersion> | ||
<parent> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-starter-parent</artifactId> | ||
<version>2.1.3.RELEASE</version> | ||
<relativePath/> <!-- lookup parent from repository --> | ||
</parent> | ||
<groupId>com.rnavagamuwa</groupId> | ||
<artifactId>spring-security-abac</artifactId> | ||
<version>0.0.1-SNAPSHOT</version> | ||
<name>spring-security-abac</name> | ||
<description>Demo project for Spring Boot</description> | ||
|
||
<properties> | ||
<java.version>1.8</java.version> | ||
</properties> | ||
|
||
<dependencies> | ||
<dependency> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-starter-actuator</artifactId> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-starter-security</artifactId> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-starter-web</artifactId> | ||
</dependency> | ||
|
||
<dependency> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-starter-thymeleaf</artifactId> | ||
</dependency> | ||
|
||
<dependency> | ||
<groupId>commons-io</groupId> | ||
<artifactId>commons-io</artifactId> | ||
<version>2.6</version> | ||
</dependency> | ||
|
||
<!-- https://mvnrepository.com/artifact/org.json/json --> | ||
<dependency> | ||
<groupId>org.json</groupId> | ||
<artifactId>json</artifactId> | ||
<version>20180813</version> | ||
</dependency> | ||
|
||
<!-- https://mvnrepository.com/artifact/org.apache.velocity/velocity --> | ||
<dependency> | ||
<groupId>org.apache.velocity</groupId> | ||
<artifactId>velocity</artifactId> | ||
<version>1.7</version> | ||
</dependency> | ||
|
||
<!-- https://mvnrepository.com/artifact/org.ehcache/ehcache --> | ||
<dependency> | ||
<groupId>org.ehcache</groupId> | ||
<artifactId>ehcache</artifactId> | ||
<version>3.7.0</version> | ||
</dependency> | ||
|
||
<dependency> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-starter-test</artifactId> | ||
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.springframework.security</groupId> | ||
<artifactId>spring-security-test</artifactId> | ||
<scope>test</scope> | ||
</dependency> | ||
</dependencies> | ||
|
||
<build> | ||
<plugins> | ||
<plugin> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-maven-plugin</artifactId> | ||
</plugin> | ||
</plugins> | ||
</build> | ||
|
||
</project> |
31 changes: 31 additions & 0 deletions
31
src/main/java/com/rnavagamuwa/springsecurity/SpringSecurityApplication.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
package com.rnavagamuwa.springsecurity; | ||
|
||
import org.springframework.boot.SpringApplication; | ||
import org.springframework.boot.autoconfigure.SpringBootApplication; | ||
import org.springframework.context.annotation.Bean; | ||
import org.springframework.context.support.PropertySourcesPlaceholderConfigurer; | ||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; | ||
|
||
/** | ||
* @author Randika Navagamuwa | ||
*/ | ||
@SpringBootApplication | ||
public class SpringSecurityApplication { | ||
|
||
@Bean | ||
public BCryptPasswordEncoder passwordEncoder() { | ||
|
||
return new BCryptPasswordEncoder(); | ||
} | ||
|
||
@Bean | ||
public static PropertySourcesPlaceholderConfigurer propertySourcesPlaceholderConfigurer() { | ||
return new PropertySourcesPlaceholderConfigurer(); | ||
} | ||
|
||
public static void main(String[] args) { | ||
|
||
SpringApplication.run(SpringSecurityApplication.class, args); | ||
} | ||
|
||
} |
35 changes: 35 additions & 0 deletions
35
src/main/java/com/rnavagamuwa/springsecurity/abac/AttributeEvaluator.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
package com.rnavagamuwa.springsecurity.abac; | ||
|
||
import org.springframework.security.access.PermissionEvaluator; | ||
import org.springframework.security.core.Authentication; | ||
|
||
import java.io.Serializable; | ||
|
||
/** | ||
* @author Randika Navagamuwa | ||
*/ | ||
public class AttributeEvaluator implements PermissionEvaluator { | ||
|
||
private AuthRequestBuilder authRequestBuilder; | ||
private AttributeHandler attributeHandler; | ||
|
||
public AttributeEvaluator() { | ||
|
||
this.authRequestBuilder = new XacmlAuthRequestBuilder(); | ||
this.attributeHandler = new XacmlAttributeHandler(); | ||
} | ||
|
||
@Override | ||
public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) { | ||
|
||
return this.attributeHandler.authorize(this.authRequestBuilder. | ||
createAuthRequest(targetDomainObject.toString(), permission.toString())); | ||
} | ||
|
||
@Override | ||
public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) { | ||
|
||
return true; | ||
} | ||
|
||
} |
10 changes: 10 additions & 0 deletions
10
src/main/java/com/rnavagamuwa/springsecurity/abac/AttributeHandler.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
package com.rnavagamuwa.springsecurity.abac; | ||
|
||
/** | ||
* @author Randika Navagamuwa | ||
*/ | ||
public interface AttributeHandler { | ||
|
||
boolean authorize(String policyRequest); | ||
|
||
} |
9 changes: 9 additions & 0 deletions
9
src/main/java/com/rnavagamuwa/springsecurity/abac/AuthRequestBuilder.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
package com.rnavagamuwa.springsecurity.abac; | ||
|
||
/** | ||
* @author Randika Navagamuwa | ||
*/ | ||
public interface AuthRequestBuilder { | ||
|
||
String createAuthRequest(String policyName, String jsonKeyValuePairs); | ||
} |
67 changes: 67 additions & 0 deletions
67
src/main/java/com/rnavagamuwa/springsecurity/abac/XacmlAttributeHandler.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
package com.rnavagamuwa.springsecurity.abac; | ||
|
||
import com.rnavagamuwa.springsecurity.abac.cache.CacheManager; | ||
import com.rnavagamuwa.springsecurity.abac.cache.EhCacheManager; | ||
import org.json.JSONArray; | ||
import org.json.JSONObject; | ||
import org.springframework.http.HttpEntity; | ||
import org.springframework.http.HttpHeaders; | ||
import org.springframework.http.MediaType; | ||
import org.springframework.http.ResponseEntity; | ||
import org.springframework.web.client.RestTemplate; | ||
|
||
import java.util.Collections; | ||
|
||
/** | ||
* @author Randika Navagamuwa | ||
*/ | ||
@SuppressWarnings("WeakerAccess") | ||
public class XacmlAttributeHandler implements AttributeHandler { | ||
|
||
private static String XACML_PDP_URL = "https://localhost:9443/api/identity/entitlement/decision/pdp"; | ||
private CacheManager cacheManager; | ||
|
||
public XacmlAttributeHandler() { | ||
|
||
this.cacheManager = new EhCacheManager(); | ||
} | ||
|
||
@Override | ||
public boolean authorize(String authRequest) { | ||
|
||
String cachedResponse = this.cacheManager.get(authRequest); | ||
|
||
if (cachedResponse == null) { | ||
RestTemplate restTemplate = new RestTemplate(); | ||
|
||
HttpHeaders headers = new HttpHeaders(); | ||
headers.setContentType(MediaType.APPLICATION_JSON); | ||
headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON)); | ||
headers.setBasicAuth("admin", "admin"); | ||
|
||
HttpEntity<String> entity = new HttpEntity<>(authRequest, headers); | ||
|
||
ResponseEntity response = restTemplate.postForEntity(XACML_PDP_URL, entity, String.class); | ||
if (response.getBody() == null) { | ||
return false; | ||
} | ||
cachedResponse = response.getBody().toString(); | ||
this.cacheManager.putIfAbsent(authRequest, cachedResponse); | ||
} | ||
|
||
JSONObject responseObj = new JSONObject(cachedResponse); | ||
JSONArray responseDataArr = responseObj.getJSONArray("Response"); | ||
|
||
if (responseDataArr.isEmpty()) { | ||
return false; | ||
} | ||
|
||
for (Object Response : responseDataArr) { | ||
JSONObject currentResponse = (JSONObject) Response; | ||
if (!currentResponse.getString("Decision").equals("Permit")) { | ||
return false; | ||
} | ||
} | ||
return true; | ||
} | ||
} |
84 changes: 84 additions & 0 deletions
84
src/main/java/com/rnavagamuwa/springsecurity/abac/XacmlAuthRequestBuilder.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
package com.rnavagamuwa.springsecurity.abac; | ||
|
||
import com.rnavagamuwa.springsecurity.abac.exception.AttributeEvaluatorException; | ||
import org.apache.commons.io.FileUtils; | ||
import org.apache.velocity.Template; | ||
import org.apache.velocity.VelocityContext; | ||
import org.apache.velocity.app.VelocityEngine; | ||
import org.apache.velocity.runtime.RuntimeConstants; | ||
import org.json.JSONObject; | ||
import org.springframework.util.ResourceUtils; | ||
import org.springframework.web.context.request.RequestContextHolder; | ||
import org.springframework.web.context.request.ServletRequestAttributes; | ||
|
||
import java.io.IOException; | ||
import java.io.StringWriter; | ||
import java.nio.charset.StandardCharsets; | ||
import java.util.Iterator; | ||
import javax.servlet.http.HttpServletRequest; | ||
|
||
/** | ||
* @author Randika Navagamuwa | ||
*/ | ||
public class XacmlAuthRequestBuilder implements AuthRequestBuilder { | ||
|
||
private static String ATTRIBUTE_CONFIG_FILE_NAME = "xacmlConfig.json"; | ||
|
||
@Override | ||
public String createAuthRequest(String policyName, String jsonKeyValuePairs) { | ||
|
||
VelocityContext vc = generateVelocityData(jsonKeyValuePairs); | ||
|
||
String xacmlRequest; | ||
try { | ||
xacmlRequest = FileUtils.readFileToString(ResourceUtils.getFile("classpath:" + ATTRIBUTE_CONFIG_FILE_NAME), | ||
StandardCharsets.UTF_8); | ||
|
||
VelocityEngine velocityEngine = new VelocityEngine(); | ||
velocityEngine.setProperty(RuntimeConstants.FILE_RESOURCE_LOADER_PATH, | ||
ResourceUtils.getFile("classpath:" + ATTRIBUTE_CONFIG_FILE_NAME).getParent()); | ||
Template template = velocityEngine.getTemplate(ATTRIBUTE_CONFIG_FILE_NAME); | ||
velocityEngine.init(); | ||
|
||
StringWriter writer = new StringWriter(); | ||
template.merge(vc, writer); | ||
|
||
xacmlRequest = new JSONObject(writer.toString()).get(policyName).toString(); | ||
|
||
} catch (IOException e) { | ||
|
||
throw new AttributeEvaluatorException("Failed to build the XACML Json request for policy with name : " + | ||
policyName, e); | ||
} | ||
|
||
if (xacmlRequest == null || xacmlRequest.isEmpty()) { | ||
|
||
throw new AttributeEvaluatorException("Generated XACML request is empty or NULL for policy with name : " + | ||
policyName); | ||
} | ||
|
||
return xacmlRequest; | ||
} | ||
|
||
private VelocityContext generateVelocityData(String jsonKeyValuePairs) { | ||
|
||
JSONObject jsonObject = new JSONObject(jsonKeyValuePairs.trim()); | ||
|
||
Iterator<String> keys = jsonObject.keys(); | ||
|
||
ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) | ||
RequestContextHolder.currentRequestAttributes(); | ||
HttpServletRequest httpServletRequest = servletRequestAttributes.getRequest(); | ||
|
||
VelocityContext velocityContext = new VelocityContext(); | ||
|
||
while (keys.hasNext()) { | ||
String key = keys.next(); | ||
String value = jsonObject.get(key).toString(); | ||
velocityContext.put(key, httpServletRequest.getHeader(value)); | ||
} | ||
|
||
return velocityContext; | ||
} | ||
|
||
} |
11 changes: 11 additions & 0 deletions
11
src/main/java/com/rnavagamuwa/springsecurity/abac/cache/CacheManager.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
package com.rnavagamuwa.springsecurity.abac.cache; | ||
|
||
/** | ||
* @author Randika Navagamuwa | ||
*/ | ||
public interface CacheManager { | ||
|
||
String get(String cahceKey); | ||
|
||
String putIfAbsent(String key, String value); | ||
} |
Oops, something went wrong.