Example #1
0
  private void loadGroups() throws PAPException {
    //
    // Create a properties object
    //
    Properties properties = new Properties();
    Path file = Paths.get(this.repository.toString(), XACMLProperties.XACML_PROPERTIES_NAME);
    try {
      //
      // Load the properties
      //
      try (InputStream is = new FileInputStream(file.toFile())) {
        properties.load(is);
      }

      //
      // Parse it
      //
      this.groups = this.readProperties(this.repository, properties);
    } catch (IOException e) {
      logger.error("Failed to load " + file.toAbsolutePath().toString());
      this.groups = new HashSet<StdPDPGroup>();
    }
    //
    // Initialize the default group
    //
    PDPGroup defaultGroup = this.initializeDefaultGroup(file, properties);
    logger.info("Default group is: " + defaultGroup.getId() + "=" + defaultGroup.getName());
  }
Example #2
0
 @Override
 public PDPGroup getPDPGroup(PDP pdp) throws PAPException {
   for (PDPGroup group : this.groups) {
     if (group.getPdps().contains(pdp)) {
       return group;
     }
   }
   return null;
 }
Example #3
0
 @Override
 public PDPGroup getGroup(String id) throws PAPException {
   for (PDPGroup g : this.groups) {
     if (g.getId().equals(id)) {
       return g;
     }
   }
   return null;
 }
Example #4
0
 @Override
 public PDP getPDP(String pdpId) throws PAPException {
   for (PDPGroup group : this.groups) {
     for (PDP pdp : group.getPdps()) {
       if (pdp.getId().equals(pdpId)) {
         return pdp;
       }
     }
   }
   return null;
 }
Example #5
0
 @Override
 public PDPGroup getDefaultGroup() throws PAPException {
   for (PDPGroup group : this.groups) {
     if (group.isDefaultGroup()) {
       return group;
     }
   }
   //
   // Default group doesn't exist
   //
   return null;
 }
Example #6
0
 @Override
 public void newPDP(String id, PDPGroup group, String name, String description)
     throws PAPException, NullPointerException {
   if (group == null) {
     throw new PAPException("You must specify which group the PDP will belong to.");
   }
   if (!this.groups.contains(group)) {
     throw new PAPException("Unknown group, not in our list.");
   }
   for (PDP p : group.getPdps()) {
     if (p.getId().equals(id)) {
       throw new PAPException("A PDP with this ID exists.");
     }
   }
   if (group instanceof StdPDPGroup) {
     StdPDP pdp = new StdPDP(id, name, description);
     if (((StdPDPGroup) group).addPDP(pdp)) {
       //
       // Save the properties and notify any listeners
       //
       pdpChanged(pdp);
       return;
     }
   }
 }
Example #7
0
 @Override
 public void removePDP(PDP pdp) throws PAPException {
   PDPGroup group = this.getPDPGroup(pdp);
   if (group == null) {
     throw new NullPointerException();
   }
   if (group instanceof StdPDPGroup) {
     boolean result = ((StdPDPGroup) group).removePDP(pdp);
     if (result) {
       this.doSave();
     }
     return;
   }
   String message = "Unknown PDP group class: " + group.getClass().getCanonicalName();
   logger.warn(message);
   throw new PAPException(message);
 }
Example #8
0
  @Override
  public void SetDefaultGroup(PDPGroup group) throws PAPException {

    boolean changesMade = false;
    for (PDPGroup aGroup : groups) {
      if (aGroup.getId().equals(group.getId())) {
        if (!aGroup.isDefaultGroup()) {
          // TODO - since the original code checked for type we do also.
          if (aGroup instanceof StdPDPGroup) {
            ((StdPDPGroup) aGroup).setDefault(true);
            changesMade = true;
          } else {
            throw new IllegalArgumentException(
                "Group in groups of unknown type '" + aGroup.getClass().getName() + "'");
          }
        }
      } else {
        // not the new default group
        if (aGroup.isDefaultGroup()) {
          // TODO - since the original code checked for type we do also.
          if (aGroup instanceof StdPDPGroup) {
            ((StdPDPGroup) aGroup).setDefault(false);
            changesMade = true;
          } else {
            throw new IllegalArgumentException(
                "Group in groups of unknown type '" + aGroup.getClass().getName() + "'");
          }
        }
      }
    }
    if (changesMade) {
      this.doSave();
    }
  }
Example #9
0
 @Override
 public void removePolicy(PDPPolicy policy, PDPGroup group) throws PAPException {
   if (group == null) {
     throw new NullPointerException();
   }
   if (group instanceof StdPDPGroup && this.groups.contains(group)) {
     ((StdPDPGroup) group).removePolicy(policy);
     return;
   }
   logger.warn("unknown PDP Group: " + group);
   throw new PAPException("Unknown PDP Group: " + group.getId());
 }
Example #10
0
 @Override
 public void movePDP(PDP pdp, PDPGroup newGroup) throws PAPException {
   if (newGroup == null) {
     throw new NullPointerException("You must specify which group the PDP will belong to.");
   }
   PDPGroup currentGroup = this.getPDPGroup(pdp);
   if (currentGroup == null) {
     throw new PAPException("PDP must already belong to a group.");
   }
   if (currentGroup.equals(newGroup)) {
     logger.warn("Already in that group.");
     return;
   }
   if (currentGroup instanceof StdPDPGroup && newGroup instanceof StdPDPGroup) {
     if (((StdPDPGroup) currentGroup).removePDP(pdp)) {
       boolean result = ((StdPDPGroup) newGroup).addPDP(pdp);
       if (result) {
         //
         // Save the configuration
         //
         this.doSave();
       } else {
         logger.error("Failed to add to new group, putting back into original group.");
         if (!((StdPDPGroup) currentGroup).removePDP(pdp)) {
           logger.error("Failed to put PDP back into original group.");
         }
       }
     }
   } else {
     String message =
         "Unknown PDP group class: "
             + newGroup.getClass().getCanonicalName()
             + " and "
             + currentGroup.getClass().getCanonicalName();
     logger.warn(message);
     throw new PAPException(message);
   }
 }
Example #11
0
 @Override
 public void publishPolicy(
     String id, String name, boolean isRoot, InputStream policy, PDPGroup group)
     throws PAPException {
   if (group == null) {
     throw new NullPointerException();
   }
   if (group instanceof StdPDPGroup && this.groups.contains(group)) {
     ((StdPDPGroup) group).publishPolicy(id, name, isRoot, policy);
     return;
   }
   logger.warn("unknown PDP Group: " + group);
   throw new PAPException("Unknown PDP Group: " + group.getId());
 }
Example #12
0
  public static void setGroupProperties(PDPGroup group, Properties properties) {
    //
    // make sure its in the list of groups
    //
    Iterable<String> groups =
        Splitter.on(',')
            .trimResults()
            .omitEmptyStrings()
            .split(properties.getProperty(PROP_PAP_GROUPS, ""));
    boolean inList = false;
    for (String g : groups) {
      if (g.equals(group.getId())) {
        inList = true;
      }
    }
    if (!inList) {
      Set<String> grps = Sets.newHashSet(groups);
      grps.add(group.getId());
      String newGroupList = "";

      if (grps.size() == 1) {
        newGroupList = grps.iterator().next();
      } else if (grps.size() > 1) {
        newGroupList = Joiner.on(',').skipNulls().join(grps);
      }
      logger.info("New Group List: " + newGroupList);
      properties.setProperty(PROP_PAP_GROUPS, newGroupList);
    }
    //
    // Set its properties
    //
    properties.setProperty(group.getId() + ".name", group.getName());
    properties.setProperty(group.getId() + ".description", group.getDescription());
    //
    // Set its PDP list
    //
    if (group.getPdps().size() > 0) {
      String pdpList = "";
      if (group.getPdps().size() == 1) {
        pdpList = group.getPdps().iterator().next().getId();
      } else if (group.getPdps().size() > 1) {
        Set<String> ids = new HashSet<String>();
        for (PDP pdp : group.getPdps()) {
          ids.add(pdp.getId());
        }
        pdpList = Joiner.on(',').skipNulls().join(ids);
      }
      properties.setProperty(group.getId() + ".pdps", pdpList);
    } else {
      properties.setProperty(group.getId() + ".pdps", "");
    }
  }
Example #13
0
  private void saveConfiguration() throws PAPException, IOException {
    //
    // Create our properties object
    //
    Properties properties =
        new Properties() {
          private static final long serialVersionUID = 1L;

          // For Debugging it is helpful for the file to be in a sorted order,
          // any by returning the keys in the natural Alpha order for strings we get close enough.
          // TreeSet is sorted, and this just overrides the normal Properties method to get the
          // keys.
          @Override
          public synchronized Enumeration<Object> keys() {
            return Collections.enumeration(new TreeSet<Object>(super.keySet()));
          }
        };
    //
    // Iterate our groups
    //
    List<String> ids = new ArrayList<String>();
    for (PDPGroup group : this.groups) {
      ids.add(group.getId());
      properties.setProperty(
          group.getId() + ".name", (group.getName() == null ? "" : group.getName()));
      properties.setProperty(
          group.getId() + ".description",
          (group.getDescription() == null ? "" : group.getDescription()));
      //
      // Iterate its PDPs
      //
      List<String> pdps = new ArrayList<String>();
      for (PDP pdp : group.getPdps()) {
        pdps.add(pdp.getId());
        properties.setProperty(pdp.getId() + ".name", (pdp.getName() == null ? "" : pdp.getName()));
        properties.setProperty(
            pdp.getId() + ".description",
            (pdp.getDescription() == null ? "" : pdp.getDescription()));
      }
      String pdpList = "";
      if (pdps.size() == 1) {
        pdpList = pdps.get(0);
      } else if (pdps.size() > 1) {
        pdpList = Joiner.on(',').skipNulls().join(pdps);
      }
      if (logger.isDebugEnabled()) {
        logger.debug("Group " + group.getId() + " PDPS: " + pdpList);
      }
      properties.setProperty(group.getId() + ".pdps", pdpList);
    }
    if (ids.isEmpty()) {
      throw new PAPException("Inconsistency - we have NO groups. We should have at least one.");
    }
    String groupList = "";
    if (ids.size() == 1) {
      groupList = ids.get(0);
    } else if (ids.size() > 1) {
      groupList = Joiner.on(',').skipNulls().join(ids);
    }
    logger.info("New Group List: " + groupList);

    properties.setProperty(PROP_PAP_GROUPS, groupList);
    //
    // Get the default group
    //
    PDPGroup defaultGroup = this.getDefaultGroup();
    if (defaultGroup == null) {
      throw new PAPException("Invalid state - no default group.");
    }
    properties.setProperty(PROP_PAP_GROUPS_DEFAULT, defaultGroup.getId());
    //
    // Now we can save the file
    //
    Path file = Paths.get(this.repository.toString(), "xacml.properties");
    try (OutputStream os = Files.newOutputStream(file)) {
      properties.store(os, "");
    }
  }
Example #14
0
  @Override
  public void removeGroup(PDPGroup group, PDPGroup newGroup)
      throws PAPException, NullPointerException {
    if (group == null) {
      throw new NullPointerException();
    }
    //
    // Does this group exist?
    //
    if (!this.groups.contains(group)) {
      logger.error("This group doesn't exist.");
      throw new PAPException("The group '" + group.getId() + "' does not exist");
    }
    //
    // Is it the default group?
    //
    if (group.isDefaultGroup()) {
      throw new PAPException("You cannot delete the default group.");
    }
    Set<PDP> pdps = group.getPdps();
    //
    // Are there PDPs? If so, then we need a target group
    //
    if (!pdps.isEmpty() && newGroup == null) {
      throw new NullPointerException(
          "Group targeted for deletion has PDPs, you must provide a new group for them.");
    }
    //
    // Move the PDPs
    //
    if (!pdps.isEmpty()) {
      if (!(newGroup instanceof StdPDPGroup)) {
        throw new PAPException(
            "Unexpected class for newGroup: " + newGroup.getClass().getCanonicalName());
      }
      // The movePDP function will modify the set of PDPs in the group.
      // To avoid concurrent modification exceptions we need to duplicate the list before calling
      // that
      // function.
      List<PDP> pdpList = new ArrayList<PDP>();
      for (PDP pdp : pdps) {
        pdpList.add(pdp);
      }
      // now we can use the PDPs from the list without having ConcurrentAccessExceptions
      for (PDP pdp : pdpList) {
        this.movePDP(pdp, newGroup);
      }
    }
    //
    // remove the directory for the group
    //
    String id = group.getId();
    Path groupPath = Paths.get(this.repository.toString(), id);
    //
    // If it exists already
    //
    if (!Files.exists(groupPath)) {
      logger.warn("removeGroup " + id + " directory does not exist" + groupPath.toString());
    } else {
      try {
        Files.walkFileTree(
            groupPath,
            new SimpleFileVisitor<Path>() {

              @Override
              public FileVisitResult visitFile(Path file, BasicFileAttributes attrs)
                  throws IOException {
                Files.delete(file);
                return super.visitFile(file, attrs);
              }
            });
        //
        // delete the directory
        //
        Files.delete(groupPath);
      } catch (IOException e) {
        logger.error("Failed to delete " + groupPath + ": " + e);
        throw new PAPException("Failed to delete " + id);
      }
    }

    // remove the group from the set of all groups
    groups.remove(group);

    //
    // Save changes
    //
    changed();
    this.doSave();
  }
Example #15
0
  @Override
  public void updateGroup(PDPGroup group) throws PAPException {
    if (group == null || group.getId() == null) {
      throw new PAPException("Group or id is null");
    }
    if (group.getName() == null || group.getName().trim().length() == 0) {
      throw new PAPException("New name for group cannot be null or blank");
    }
    StdPDPGroup existingGroup = (StdPDPGroup) getGroup(group.getId());
    if (existingGroup == null) {
      throw new PAPException("Update found no existing group with id '" + group.getId() + "'");
    }

    // We do dramatically different things when the Name changes
    // because the Name is essentially the identity of the group (as the User knows it) so when the
    // Identity changes we have to change the group ID.
    if (group.getName().equals(existingGroup.getName())) {

      // update the disk
      try {
        ((StdPDPGroup) group).saveGroupConfiguration();
      } catch (IOException e) {
        throw new PAPException(
            "Unable to save new configuration for '" + group.getName() + "': " + e.getMessage());
      }
      // update the group in the set by simply replacing the old instance with the new one
      this.groups.remove(existingGroup);
      this.groups.add((StdPDPGroup) group);

    } else {
      // the name/identity of the group has changed
      // generate the new id
      String newId = createNewPDPGroupId(group.getName());

      // make sure no other group uses the new id
      for (PDPGroup g : groups) {
        if (g.getId().equals(newId)) {
          throw new PAPException(
              "Replacement name maps to ID '" + newId + "' which is already in use");
        }
      }
      ((StdPDPGroup) group).setId(newId);

      // rename the existing directory to the new id
      Path oldPath = existingGroup.getDirectory();
      Path newPath = Paths.get(oldPath.getParent().toString(), newId);
      ((StdPDPGroup) group).setDirectory(newPath);

      try {
        boolean success = oldPath.toFile().renameTo(newPath.toFile());
        if (!success) {
          throw new PAPException("Unable to rename directory; reason unknown");
        }
      } catch (Exception e) {
        logger.error("Move '" + oldPath + "' to '" + newPath + "': " + e.getMessage(), e);
        throw new PAPException(
            "Unable to move directory from '"
                + oldPath
                + "' to '"
                + newPath
                + "': "
                + e.getMessage());
      }
      // update the disk
      try {
        ((StdPDPGroup) group).saveGroupConfiguration();
      } catch (IOException e) {
        throw new PAPException(
            "Unable to save new configuration for '" + group.getName() + "': " + e.getMessage());
      }

      // save the new group into the Set
      groups.remove(existingGroup);
      groups.add((StdPDPGroup) group);
    }

    // perhaps only the group changed, but if the name/id changed it may look to a listener like
    // more than
    // one group
    changed();
  }
Example #16
0
  @Override
  public void newGroup(String name, String description) throws PAPException, NullPointerException {
    //
    // Null check
    //
    if (name == null) {
      throw new NullPointerException();
    }
    //
    // Do we already have this group?
    //
    for (PDPGroup group : this.groups) {
      if (group.getName().equals(name)) {
        throw new PAPException("Group with this name=" + name + " already exists.");
      }
    }

    // create an Id that can be used as a file name and a properties file key.
    // Ids must not contain \/:*?"<>|=,;
    // The ID must also be unique within the current set of PDPGroups.
    String id = createNewPDPGroupId(name);

    //
    // Construct the directory path
    //
    Path groupPath = Paths.get(this.repository.toString(), id);
    //
    // If it exists already
    //
    if (Files.exists(groupPath)) {
      logger.warn("addGroup " + id + " directory exists" + groupPath.toString());
    } else {
      try {
        //
        // Create the directory
        //
        Files.createDirectory(groupPath);
      } catch (IOException e) {
        logger.error("Failed to create " + groupPath);
        throw new PAPException("Failed to create " + id);
      }
    }
    //
    // Create the Policies
    //

    Path policyProperties = Paths.get(groupPath.toString(), "xacml.policy.properties");
    if (Files.exists(policyProperties)) {
      logger.warn("addGroup " + id + " file exists: " + policyProperties.toString());
    } else {
      Properties props = new Properties();
      props.setProperty(XACMLProperties.PROP_REFERENCEDPOLICIES, "");
      props.setProperty(XACMLProperties.PROP_ROOTPOLICIES, "");
      try {
        Files.createFile(policyProperties);
        try (OutputStream os = Files.newOutputStream(policyProperties)) {
          props.store(os, "");
        }
      } catch (IOException e) {
        logger.error("Failed to create " + policyProperties);
        throw new PAPException("Failed to create " + id);
      }
    }
    //
    // Create the PIP config
    //
    Path pipProperties = Paths.get(groupPath.toString(), "xacml.pip.properties");
    if (Files.exists(pipProperties)) {
      logger.warn("addGroup " + id + " file exists: " + pipProperties.toString());
    } else {
      try {
        Properties props = new Properties();
        props.setProperty(XACMLProperties.PROP_PIP_ENGINES, "");
        Files.createFile(pipProperties);
        try (OutputStream os = Files.newOutputStream(pipProperties)) {
          props.store(os, "");
        }
      } catch (IOException e) {
        logger.error("Failed to create " + pipProperties);
        throw new PAPException("Failed to create " + id);
      }
    }
    //
    // Ok now add it
    //
    StdPDPGroup newGroup = new StdPDPGroup(id, name, description, groupPath);
    if (this.groups.add(newGroup)) {
      // save the new group in our properties and notify any listeners of the change
      groupChanged(newGroup);
    }
  }