Coverage Report - org.openpermis.examples.simple.AuthorizedHelloWorldService
 
Classes in this File Line Coverage Branch Coverage Complexity
AuthorizedHelloWorldService
72%
16/22
100%
2/2
5.5
 
 1  
 /*
 2  
  * Copyright (c) 2009, Swiss Federal Department of Defence Civil Protection and Sport
 3  
  *                     (http://www.vbs.admin.ch)
 4  
  * Copyright (c) 2009, Ergon Informatik AG (http://www.ergon.ch)
 5  
  * All rights reserved.
 6  
  *
 7  
  * Licensed under the Open Permis License which accompanies this distribution,
 8  
  * and is available at http://www.openpermis.org/BSDlicenceKent.txt
 9  
  */
 10  
 package org.openpermis.examples.simple;
 11  
 
 12  
 import java.net.URI;
 13  
 import java.net.URISyntaxException;
 14  
 import java.util.ArrayList;
 15  
 import java.util.List;
 16  
 
 17  
 import org.openpermis.AuthorizationService;
 18  
 import org.openpermis.AuthorizationServiceException;
 19  
 import org.openpermis.Subject;
 20  
 import org.openpermis.policy.AccessDecision;
 21  
 
 22  
 
 23  
 /**
 24  
  * An implementation of the HelloWorld service that controls access with the help of
 25  
  * a policy decision point (PDP). It serves as a policy enforcement point for the
 26  
  * HelloWorld application.
 27  
  * @since 0.1.0
 28  
  */
 29  
 public class AuthorizedHelloWorldService
 30  
         implements HelloWorldService
 31  
 {
 32  
 
 33  
         //---- Static
 34  
         
 35  
         /**
 36  
          * @since 0.1.0
 37  
          */
 38  1
         protected static final URI TARGET_RESOURCE_URI = URI.create("cn=letterbox,o=post,c=ch");
 39  
 
 40  
         /**
 41  
          * @since 0.1.0
 42  
          */
 43  
         protected static final String ACTION_NAME = "collectLetters";
 44  
 
 45  
         //---- State
 46  
         
 47  
         /**
 48  
          * The injected authorization service.
 49  
          * @since 0.3.0
 50  
          */
 51  
         private final AuthorizationService authorizationService;
 52  
 
 53  
         /**
 54  
          * The actual service implementation to which we forward authorized requests.
 55  
          * @since 0.1.0
 56  
          */
 57  
         private final HelloWorldService delegate;
 58  
         
 59  
         //---- Constructors
 60  
 
 61  
         /**
 62  
          * Creates an authorized HelloWorld service that uses the specified policy decision
 63  
          * context for retrieving roles and making access decisions.
 64  
          * @param authorizationService a {@link AuthorizationService}.
 65  
          * @param delegate the real service implementation to which authorized requests are forwarded.
 66  
          * @since 0.1.0
 67  
          */
 68  
         public AuthorizedHelloWorldService (
 69  
                 AuthorizationService authorizationService,
 70  
                 HelloWorldService delegate
 71  2
         ) {
 72  2
                 this.authorizationService = authorizationService;
 73  2
                 this.delegate = delegate;
 74  2
         }
 75  
         
 76  
         //---- HelloWorldService
 77  
         
 78  
         /**
 79  
          * @since 0.1.0
 80  
          */
 81  
         // TODO Any Example should be named according to the postman example.
 82  
         public String getHelloMessage (String name)
 83  
                 throws HelloWorldException
 84  
         {
 85  
                 // Find out who wants to access the service and which roles he has.
 86  
                 // In an authenticated application you would get a java.net.Principal from an
 87  
                 // authentication service and determine an identity from its name.
 88  
                 // In a stateful application you would cache the retrieved subject in the current
 89  
                 // session context to avoid repeated role lookups.
 90  
                 final URI identity;
 91  
                 try {
 92  2
                         identity = new URI(name);
 93  0
                 } catch (URISyntaxException e) {
 94  0
                         throw new HelloWorldException("Invalid name " + name, e);
 95  2
                 }
 96  
                 
 97  
                 final Subject subject;
 98  
                 try {
 99  2
                         subject = this.authorizationService.retrieveSubject(identity);
 100  0
                 } catch (AuthorizationServiceException e) {
 101  0
                         throw new HelloWorldException("Cannot retrieve subject for " + name, e);
 102  2
                 }
 103  
                 
 104  
                 // Identify the resource to protect. This could be a service URL.
 105  2
                 final URI resource = TARGET_RESOURCE_URI;
 106  
                 
 107  
                 // Identify the action to perform on the protected resource.
 108  2
                 final String actionName = ACTION_NAME;
 109  2
                 final List<Object> arguments = new ArrayList<Object>();
 110  
 
 111  
 
 112  
                 try {
 113  
                         // Ask the authorization service for an access decision.
 114  2
                         final AccessDecision decision = this.authorizationService.getAccessDecision(
 115  
                                 subject, resource, actionName, arguments
 116  
                         );
 117  
                         
 118  2
                         if (decision.isAccessGranted()) {
 119  
                                 // We are authorized to proceed, but still have to check obligations in the future.
 120  1
                                 return this.delegate.getHelloMessage(name);
 121  
                         }
 122  
 
 123  
                         // The decision is negative. We must inform the caller that he is not authorized.
 124  1
                         throw new HelloWorldException("Access denied for " + name);
 125  
                 
 126  0
                 } catch (AuthorizationServiceException e) {
 127  0
                         throw new HelloWorldException("Cannot get access decision for " + name, e);
 128  
                 }
 129  
         }
 130  
 
 131  
 }