Coverage Report - org.openpermis.examples.simple.AuthorizedLetterboxService
 
Classes in this File Line Coverage Branch Coverage Complexity
AuthorizedLetterboxService
76%
20/26
100%
2/2
3.25
 
 1  
 /*
 2  
  * Copyright (c) 2009, Swiss Federal Department of Defence Civil Protection and Sport
 3  
  *                     (http://www.vbs.admin.ch)
 4  
  * Copyright (c) 2009, Ergon Informatik AG (http://www.ergon.ch)
 5  
  * All rights reserved.
 6  
  *
 7  
  * Licensed under the Open Permis License which accompanies this distribution,
 8  
  * and is available at http://www.openpermis.org/BSDlicenceKent.txt
 9  
  */
 10  
 package org.openpermis.examples.simple;
 11  
 
 12  
 import java.net.URI;
 13  
 import java.net.URISyntaxException;
 14  
 import java.util.ArrayList;
 15  
 import java.util.List;
 16  
 
 17  
 import org.openpermis.AuthorizationService;
 18  
 import org.openpermis.AuthorizationServiceException;
 19  
 import org.openpermis.Subject;
 20  
 import org.openpermis.policy.AccessDecision;
 21  
 
 22  
 
 23  
 /**
 24  
  * An implementation of the letterbox service that controls access with the help of
 25  
  * a PERMIS authorization service. It serves as a policy enforcement point for the
 26  
  * HelloWorld application.
 27  
  * @since 0.1.0
 28  
  */
 29  
 public class AuthorizedLetterboxService
 30  
         implements LetterboxService
 31  
 {
 32  
 
 33  
         //---- Static
 34  
         
 35  
         /**
 36  
          * @since 0.1.0
 37  
          */
 38  1
         protected static final URI LETTERBOX_URI = URI.create("cn=letterbox,o=post,c=ch");
 39  
 
 40  
         //---- State
 41  
         
 42  
         /**
 43  
          * The injected authorization service.
 44  
          */
 45  
         private final AuthorizationService authorizationService;
 46  
 
 47  
         /**
 48  
          * The actual service implementation to which we forward authorized requests.
 49  
          */
 50  
         private final LetterboxService delegate;
 51  
         
 52  
         //---- Constructors
 53  
 
 54  
         /**
 55  
          * Creates an authorized letterbox service that uses the specified authorization service for 
 56  
          * making access decisions.
 57  
          * @param authorizationService a {@link AuthorizationService}.
 58  
          * @param delegate the real service implementation to which authorized requests are forwarded.
 59  
          * @since 0.1.0
 60  
          */
 61  
         public AuthorizedLetterboxService (
 62  
                 AuthorizationService authorizationService,
 63  
                 LetterboxService delegate
 64  3
         ) {
 65  3
                 this.authorizationService = authorizationService;
 66  3
                 this.delegate = delegate;
 67  3
         }
 68  
         
 69  
         //---- Methods
 70  
         
 71  
         /**
 72  
          * Checks if principal is allowed to execute action.
 73  
          * @param principal the principal which want to execute the action.
 74  
          * @param action the action to execute.
 75  
          * @throws LetterboxException indicates a negative authorization decision.
 76  
          * @since 0.4.0
 77  
          */
 78  
         private void isAuthorized (String principal, String action) throws LetterboxException {
 79  
                 // Find out who wants to access the service and which roles he has.
 80  
                 // In an authenticated application you would get a java.net.Principal from an
 81  
                 // authentication service and determine an identity from its name.
 82  
                 // In a stateful application you would cache the retrieved subject in the current
 83  
                 // session context to avoid repeated role lookups.
 84  
                 final URI identity;
 85  
                 try {
 86  3
                         identity = new URI(principal);
 87  0
                 } catch (URISyntaxException e) {
 88  0
                         throw new LetterboxException("Invalid principal " + principal, e);
 89  3
                 }
 90  
                 
 91  
                 final Subject subject;
 92  
                 try {
 93  3
                         subject = this.authorizationService.retrieveSubject(identity);
 94  0
                 } catch (AuthorizationServiceException e) {
 95  0
                         throw new LetterboxException("Cannot retrieve subject for " + principal, e);
 96  3
                 }
 97  
                 
 98  
                 // Identify the resource to protect. This could be a service URL.
 99  3
                 final URI resource = LETTERBOX_URI;
 100  
                 
 101  
                 // Arguments.
 102  3
                 final List<Object> arguments = new ArrayList<Object>();
 103  
 
 104  
                 try {
 105  
                         // Ask the authorization service for an access decision.
 106  3
                         final AccessDecision decision = this.authorizationService.getAccessDecision(
 107  
                                 subject, resource, action, arguments
 108  
                         );
 109  
                         
 110  3
                         if (decision.isAccessGranted()) {
 111  
                                 // We are authorized to proceed, but may still have to check obligations in the 
 112  
                                 // future.
 113  2
                                 return;
 114  
                         }
 115  
 
 116  
                         // The decision is negative. We must inform the caller that he is not authorized.
 117  1
                         throw new LetterboxException(
 118  
                                 "Access denied for principal " + principal + " and action " + action
 119  
                         );
 120  
                 
 121  0
                 } catch (AuthorizationServiceException e) {
 122  0
                         throw new LetterboxException("Cannot get access decision for " + principal, e);
 123  
                 }
 124  
         }
 125  
         
 126  
         //---- LetterboxService
 127  
         
 128  
         /**
 129  
          * @since 0.4.0
 130  
          */
 131  
         public List<String> collectLetters (String principal) throws LetterboxException {
 132  1
                 isAuthorized(principal, "collectLetters");
 133  1
                 return this.delegate.collectLetters(principal);
 134  
         }
 135  
 
 136  
         /**
 137  
          * @since 0.4.0
 138  
          */
 139  
         public void insertLetter (String principal, String letter) throws LetterboxException {
 140  2
                 isAuthorized(principal, "insertLetter");
 141  1
                 this.delegate.insertLetter(principal, letter);
 142  1
         }
 143  
 
 144  
 }