Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

CON-755: To provide funtionality in monitoring to update users and roles

  • Loading branch information...
commit 17e075ba6407b992fd8845f3c630485b2f34d21c 1 parent 81d1e6c
@himanshu1587 himanshu1587 authored
Showing with 1,567 additions and 25 deletions.
  1. +1 −1  Buildfile
  2. +6 −0 api/src/main/java/org/intalio/tempo/security/impl/RBACQueryImpl.java
  3. +5 −0 api/src/main/java/org/intalio/tempo/security/impl/Realms.java
  4. +185 −0 api/src/main/java/org/intalio/tempo/security/ldap/LDAPRBACAdmin.java
  5. +26 −1 api/src/main/java/org/intalio/tempo/security/ldap/LDAPRBACProvider.java
  6. +34 −0 api/src/main/java/org/intalio/tempo/security/ldap/LDAPSecurityProvider.java
  7. +10 −1 api/src/main/java/org/intalio/tempo/security/provider/SecurityProvider.java
  8. +15 −2 api/src/main/java/org/intalio/tempo/security/rbac/RBACConstants.java
  9. +10 −0 api/src/main/java/org/intalio/tempo/security/rbac/RBACQuery.java
  10. +35 −0 api/src/main/java/org/intalio/tempo/security/rbac/RoleExistsException.java
  11. +35 −0 api/src/main/java/org/intalio/tempo/security/rbac/UserExistsException.java
  12. +222 −0 api/src/main/java/org/intalio/tempo/security/simple/SimpleRBACAdmin.java
  13. +48 −14 api/src/main/java/org/intalio/tempo/security/simple/SimpleRBACQuery.java
  14. +33 −3 api/src/main/java/org/intalio/tempo/security/simple/SimpleSecurityProvider.java
  15. +3 −1 ws-common/src/main/java/org/intalio/tempo/security/ws/Constants.java
  16. +50 −2 ws-common/src/main/java/org/intalio/tempo/security/ws/OMParser.java
  17. +51 −0 ws-common/src/main/java/org/intalio/tempo/security/ws/RBACAdminConstants.java
  18. +401 −0 ws-common/src/main/java/org/intalio/tempo/security/ws/RBACAdminWS.java
  19. +372 −0 ws-service/src/main/axis2/rbacadmin-service.wsdl
  20. +25 −0 ws-service/src/main/axis2/services.xml
View
2  Buildfile
@@ -16,7 +16,7 @@ define "security" do
desc "Security Framework"
define "api" do
- compile.with CAS_CLIENT, DOM4J, CASTOR, LOG4J, SLF4J, SPRING[:core], XERCES, OPENSSO_CLIENT_SDK, SERVLET_API,JASYPT
+ compile.with AXIOM, CAS_CLIENT, DOM4J, CASTOR, LOG4J, SLF4J, SPRING[:core], XERCES, OPENSSO_CLIENT_SDK, SERVLET_API,JASYPT
test.exclude "*BaseSuite"
test.exclude "*FuncTestSuite"
View
6 api/src/main/java/org/intalio/tempo/security/impl/RBACQueryImpl.java
@@ -121,5 +121,11 @@ public RBACQueryImpl( Realms providers )
{
return _providers.getRBACQuery( role ).roleProperties( role );
}
+
+ // implement RBACQuery interface
+ public String[] getRoles(String realm) throws RBACException, RemoteException
+ {
+ return _providers.getRBACQuery( realm ).getRoles(realm);
+ }
}
View
5 api/src/main/java/org/intalio/tempo/security/impl/Realms.java
@@ -519,5 +519,10 @@ public boolean isWorkflowAdmin( String user )
{
return getAuthenticationQuery( user ).isWorkflowAdmin( user );
}
+
+ @Override
+ public String[] getRoles(String realm) throws RBACException, RemoteException {
+ return getRBACQuery( realm ).getRoles(realm);
+ }
}
View
185 api/src/main/java/org/intalio/tempo/security/ldap/LDAPRBACAdmin.java
@@ -0,0 +1,185 @@
+package org.intalio.tempo.security.ldap;
+
+import java.rmi.RemoteException;
+import java.util.Map;
+
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.ModificationItem;
+
+import org.intalio.tempo.security.Property;
+import org.intalio.tempo.security.rbac.RBACAdmin;
+import org.intalio.tempo.security.rbac.RBACException;
+import org.intalio.tempo.security.rbac.RoleNotFoundException;
+import org.intalio.tempo.security.rbac.UserNotFoundException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class LDAPRBACAdmin implements RBACAdmin {
+
+ protected final static Logger LOG = LoggerFactory.getLogger(LDAPRBACAdmin.class);
+
+ private String _baseDN;
+ private LDAPSecurityProvider _provider;
+ private Map _config;
+
+ public LDAPRBACAdmin(LDAPSecurityProvider provider, String baseDN, Map map) {
+ _provider = provider;
+ _baseDN = baseDN;
+ _config = map;
+ }
+
+ @Override
+ public void addUser(String user, Property[] properties) throws RBACException, RemoteException {
+ Attributes attr = getAttributes(properties);
+ attr.put(LDAPProperties.SECURITY_LDAP_USER_ID, user);
+ String dn = getUserId(user);
+ createSubContext(dn, attr);
+
+ }
+
+ @Override
+ public void deleteUser(String user) throws RBACException, RemoteException {
+ String dn = getUserId(user);
+ removeSubContext(dn);
+ }
+
+ @Override
+ public void addRole(String role, Property[] properties) throws RoleNotFoundException, RBACException, RemoteException {
+ Attributes attr = getAttributes(properties);
+ attr.put(LDAPProperties.SECURITY_LDAP_ROLE_ID, role);
+ String dn = getRoleId(role);
+ createSubContext(dn, attr);
+ }
+
+ @Override
+ public void deleteRole(String role) throws RoleNotFoundException, RBACException, RemoteException {
+ String dn = getRoleId(role);
+ removeSubContext(dn);
+ }
+
+ @Override
+ public void assignUser(String user, String role) throws UserNotFoundException, RoleNotFoundException, RBACException, RemoteException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void deassignUser(String user, String role) throws UserNotFoundException, RoleNotFoundException, RBACException, RemoteException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void grantPermission(String role, String operation, String object) throws RoleNotFoundException, RBACException, RemoteException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void revokePermission(String role, String operation, String object) throws RoleNotFoundException, RBACException, RemoteException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void addInheritance(String ascendant, String descendant) throws RoleNotFoundException, RBACException, RemoteException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void deleteInheritance(String ascendant, String descendant) throws RoleNotFoundException, RBACException, RemoteException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void addAscendant(String ascendant, Property[] properties, String descendant) throws RoleNotFoundException, RBACException, RemoteException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void addDescendant(String descendant, Property[] properties, String ascendant) throws RoleNotFoundException, RBACException, RemoteException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setUserProperties(String user, Property[] properties) throws UserNotFoundException, RBACException, RemoteException {
+ String dn = getUserId(user);
+ modifyAttributes(dn, properties);
+
+ }
+
+ @Override
+ public void setRoleProperties(String role, Property[] properties) throws RoleNotFoundException, RBACException, RemoteException {
+ String dn = getRoleId(role);
+ modifyAttributes(dn, properties);
+
+ }
+
+ static private Attributes getAttributes(Property[] properties) {
+ BasicAttributes myAttri = new BasicAttributes(true);
+ for (Property prop : properties)
+ myAttri.put(prop.getName(), prop.getValue());
+ return myAttri;
+ }
+
+ private String getUserId(String user) {
+ String userBase = (String) _config.get(LDAPProperties.SECURITY_LDAP_USER_BASE);
+ String userId = (String) _config.get(LDAPProperties.SECURITY_LDAP_USER_ID);
+ String dn = userId + "=" + user + "," + userBase;
+ return dn;
+ }
+
+ private String getRoleId(String role) {
+ String roleBase = (String) _config.get(LDAPProperties.SECURITY_LDAP_ROLE_BASE);
+ String roleId = (String) _config.get(LDAPProperties.SECURITY_LDAP_ROLE_ID);
+ String dn = roleId + "=" + role + "," + roleBase;
+ return dn;
+ }
+
+ private void createSubContext(String dn, Attributes attr) throws RBACException {
+ try {
+ DirContext context = _provider.getContext(_baseDN);
+ context.createSubcontext(dn, attr);
+ context.close();
+ } catch (NamingException e) {
+ LOG.error("Error occured while creating new subContext in LDAP", e);
+ throw new RBACException(e);
+ }
+ }
+
+ private void removeSubContext(String dn) throws RBACException {
+ try {
+ DirContext context = _provider.getContext(_baseDN);
+ context.destroySubcontext(dn);
+ context.close();
+ } catch (NamingException e) {
+ LOG.error("Error occured while removing subContext from LDAP", e);
+ throw new RBACException(e);
+ }
+ }
+
+ private void modifyAttributes(String dn, Property[] props) throws RBACException {
+ try {
+ DirContext context = _provider.getContext(_baseDN);
+ ModificationItem[] mods = new ModificationItem[props.length];
+ int i = 0;
+ for (Property prop : props) {
+ Attribute attri = new BasicAttribute(prop.getName(), prop.getValue());
+ mods[i++] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attri);
+ }
+ context.modifyAttributes(dn, mods);
+ } catch (Exception e) {
+ LOG.error("Error occured while modifying attributes for context", e);
+ throw new RBACException(e);
+ }
+ }
+}
View
27 api/src/main/java/org/intalio/tempo/security/ldap/LDAPRBACProvider.java
@@ -52,8 +52,12 @@
private LDAPRBACQuery _query;
+ private LDAPRBACAdmin _rbacAdmin;
+
private LDAPQueryEngine _engine;
+ private String _baseDN;
+
/**
* Constructor
*
@@ -62,6 +66,7 @@ public LDAPRBACProvider(String realm, LDAPQueryEngine engine, String baseDN) {
super();
_realm = realm;
_engine = engine;
+ _baseDN = baseDN;
}
/**
@@ -72,6 +77,7 @@ public void initialize(Object config) throws RBACException {
if (!(config instanceof Map))
throw new IllegalArgumentException("Configuration is expected to be a Map");
_query = new LDAPRBACQuery((Map) config);
+ _rbacAdmin = new LDAPRBACAdmin(_engine.getProvider(),_baseDN, (Map) config);
}
/**
@@ -85,7 +91,7 @@ public String getName() throws RBACException {
* @see org.intalio.tempo.security.rbac.provider.RBACProvider#getAdmin()
*/
public RBACAdmin getAdmin() throws RBACException {
- throw new RuntimeException("Method not implemented");
+ return _rbacAdmin;
}
/**
@@ -751,5 +757,24 @@ static String getNonNull(String key, Map map) throws IllegalArgumentException {
throw new RBACException(ne);
}
}
+
+ /**
+ * @see org.intalio.tempo.security.rbac.RBACQuery#getRoles(java.lang.String)
+ */
+ @Override
+ public String[] getRoles(String realm) throws RBACException, RemoteException {
+ if (!_realm.equals(realm))
+ throw new RBACException("Unsupported realm, " + realm);
+
+ ArrayList<String> list = new ArrayList<String>();
+ try {
+ _engine.queryExtent(_roleBase, _roleId, list);
+ } catch (NamingException e) {
+ LOG.error("Error occured while getting roles",e);
+ throw new RBACException(e);
+ }
+ return prefix (list);
+ }
+
}
}
View
34 api/src/main/java/org/intalio/tempo/security/ldap/LDAPSecurityProvider.java
@@ -13,6 +13,7 @@
import java.io.FileInputStream;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
@@ -333,4 +334,37 @@ static final void close(Context context) {
}
}
+ @Override
+ public Set<String> getAttributes(String forObject) throws RBACException {
+ Set<String> properties = new HashSet<String>();
+ String propertyName = "";
+ String id = "";
+ if (forObject.equals("user")) {
+ propertyName = LDAPProperties.SECURITY_LDAP_USER_PROP;
+ id = LDAPProperties.SECURITY_LDAP_USER_ID;
+ properties.add( _env.get(LDAPProperties.SECURITY_LDAP_USER_CREDENTIAL+".0").split(":")[0]);
+ } else if (forObject.equals("role")) {
+ propertyName = LDAPProperties.SECURITY_LDAP_ROLE_PROP;
+ id = LDAPProperties.SECURITY_LDAP_ROLE_ID;
+ }
+ for (int i = 0; true; i++) {
+ String key = propertyName + '.' + i;
+ if (_env.containsKey(key)) {
+ String value = (String) _env.get(key);
+ String[] temp = value.split(":");
+ if(temp != null && temp.length > 0) {
+ if (temp.length == 1) {
+ properties.add(value.split(":")[0]);
+ } else {
+ properties.add(value.split(":")[1]);
+ }
+ }
+ } else {
+ break;
+ }
+ }
+ properties.remove(id);
+ return properties;
+ }
+
}
View
11 api/src/main/java/org/intalio/tempo/security/provider/SecurityProvider.java
@@ -9,6 +9,8 @@
package org.intalio.tempo.security.provider;
+import java.util.Set;
+
import org.intalio.tempo.security.authentication.AuthenticationException;
import org.intalio.tempo.security.authentication.provider.AuthenticationProvider;
import org.intalio.tempo.security.rbac.RBACException;
@@ -91,5 +93,12 @@ public AuthenticationProvider getAuthenticationProvider( String realm )
*/
public void dispose()
throws RBACException;
-
+
+ /**
+ * This returns list of attributes depending on value of forObject, which either can be role or user.
+ * @param forObject
+ * @return
+ * @throws RBACException
+ */
+ public Set<String> getAttributes(String forObject) throws RBACException;
}
View
17 api/src/main/java/org/intalio/tempo/security/rbac/RBACConstants.java
@@ -28,11 +28,24 @@
* Email address property
*/
public static final String PROPERTY_EMAIL = "email";
-
/**
* User's full name property
*/
- public static final String PROPERTY_FULL_NAME = "fullName";
+ public static final String PROPERTY_NAME = "name";
+
+ /**
+ * Assigned roles property
+ */
+ public static final String PROPERTY_ASSIGN_ROLES = "assignRole";
+ /**
+ * Descendant roles property
+ */
+ public static final String PROPERTY_DESCENDANT_ROLE = "descendantRole";
+
+ /**
+ * Password property
+ */
+ public static final String PROPERTY_PASSWORD = "password";
}
View
10 api/src/main/java/org/intalio/tempo/security/rbac/RBACQuery.java
@@ -216,6 +216,16 @@
public String[] topRoles( String realm )
throws RBACException, RemoteException;
+ /**
+ * Return the set of roles within a realm.
+ * <p>
+ * This is valid only if the realm exists.
+ *
+ * @param realm the specified realm
+ * @return identifiers of the top-level roles within the realm
+ */
+ public String[] getRoles( String realm )
+ throws RBACException, RemoteException;
/**
* Return the set of ascendant roles for a given role.
View
35 api/src/main/java/org/intalio/tempo/security/rbac/RoleExistsException.java
@@ -0,0 +1,35 @@
+package org.intalio.tempo.security.rbac;
+
+public class RoleExistsException extends RBACException {
+ private static final long serialVersionUID = -5673950029436827800L;
+
+ /**
+ * Construct a new RoleExistsException exception wrapping an underlying exception
+ * and providing a message.
+ *
+ * @param message The exception message
+ * @param except The underlying exception
+ */
+ public RoleExistsException(String message, Exception except) {
+ super(message, except);
+ }
+
+ /**
+ * Construct a new RoleExistsException exception with a message.
+ *
+ * @param message The exception message
+ */
+ public RoleExistsException(String message) {
+ super(message);
+ }
+
+ /**
+ * Construct a new RoleExistsException exception wrapping an underlying exception.
+ *
+ * @param except The underlying exception
+ */
+ public RoleExistsException(Exception except) {
+ super(except);
+ }
+
+}
View
35 api/src/main/java/org/intalio/tempo/security/rbac/UserExistsException.java
@@ -0,0 +1,35 @@
+package org.intalio.tempo.security.rbac;
+
+public class UserExistsException extends RBACException {
+ private static final long serialVersionUID = -5673950029436827800L;
+
+ /**
+ * Construct a new UserExistsException exception wrapping an underlying exception
+ * and providing a message.
+ *
+ * @param message The exception message
+ * @param except The underlying exception
+ */
+ public UserExistsException(String message, Exception except) {
+ super(message, except);
+ }
+
+ /**
+ * Construct a new UserExistsException exception with a message.
+ *
+ * @param message The exception message
+ */
+ public UserExistsException(String message) {
+ super(message);
+ }
+
+ /**
+ * Construct a new UserExistsException exception wrapping an underlying exception.
+ *
+ * @param except The underlying exception
+ */
+ public UserExistsException(Exception except) {
+ super(except);
+ }
+
+}
View
222 api/src/main/java/org/intalio/tempo/security/simple/SimpleRBACAdmin.java
@@ -0,0 +1,222 @@
+package org.intalio.tempo.security.simple;
+
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.rmi.RemoteException;
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.FactoryConfigurationError;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamReader;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMDocument;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.intalio.tempo.security.Property;
+import org.intalio.tempo.security.authentication.AuthenticationException;
+import org.intalio.tempo.security.rbac.RBACAdmin;
+import org.intalio.tempo.security.rbac.RBACException;
+import org.intalio.tempo.security.rbac.RoleNotFoundException;
+import org.intalio.tempo.security.rbac.UserNotFoundException;
+import org.intalio.tempo.security.util.IdentifierUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class SimpleRBACAdmin implements RBACAdmin {
+ private static final Logger LOG = LoggerFactory.getLogger(SimpleRBACAdmin.class);
+
+ private SimpleSecurityProvider _securityProvider;
+ private String _realm;
+ private static final String USER = "user";
+ private static final String ROLE = "role";
+ private static final String PASSWORD = "password";
+
+ public SimpleRBACAdmin(String realm, SimpleSecurityProvider simpleSecurityProvider) {
+ _securityProvider = simpleSecurityProvider;
+ _realm = realm;
+ }
+
+ @Override
+ public void addUser(String user, Property[] properties) throws RBACException, RemoteException {
+ OMDocument document = getDocumentElement();
+ LOG.debug("got document object");
+ addElement(USER, user, properties, document);
+ LOG.debug("element added");
+ updateConfigFile(document);
+ }
+
+ @Override
+ public void deleteUser(String user) throws RBACException, RemoteException {
+ OMDocument document = deleteElement(USER, user);
+ updateConfigFile(document);
+ }
+
+ @Override
+ public void addRole(String role, Property[] properties) throws RoleNotFoundException, RBACException, RemoteException {
+ OMDocument document = getDocumentElement();
+ addElement(ROLE, role, properties, document);
+ updateConfigFile(document);
+ }
+
+ @Override
+ public void deleteRole(String role) throws RoleNotFoundException, RBACException, RemoteException {
+ OMDocument document = deleteElement(ROLE, role);
+ updateConfigFile(document);
+ }
+
+ @Override
+ public void assignUser(String user, String role) throws UserNotFoundException, RoleNotFoundException, RBACException, RemoteException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void deassignUser(String user, String role) throws UserNotFoundException, RoleNotFoundException, RBACException, RemoteException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void grantPermission(String role, String operation, String object) throws RoleNotFoundException, RBACException, RemoteException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void revokePermission(String role, String operation, String object) throws RoleNotFoundException, RBACException, RemoteException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void addInheritance(String ascendant, String descendant) throws RoleNotFoundException, RBACException, RemoteException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void deleteInheritance(String ascendant, String descendant) throws RoleNotFoundException, RBACException, RemoteException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void addAscendant(String ascendant, Property[] properties, String descendant) throws RoleNotFoundException, RBACException, RemoteException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void addDescendant(String descendant, Property[] properties, String ascendant) throws RoleNotFoundException, RBACException, RemoteException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setUserProperties(String user, Property[] properties) throws UserNotFoundException, RBACException, RemoteException {
+ SimpleDatabase sd = _securityProvider.getDatabase();
+ String password = sd.getUser(IdentifierUtils.normalize(user, _realm, false, '\\')).getPassword();
+ OMDocument document = deleteElement(USER, user);
+ Property[] property = new Property[properties.length + 1];
+ for (int i = 0; i < properties.length; i++) {
+ property[i] = properties[i];
+ }
+ property[properties.length] = new Property(PASSWORD, password);
+ addElement(USER, user, property, document);
+ updateConfigFile(document);
+ }
+
+ @Override
+ public void setRoleProperties(String role, Property[] properties) throws RoleNotFoundException, RBACException, RemoteException {
+ OMDocument document = deleteElement(ROLE, role);
+ addElement(ROLE, role, properties, document);
+ updateConfigFile(document);
+ }
+
+ private synchronized void updateConfigFile(OMDocument document) throws RBACException {
+ FileOutputStream fos = null;
+ try {
+ fos = new FileOutputStream(_securityProvider.getConfigFile());
+ document.serialize(fos);
+ } catch (Exception e) {
+ LOG.error("Error occured while writing to configuration file:" + e.getMessage());
+ throw new RBACException(e.getMessage());
+ } finally {
+ try {
+ fos.flush();
+ fos.close();
+ } catch (IOException e) {
+ LOG.error("Error occured while closing the outputstream:" + e.getMessage());
+ throw new RBACException(e.getMessage());
+ }
+ }
+ try {
+ _securityProvider.init();
+ } catch (AuthenticationException e) {
+ LOG.error("Error occured reloading security configuration: " + e.getMessage());
+ throw new RBACException(e.getMessage());
+ }
+ }
+
+ private OMDocument getDocumentElement() throws RBACException {
+ XMLStreamReader parser = null;
+ try {
+ parser = XMLInputFactory.newInstance().createXMLStreamReader(_securityProvider.getConfigStream());
+ } catch (Exception e) {
+ LOG.error("Error occured while creating XMLStreamReader instance" + e.getMessage());
+ throw new RBACException(e.getMessage());
+ } catch (FactoryConfigurationError e) {
+ LOG.error("Error occured while creating XMLStreamReader instance" + e.getMessage());
+ throw new RBACException(e.getMessage());
+ }
+ StAXOMBuilder builder = new StAXOMBuilder(parser);
+ return builder.getDocument();
+ }
+
+ private synchronized OMDocument deleteElement(String elementName, String elementValue) throws RBACException {
+ OMDocument document = getDocumentElement();
+ OMElement root = document.getOMDocumentElement();
+ Iterator<OMElement> itr = root.getChildrenWithLocalName("realm");
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ while (itr.hasNext()) {
+ OMElement realm = itr.next();
+ if (realm.getAttribute(new QName("identifier")).getAttributeValue().equals(_realm)) {
+ Iterator<OMElement> itrUser = realm.getChildrenWithLocalName(elementName);
+ while (itrUser.hasNext()) {
+ OMElement roleElement = itrUser.next();
+ if (roleElement.getAttribute(new QName("identifier")).getAttributeValue().equals(elementValue)) {
+ roleElement.detach();
+ }
+ }
+ return document;
+ }
+ }
+ return null;
+ }
+
+ private synchronized void addElement(String elementName, String elementValue, Property[] elementProperties, OMDocument document) throws RBACException {
+ OMElement root = document.getOMDocumentElement();
+ Iterator<OMElement> itr = root.getChildrenWithLocalName("realm");
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ while (itr.hasNext()) {
+ OMElement realm = itr.next();
+ if (realm.getAttribute(new QName("identifier")).getAttributeValue().equals(_realm)) {
+ OMElement roleElement = factory.createOMElement(elementName, realm.getNamespace());
+ OMAttribute identifier = factory.createOMAttribute("identifier", realm.getNamespace(), elementValue);
+ roleElement.addAttribute(identifier);
+ for (Property property : elementProperties) {
+ OMElement propertyElement = factory.createOMElement(property.getName(), realm.getNamespace());
+ propertyElement.setText(property.getValue().toString());
+ roleElement.addChild(propertyElement);
+ }
+ realm.addChild(roleElement);
+ return;
+ }
+ }
+ }
+
+}
View
62 api/src/main/java/org/intalio/tempo/security/simple/SimpleRBACQuery.java
@@ -9,6 +9,7 @@
package org.intalio.tempo.security.simple;
+import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
@@ -19,6 +20,7 @@
import org.intalio.tempo.security.rbac.RoleNotFoundException;
import org.intalio.tempo.security.rbac.UserNotFoundException;
import org.intalio.tempo.security.util.IdentifierUtils;
+import org.intalio.tempo.security.util.StringArrayUtils;
/**
* Simple implementation of the RBAC query functions.
@@ -310,20 +312,25 @@
database = _provider.getDatabase();
- user = database.normalize( user );
+ user = database.normalize( user , _realm);
simpleUser = database.getUser( user );
if ( simpleUser == null ) {
throw new UserNotFoundException( "User not found: " + user );
}
-
- Property name = new Property( RBACConstants.PROPERTY_FULL_NAME,
- simpleUser.getName() );
-
- Property email = new Property( RBACConstants.PROPERTY_EMAIL,
- simpleUser.getEmail() );
- return new Property[] { name, email };
+ ArrayList<Property> properties = new ArrayList<Property>();
+ if (simpleUser.getName() != null) {
+ properties.add(new Property(RBACConstants.PROPERTY_NAME, simpleUser.getName()));
+ }
+ if (simpleUser.getEmail() != null) {
+ properties.add(new Property(RBACConstants.PROPERTY_EMAIL, simpleUser.getEmail()));
+ }
+ String[] roleArray = simpleUser.getAssignedRoles();
+ if(roleArray != null && roleArray.length > 0) {
+ properties.add(new Property(RBACConstants.PROPERTY_ASSIGN_ROLES, StringArrayUtils.toCommaDelimited(roleArray)));
+ }
+ return properties.toArray(new Property[properties.size()]);
}
@@ -336,17 +343,44 @@
database = _provider.getDatabase();
- role = database.normalize( role );
+ role = database.normalize( role , _realm);
simpleRole = database.getRole( role );
if ( simpleRole == null ) {
throw new RoleNotFoundException( "Role not found: " + role );
}
- Property description = new Property( RBACConstants.PROPERTY_DESCRIPTION,
- simpleRole.getDescription() );
-
- return new Property[] { description };
+ ArrayList<Property> properties = new ArrayList<Property>();
+ if (simpleRole.getDescription() != null) {
+ properties.add(new Property(RBACConstants.PROPERTY_DESCRIPTION, simpleRole.getDescription()));
+ }
+ String[] roleArray = simpleRole.getDescendants();
+ if(roleArray != null && roleArray.length > 0) {
+ properties.add(new Property(RBACConstants.PROPERTY_DESCENDANT_ROLE, StringArrayUtils.toCommaDelimited(roleArray)));
+ }
+ return properties.toArray(new Property[properties.size()]);
+ }
+
+
+ @Override
+ public String[] getRoles(String realm) throws RBACException, RemoteException {
+ SimpleDatabase database;
+
+ database = _provider.getDatabase();
+ SimpleRealm simpleRealm = database.getRealm(realm);
+ if (simpleRealm == null) {
+ throw new RBACException("Unknown realm '" + realm + "'");
+ }
+
+ ArrayList<String> result = new ArrayList<String>();
+ Iterator iter = database.getRoles();
+ while (iter.hasNext()) {
+ SimpleRole simpleRole = (SimpleRole) iter.next();
+ if (realm.equals(IdentifierUtils.getRealm(simpleRole.getIdentifier()))) {
+ result.add(simpleRole.getIdentifier());
+ }
+ }
+
+ return (String[]) result.toArray(new String[result.size()]);
}
-
}
View
36 api/src/main/java/org/intalio/tempo/security/simple/SimpleSecurityProvider.java
@@ -15,9 +15,18 @@
import java.io.IOException;
import java.io.InputStream;
import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
import java.util.Map;
import java.util.Set;
+import javax.xml.namespace.QName;
+import javax.xml.parsers.FactoryConfigurationError;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamReader;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.intalio.tempo.security.authentication.AuthenticationAdmin;
import org.intalio.tempo.security.authentication.AuthenticationException;
import org.intalio.tempo.security.authentication.AuthenticationQuery;
@@ -25,6 +34,7 @@
import org.intalio.tempo.security.authentication.provider.AuthenticationProvider;
import org.intalio.tempo.security.provider.SecurityProvider;
import org.intalio.tempo.security.rbac.RBACAdmin;
+import org.intalio.tempo.security.rbac.RBACConstants;
import org.intalio.tempo.security.rbac.RBACException;
import org.intalio.tempo.security.rbac.RBACQuery;
import org.intalio.tempo.security.rbac.RBACRuntime;
@@ -127,6 +137,9 @@ public void setWorkflowAdminRoles(Set<String> workflowAdminRoles) {
_workflowAdminRoles = workflowAdminRoles;
}
+ public String getConfigFile() {
+ return _filename;
+ }
/**
* Public no-arg constructor.
@@ -190,7 +203,7 @@ public void setRefreshInterval( int period )
}
- private InputStream getConfigStream()
+ public InputStream getConfigStream()
throws IOException
{
String filename = SystemPropertyUtils.resolvePlaceholders(_filename);
@@ -339,12 +352,14 @@ private void reloadDatabase()
private SimpleRBACQuery _query;
private SimpleRBACRuntime _runtime;
+ private SimpleRBACAdmin _admin;
// implement RBACProvider interface
SimpleRBACProvider( String realm )
{
_query = new SimpleRBACQuery( realm, SimpleSecurityProvider.this );
_runtime = new SimpleRBACRuntime( realm, SimpleSecurityProvider.this );
+ _admin = new SimpleRBACAdmin(realm, SimpleSecurityProvider.this);
}
@@ -352,8 +367,7 @@ private void reloadDatabase()
public RBACAdmin getAdmin()
throws RBACException
{
- // not supported
- return null;
+ return _admin;
}
@@ -419,5 +433,21 @@ public AuthenticationRuntime getRuntime()
} // class SimpleAuthorizationProvider
+
+
+ @Override
+ public Set<String> getAttributes(String forObject) throws RBACException {
+ Set<String> properties = new HashSet<String>();
+ if(forObject.equalsIgnoreCase("user")) {
+ properties.add(RBACConstants.PROPERTY_NAME);
+ properties.add(RBACConstants.PROPERTY_EMAIL);
+ properties.add(RBACConstants.PROPERTY_PASSWORD);
+ properties.add(RBACConstants.PROPERTY_ASSIGN_ROLES);
+ } else if(forObject.equalsIgnoreCase("role")) {
+ properties.add(RBACConstants.PROPERTY_DESCRIPTION);
+ properties.add(RBACConstants.PROPERTY_DESCENDANT_ROLE);
+ }
+ return properties;
+ }
}
View
4 ws-common/src/main/java/org/intalio/tempo/security/ws/Constants.java
@@ -34,8 +34,10 @@
public static final QName NAME = new QName(TOKEN_NS.getNamespaceURI(), "name");
public static final QName VALUE = new QName(TOKEN_NS.getNamespaceURI(), "value");
-
+
public static final String PASSWORD_MASK = "IntalioEncryptedpassword#123";
+ public static final OMNamespace RBACADMIN_NS = OM_FACTORY
+ .createOMNamespace("http://tempo.intalio.org/security/RBACAdminService/", "RBACAdmin");
}
View
52 ws-common/src/main/java/org/intalio/tempo/security/ws/OMParser.java
@@ -13,8 +13,11 @@
package org.intalio.tempo.security.ws;
import java.util.ArrayList;
+import java.util.HashMap;
import java.util.Iterator;
+import java.util.Map;
+import javax.management.Query;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
@@ -45,6 +48,22 @@ public String getRequiredString(QName parameter) throws IllegalArgumentException
return text;
}
+ public String[] getRequiredStringArray(QName parameter) throws IllegalArgumentException {
+ Iterator<OMElement> itr = _element.getChildElements();
+ ArrayList<String> textList = new ArrayList<String>();
+ while (itr.hasNext()) {
+ OMElement childElement = itr.next();
+ if (childElement.getQName().equals(parameter)) {
+ textList.add(childElement.getText());
+ }
+ }
+ if (textList == null || textList.size() == 0)
+ throw new IllegalArgumentException("Empty parameter: " + parameter);
+ if (LOG.isDebugEnabled())
+ LOG.debug("Parameter " + parameter + ": " + textList.toString());
+ return textList.toArray(new String[textList.size()]);
+ }
+
public Property[] getProperties(QName parameter) throws IllegalArgumentException{
OMElement e = _element.getFirstChildWithName(parameter);
if (e == null)
@@ -53,14 +72,43 @@ public String getRequiredString(QName parameter) throws IllegalArgumentException
ArrayList<Property> props = new ArrayList<Property>();
while (iter.hasNext()) {
OMElement prop = iter.next();
- OMElement name = prop.getFirstChildWithName(Constants.NAME);
+ OMElement name = prop.getFirstChildWithName(new QName(prop.getNamespace().getNamespaceURI(),"name"));
if (name == null)
throw new IllegalArgumentException("Missing property name: " + prop);
- OMElement value = prop.getFirstChildWithName(Constants.VALUE);
+ OMElement value = prop.getFirstChildWithName(new QName(prop.getNamespace().getNamespaceURI(),"value"));
if (value == null)
throw new IllegalArgumentException("Missing property value: " + prop);
props.add(new Property(name.getText(), value.getText()));
}
return props.toArray(new Property[props.size()]);
}
+
+ public Map<String,Property[]> getRequiredMapForAbstractType(QName parameter) {
+ Iterator<OMElement> iter = _element.getChildrenWithName(parameter);
+ Map<String,Property[]> abastractMap = new HashMap<String,Property[]>();
+ while (iter.hasNext()) {
+ OMElement abstractType = iter.next();
+ OMElement id = abstractType.getFirstChildWithName(new QName(abstractType.getNamespace().getNamespaceURI(),"id"));
+ if (id == null)
+ throw new IllegalArgumentException("Missing property name: " + abstractType);
+ OMElement realms = abstractType.getFirstChildWithName(new QName(abstractType.getNamespace().getNamespaceURI(),"realms"));
+ if (realms == null)
+ throw new IllegalArgumentException("Missing property name: " + abstractType);
+ OMElement details = abstractType.getFirstChildWithName(new QName(abstractType.getNamespace().getNamespaceURI(),"details"));
+ Iterator<OMElement> iterProp = details.getChildElements();
+ ArrayList<Property> props = new ArrayList<Property>();
+ while (iterProp.hasNext()) {
+ OMElement prop = iterProp.next();
+ OMElement name = prop.getFirstChildWithName(new QName(prop.getNamespace().getNamespaceURI(),"name"));
+ if (name == null)
+ throw new IllegalArgumentException("Missing property name: " + prop);
+ OMElement value = prop.getFirstChildWithName(new QName(prop.getNamespace().getNamespaceURI(),"value"));
+ if (value == null)
+ throw new IllegalArgumentException("Missing property value: " + prop);
+ props.add(new Property(name.getText(), value.getText()));
+ }
+ abastractMap.put(id.getText(), props.toArray(new Property[props.size()]));
+ }
+ return abastractMap;
+ }
}
View
51 ws-common/src/main/java/org/intalio/tempo/security/ws/RBACAdminConstants.java
@@ -0,0 +1,51 @@
+package org.intalio.tempo.security.ws;
+
+import static org.intalio.tempo.security.ws.Constants.RBACADMIN_NS;
+
+import javax.xml.namespace.QName;
+
+public class RBACAdminConstants {
+ public static final String RBAC_ADMIN_PREFIX = "rbacadmin";
+ public static final String ADD_ACTION = "add";
+ public static final String DELETE_ACTION = "delete";
+ public static final String EDIT_ACTION = "edit";
+ public static final String SUCCESS = "success";
+ public static final QName NAME = new QName(RBACADMIN_NS.getNamespaceURI(), "name");
+
+ public static final QName VALUE = new QName(RBACADMIN_NS.getNamespaceURI(), "value");
+
+
+ public static final QName MODIFY_USER = new QName(RBACADMIN_NS.getNamespaceURI(), "modifyUser", RBAC_ADMIN_PREFIX);
+ public static final QName MODIFY_ROLE = new QName(RBACADMIN_NS.getNamespaceURI(), "modifyRole", RBAC_ADMIN_PREFIX);
+ public static final QName GET_REALMS = new QName(RBACADMIN_NS.getNamespaceURI(), "getRealms", RBAC_ADMIN_PREFIX);
+ public static final QName GET_ROLES = new QName(RBACADMIN_NS.getNamespaceURI(), "getRoles", RBAC_ADMIN_PREFIX);
+ public static final QName GET_USERS = new QName(RBACADMIN_NS.getNamespaceURI(), "getUsers", RBAC_ADMIN_PREFIX);
+ public static final QName GET_ATTRIBUTES = new QName(RBACADMIN_NS.getNamespaceURI(), "getAttributes", RBAC_ADMIN_PREFIX);
+ public static final QName GET_PROPERTIES = new QName(RBACADMIN_NS.getNamespaceURI(), "getProperties", RBAC_ADMIN_PREFIX);
+
+ public static final QName ACTION = new QName(RBACADMIN_NS.getNamespaceURI(), "action", RBAC_ADMIN_PREFIX);
+ public static final QName REALM = new QName(RBACADMIN_NS.getNamespaceURI(), "realm", RBAC_ADMIN_PREFIX);
+ public static final QName REALMS = new QName(RBACADMIN_NS.getNamespaceURI(), "realms", RBAC_ADMIN_PREFIX);
+ public static final QName USER = new QName(RBACADMIN_NS.getNamespaceURI(), "user", RBAC_ADMIN_PREFIX);
+ public static final QName ROLE = new QName(RBACADMIN_NS.getNamespaceURI(), "role", RBAC_ADMIN_PREFIX);
+ public static final QName ROLES = new QName(RBACADMIN_NS.getNamespaceURI(), "roles", RBAC_ADMIN_PREFIX);
+ public static final QName USERS = new QName(RBACADMIN_NS.getNamespaceURI(), "users", RBAC_ADMIN_PREFIX);
+ public static final QName PROPERTY = new QName(RBACADMIN_NS.getNamespaceURI(), "property");
+ public static final QName PROPERTIES = new QName(RBACADMIN_NS.getNamespaceURI(), "properties");
+ public static final QName DETAILS = new QName(RBACADMIN_NS.getNamespaceURI(), "details", RBAC_ADMIN_PREFIX);
+ public static final QName RESPONSE = new QName(RBACADMIN_NS.getNamespaceURI(), "response", RBAC_ADMIN_PREFIX);
+ public static final QName TOKEN = new QName(RBACADMIN_NS.getNamespaceURI(), "token", RBAC_ADMIN_PREFIX);
+ public static final QName ATTRIBUTES = new QName(RBACADMIN_NS.getNamespaceURI(), "attributes", RBAC_ADMIN_PREFIX);
+ public static final QName ATTRIBUTE = new QName(RBACADMIN_NS.getNamespaceURI(), "attribute", RBAC_ADMIN_PREFIX);
+ public static final QName ROLE_TYPE = new QName(RBACADMIN_NS.getNamespaceURI(), "roleType", RBAC_ADMIN_PREFIX);
+ public static final QName USER_TYPE = new QName(RBACADMIN_NS.getNamespaceURI(), "userType", RBAC_ADMIN_PREFIX);
+ public static final QName ID = new QName(RBACADMIN_NS.getNamespaceURI(), "id", RBAC_ADMIN_PREFIX);
+
+ public static final QName AUTHENTICATION_EXCEPTION = new QName(RBACADMIN_NS.getNamespaceURI(), "AuthenticationFault", RBAC_ADMIN_PREFIX);
+ public static final QName RBAC_EXCEPTION = new QName(RBACADMIN_NS.getNamespaceURI(), "RBACFault", RBAC_ADMIN_PREFIX);
+ public static final QName REMOTE_EXCEPTION = new QName(RBACADMIN_NS.getNamespaceURI(), "RemoteFault", RBAC_ADMIN_PREFIX);
+ public static final QName USER_EXISTS_EXCEPTION = new QName(RBACADMIN_NS.getNamespaceURI(), "UserExistsFault", RBAC_ADMIN_PREFIX);
+ public static final QName ROLE_EXISTS_EXCEPTION = new QName(RBACADMIN_NS.getNamespaceURI(), "RoleExistsFault", RBAC_ADMIN_PREFIX);
+ public static final QName USER_NOT_FOUND_EXCEPTION = new QName(RBACADMIN_NS.getNamespaceURI(), "UserNotFoundFault", RBAC_ADMIN_PREFIX);
+ public static final QName ROLE_NOT_FOUND_EXCEPTION = new QName(RBACADMIN_NS.getNamespaceURI(), "RoleNotFoundFault", RBAC_ADMIN_PREFIX);
+}
View
401 ws-common/src/main/java/org/intalio/tempo/security/ws/RBACAdminWS.java
@@ -0,0 +1,401 @@
+package org.intalio.tempo.security.ws;
+
+import static org.intalio.tempo.security.ws.Constants.OM_FACTORY;
+
+import java.rmi.RemoteException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMException;
+import org.apache.axis2.AxisFault;
+import org.intalio.tempo.security.Property;
+import org.intalio.tempo.security.authentication.AuthenticationException;
+import org.intalio.tempo.security.rbac.RBACAdmin;
+import org.intalio.tempo.security.rbac.RBACException;
+import org.intalio.tempo.security.rbac.RBACQuery;
+import org.intalio.tempo.security.rbac.RoleExistsException;
+import org.intalio.tempo.security.rbac.RoleNotFoundException;
+import org.intalio.tempo.security.rbac.UserExistsException;
+import org.intalio.tempo.security.rbac.UserNotFoundException;
+import org.intalio.tempo.security.rbac.provider.RBACProvider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class RBACAdminWS extends BaseWS {
+ private static final Logger LOG = LoggerFactory.getLogger(RBACAdminWS.class);
+
+ /**This method performs either add, delete or edit action for user
+ * @param requestEl
+ * @return
+ */
+ public OMElement modifyUser(OMElement requestEl) throws AxisFault {
+ OMParser request = new OMParser(requestEl);
+ String realm = request.getRequiredString(RBACAdminConstants.REALM);
+ String user = request.getRequiredString(RBACAdminConstants.USER);
+ String action = request.getRequiredString(RBACAdminConstants.ACTION);
+ LOG.debug("Realm: " + realm + " User: " + user + " Action " + action);
+ try {
+ RBACProvider usersRBACProvider = _securityProvider.getRBACProvider(realm);
+ RBACAdmin usersRBACAdmin = usersRBACProvider.getAdmin();
+ if (!checkUserExists(user, usersRBACProvider)) {
+ if (action.equals(RBACAdminConstants.ADD_ACTION)) {
+ Property[] props = request.getProperties(RBACAdminConstants.DETAILS);
+ checkAssignedRoles(props, usersRBACProvider);
+ usersRBACAdmin.addUser(user, props);
+ } else if (action.equals(RBACAdminConstants.EDIT_ACTION)
+ || action.equals(RBACAdminConstants.DELETE_ACTION)) {
+ UserNotFoundException e = new UserNotFoundException("User: " + user + " was not found.");
+ LOG.error("User: " + user + " was not found.");
+ throw new Fault(e, getUserNotFoundExceptionResponse(e));
+ }
+ } else {
+ if (action.equals(RBACAdminConstants.EDIT_ACTION)) {
+ Property[] props = request.getProperties(RBACAdminConstants.DETAILS);
+ checkAssignedRoles(props, usersRBACProvider);
+ usersRBACAdmin.setUserProperties(user, props);
+ } else if (action.equals(RBACAdminConstants.DELETE_ACTION)) {
+ usersRBACAdmin.deleteUser(user);
+ } else if (action.equals(RBACAdminConstants.ADD_ACTION)) {
+ UserExistsException e = new UserExistsException("User: " + user + " already exists");
+ LOG.error("User: " + user + " already exists");
+ throw new Fault(e, getUserExistsExceptionResponse(e));
+ }
+ }
+ } catch (RBACException e) {
+ throw new Fault(e, getRBACExceptionResponse(e));
+ } catch (RemoteException e) {
+ throw new Fault(e, getRemoteExceptionResponse(e));
+ }
+ return getResponseElement(RBACAdminConstants.SUCCESS);
+ }
+
+ /**This method performs either add, delete or edit action for role
+ * @param requestEl
+ * @return
+ */
+ public OMElement modifyRole(OMElement requestEl) throws AxisFault {
+ OMParser request = new OMParser(requestEl);
+ String realm = request.getRequiredString(RBACAdminConstants.REALM);
+ String role = request.getRequiredString(RBACAdminConstants.ROLE);
+ String action = request.getRequiredString(RBACAdminConstants.ACTION);
+ try {
+ RBACProvider usersRBACProvider = _securityProvider.getRBACProvider(realm);
+ RBACAdmin usersRBACAdmin = usersRBACProvider.getAdmin();
+ if (!checkRoleExists(role, usersRBACProvider)) {
+ if (action.equals(RBACAdminConstants.ADD_ACTION)) {
+ usersRBACAdmin.addRole(role, request.getProperties(RBACAdminConstants.DETAILS));
+ } else if (action.equals(RBACAdminConstants.EDIT_ACTION)
+ || action.equals(RBACAdminConstants.DELETE_ACTION)) {
+ RoleNotFoundException e = new RoleNotFoundException("Role: " + role + " was not found.");
+ LOG.error("Role: " + role + " was not found.");
+ throw new Fault(e, getRoleNotFoundExceptionResponse(e));
+ }
+ } else {
+ if (action.equals(RBACAdminConstants.EDIT_ACTION)) {
+ usersRBACAdmin.setRoleProperties(role, request.getProperties(RBACAdminConstants.DETAILS));
+ } else if (action.equals(RBACAdminConstants.DELETE_ACTION)) {
+ usersRBACAdmin.deleteRole(role);
+ } else if (action.equals(RBACAdminConstants.ADD_ACTION)) {
+ RoleExistsException e = new RoleExistsException("Role: " + role + " already exists");
+ LOG.error("Role: " + role + " already exists");
+ throw new Fault(e, getRoleExistsExceptionResponse(e));
+ }
+ }
+ } catch (RBACException e) {
+ LOG.error("Error occured while modifying role for role: " + role + " action " + action + " realm: " + realm, e);
+ throw new Fault(e, getRBACExceptionResponse(e));
+ } catch (RemoteException e) {
+ LOG.error("Error occured while modifying role for role: " + role + " action " + action + " realm: " + realm, e);
+ throw new Fault(e, getRemoteExceptionResponse(e));
+ }
+ return getResponseElement(RBACAdminConstants.SUCCESS);
+ }
+
+ /**This gets existing realms in security provider
+ * @param requestEl
+ * @return
+ * @throws AxisFault
+ */
+ public OMElement getRealms(OMElement requestEl) throws AxisFault {
+ String[] realms;
+ try {
+ realms = _securityProvider.getRealms();
+ } catch (AuthenticationException e) {
+ LOG.error("Error occured while gettings realms", e);
+ throw new Fault(e, getAuthenticationExceptionResponse(e));
+ } catch (RBACException e) {
+ LOG.error("Error occured while gettings realms", e);
+ throw new Fault(e, getRBACExceptionResponse(e));
+ }
+ OMElement response = OM_FACTORY.createOMElement(RBACAdminConstants.REALMS);
+ if (realms != null) {
+ for (String realm : realms) {
+ if (!realm.equals("")) {
+ OMElement responseToken = OM_FACTORY.createOMElement(RBACAdminConstants.REALM, response);
+ responseToken.setText(realm);
+ }
+ }
+ }
+ return response;
+ }
+
+ /**This gets the existing roles
+ * @param requestEl
+ * @return
+ * @throws AxisFault
+ */
+ public OMElement getRoles(OMElement requestEl) throws AxisFault {
+ String[] roles = null;
+ RBACQuery query;
+ OMElement response = OM_FACTORY.createOMElement(RBACAdminConstants.ROLES);
+ try {
+ for (String realm : _securityProvider.getRealms()) {
+ query = _securityProvider.getRBACProvider(realm).getQuery();
+ if (realm != null && !realm.equals("")) {
+ roles = query.getRoles(realm);
+ if (roles != null) {
+ for (String role : roles) {
+ OMElement responseToken = OM_FACTORY
+ .createOMElement(RBACAdminConstants.ROLE_TYPE, response);
+ responseToken.addChild(elementText(RBACAdminConstants.ID, role));
+ responseToken.addChild(elementText(RBACAdminConstants.REALMS, realm));
+ OMElement details = OM_FACTORY.createOMElement(RBACAdminConstants.DETAILS, responseToken);
+ for (Property prop : query.roleProperties(role)) {
+ details.addChild(elementProperty(prop.getName(), prop.getValue().toString()));
+ }
+ response.addChild(responseToken);
+ }
+ }
+ }
+ }
+ } catch (RBACException e) {
+ LOG.error("Error occured while gettings roles", e);
+ throw new Fault(e, getRBACExceptionResponse(e));
+ } catch (RemoteException e) {
+ LOG.error("Error occured while gettings roles", e);
+ throw new Fault(e, getRemoteExceptionResponse(e));
+ } catch (AuthenticationException e) {
+ LOG.error("Error occured while gettings roles", e);
+ throw new Fault(e, getAuthenticationExceptionResponse(e));
+ }
+ return response;
+ }
+
+ /**This gets the existing roles
+ * @param requestEl
+ * @return
+ * @throws AxisFault
+ */
+ public OMElement getUsers(OMElement requestEl) throws AxisFault {
+ String[] roles = null;
+ RBACQuery query;
+ OMElement response = OM_FACTORY.createOMElement(RBACAdminConstants.USERS);
+ try {
+ for (String realm : _securityProvider.getRealms()) {
+ query = _securityProvider.getRBACProvider(realm).getQuery();
+ if (realm != null && !realm.equals("")) {
+ roles = query.getRoles(realm);
+ Set<String> userSet = new HashSet<String>();
+ for (String role : roles) {
+ String[] users = query.assignedUsers(role);
+ for (String user : users) {
+ userSet.add(user);
+ }
+ }
+ if (roles != null) {
+ for (String user : userSet) {
+ OMElement responseToken = OM_FACTORY
+ .createOMElement(RBACAdminConstants.USER_TYPE, response);
+ responseToken.addChild(elementText(RBACAdminConstants.ID, user));
+ responseToken.addChild(elementText(RBACAdminConstants.REALMS, realm));
+ OMElement details = OM_FACTORY.createOMElement(RBACAdminConstants.DETAILS, responseToken);
+ for (Property prop : query.userProperties(user)) {
+ details.addChild(elementProperty(prop.getName(), prop.getValue().toString()));
+ }
+ response.addChild(responseToken);
+ }
+ }
+ }
+ }
+ } catch (RBACException e) {
+ LOG.error("Error occured while gettings users", e);
+ throw new Fault(e, getRBACExceptionResponse(e));
+ } catch (RemoteException e) {
+ LOG.error("Error occured while gettings users", e);
+ throw new Fault(e, getRemoteExceptionResponse(e));
+ } catch (AuthenticationException e) {
+ LOG.error("Error occured while gettings users", e);
+ throw new Fault(e, getAuthenticationExceptionResponse(e));
+ }
+ return response;
+ }
+
+ /**This returns list of attributes depending on request, which either can be role or user.
+ * @param requestEl
+ * @return
+ * @throws AxisFault
+ */
+ public OMElement getAttributes(OMElement requestEl) throws AxisFault {
+ OMParser request = new OMParser(requestEl);
+ String element = request.getRequiredString(RBACAdminConstants.TOKEN);
+ Set<String> attributes = null;
+ LOG.debug("Getting Attributes for " + element);
+ try {
+ attributes = _securityProvider.getAttributes(element);
+ } catch (RBACException e) {
+ LOG.error("Error occured while gettings attributes for " + element, e);
+ throw new Fault(e, getRBACExceptionResponse(e));
+ } catch (Exception e) {
+ LOG.error("Error occured while gettings attributes for " + element, e);
+ }
+ LOG.debug("Got set Attributes of sze " + attributes.size());
+ OMElement response = OM_FACTORY.createOMElement(RBACAdminConstants.ATTRIBUTES);
+ if (attributes != null) {
+ for (String attri : attributes) {
+ response.addChild(elementText(RBACAdminConstants.ATTRIBUTE, attri));
+ }
+ }
+ return response;
+ }
+
+ /**This returns list of properties depending on request, which either can be role or user.
+ * @param requestEl
+ * @return
+ * @throws AxisFault
+ */
+ public OMElement getProperties(OMElement requestEl) throws AxisFault {
+ OMParser request = new OMParser(requestEl);
+ String user = request.getRequiredString(RBACAdminConstants.USER);
+ String role = request.getRequiredString(RBACAdminConstants.ROLE);
+ String realm = request.getRequiredString(RBACAdminConstants.REALM);
+ Property[] properties = null;
+ try {
+ if (user != null && !user.equals("null")) {
+ properties = _securityProvider.getRBACProvider(realm).getQuery().userProperties(user);
+ } else if (role != null && !role.equals("null")) {
+ properties = _securityProvider.getRBACProvider(realm).getQuery().roleProperties(role);
+ }
+ } catch (RBACException e) {
+ LOG.error("Error occured while gettings properties for user: " + user + " role " + role + " realm: "
+ + realm, e);
+ throw new Fault(e, getRBACExceptionResponse(e));
+ } catch (RemoteException e) {
+ LOG.error("Error occured while gettings properties for user: " + user + " role " + role + " realm: "
+ + realm, e);
+ throw new Fault(e, getRemoteExceptionResponse(e));
+ }
+ OMElement response = OM_FACTORY.createOMElement(RBACAdminConstants.GET_PROPERTIES);
+ OMElement responseToken = OM_FACTORY.createOMElement(RBACAdminConstants.DETAILS, response);
+ for (Property prop : properties) {
+ responseToken.addChild(elementProperty(prop.getName(), prop.getValue().toString()));
+ }
+ return response;
+ }
+
+ private static OMElement getResponseElement(String token) {
+ OMElement response = OM_FACTORY.createOMElement(RBACAdminConstants.RESPONSE);
+ OMElement responseToken = OM_FACTORY.createOMElement(RBACAdminConstants.TOKEN, response);
+ responseToken.setText(token);
+ return response;
+ }
+
+ private static OMElement getRBACExceptionResponse(RBACException e) {
+ OMElement response = OM_FACTORY.createOMElement(RBACAdminConstants.RBAC_EXCEPTION);
+ response.setText(e.getMessage());
+ return response;
+ }
+
+ private static OMElement getAuthenticationExceptionResponse(AuthenticationException e) {
+ OMElement response = OM_FACTORY.createOMElement(RBACAdminConstants.AUTHENTICATION_EXCEPTION);
+ response.setText(e.getMessage());
+ return response;
+ }
+
+ private static OMElement getRemoteExceptionResponse(RemoteException e) {
+ OMElement response = OM_FACTORY.createOMElement(RBACAdminConstants.REMOTE_EXCEPTION);
+ response.setText(e.getMessage());
+ return response;
+ }
+
+ private static OMElement getUserExistsExceptionResponse(UserExistsException e) {
+ OMElement response = OM_FACTORY.createOMElement(RBACAdminConstants.USER_EXISTS_EXCEPTION);
+ response.setText(e.getMessage());
+ return response;
+ }
+
+ private static OMElement getUserNotFoundExceptionResponse(UserNotFoundException e) {
+ OMElement response = OM_FACTORY.createOMElement(RBACAdminConstants.USER_NOT_FOUND_EXCEPTION);
+ response.setText(e.getMessage());
+ return response;
+ }
+
+ private static OMElement getRoleNotFoundExceptionResponse(RoleNotFoundException e) {
+ OMElement response = OM_FACTORY.createOMElement(RBACAdminConstants.ROLE_NOT_FOUND_EXCEPTION);
+ response.setText(e.getMessage());
+ return response;
+ }
+
+ private static OMElement getRoleExistsExceptionResponse(RoleExistsException e) {
+ OMElement response = OM_FACTORY.createOMElement(RBACAdminConstants.ROLE_EXISTS_EXCEPTION);
+ response.setText(e.getMessage());
+ return response;
+ }
+
+ private static boolean checkUserExists(String user, RBACProvider usersRBACProvider) throws RemoteException, RBACException {
+ boolean exists = true;
+ try {
+ Property[] props = usersRBACProvider.getQuery().userProperties(user);
+ if (props == null || props.length == 0) {
+ exists = false;
+ }
+ } catch (UserNotFoundException e) {
+ exists = false;
+ }
+ return exists;
+ }
+
+ private static boolean checkRoleExists(String role, RBACProvider usersRBACProvider) throws RemoteException, RBACException {
+ boolean exists = true;
+ try {
+ Property[] props = usersRBACProvider.getQuery().roleProperties(role);
+ if (props == null || props.length == 0) {
+ exists = false;
+ }
+ } catch (RoleNotFoundException e) {
+ exists = false;
+ }
+ return exists;
+ }
+
+ private static void checkAssignedRoles(Property[] props, RBACProvider usersRBACProvider) throws RemoteException, RBACException {
+ for (Property prop : props) {
+ if (prop.getName().equals("assignRole")) {
+ if (!checkRoleExists(prop.getValue().toString(), usersRBACProvider))
+ throw new RBACException("Assigned role:" + prop.getValue().toString() + " does not exists");
+ }
+ }
+ }
+
+ private static OMElement elementProperty(String name, String Value) {
+ OMElement prop = element(RBACAdminConstants.PROPERTY);
+ prop.addChild(elementText(RBACAdminConstants.NAME, name));
+ prop.addChild(elementText(RBACAdminConstants.VALUE, Value));
+ return prop;
+ }
+
+ private static OMElement element(QName name) {
+ return OM_FACTORY.createOMElement(name);
+ }
+
+ private static OMElement elementText(QName name, String text) {
+ OMElement element = OM_FACTORY.createOMElement(name);
+ element.setText(text);
+ return element;
+ }
+
+}
View
372 ws-service/src/main/axis2/rbacadmin-service.wsdl
@@ -0,0 +1,372 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- ~ Copyright (c) 2005-2007 Intalio inc. ~ ~ All rights reserved. This
+ program and the accompanying materials ~ are made available under the terms
+ of the Eclipse Public License v1.0 ~ which accompanies this distribution,
+ and is available at ~ http://www.eclipse.org/legal/epl-v10.html ~ ~ Contributors:
+ ~ Intalio inc. - initial API and implementation -->
+<wsdl:definitions targetNamespace="http://tempo.intalio.org/security/RBACAdminService/"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://tempo.intalio.org/security/RBACAdminService/"
+ xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:ns="http://tempo.intalio.org/security/">
+
+ <wsdl:types>
+
+ <xsd:schema targetNamespace="http://tempo.intalio.org/security/RBACAdminService/"
+ elementFormDefault="qualified" attributeFormDefault="unqualified">
+ <xsd:complexType name="property">
+ <xsd:sequence>
+ <xsd:element name="name" type="xsd:string" />
+ <xsd:element name="value" type="xsd:string" />
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="properties">
+ <xsd:sequence>
+ <xsd:element name="property" type="tns:property"
+ maxOccurs="unbounded" minOccurs="0" />
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="abstractType">
+ <xsd:sequence>
+ <xsd:element name="id" type="xsd:string" />
+ <xsd:element name="realms" type="xsd:string" />
+ <xsd:element name="details" type="tns:properties"
+ maxOccurs="1" minOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:element name="modifyUser">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="action" type="xsd:string" />
+ <xsd:element name="user" type="xsd:string" />
+ <xsd:element name="realm" type="xsd:string" />
+ <xsd:element name="details" type="tns:properties"
+ maxOccurs="1" minOccurs="0" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="modifyRole">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="action" type="xsd:string" />
+ <xsd:element name="role" type="xsd:string" />
+ <xsd:element name="realm" type="xsd:string" />
+ <xsd:element name="details" type="tns:properties"
+ maxOccurs="1" minOccurs="0" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="response">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="token" type="xsd:string" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="getAttributes">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="token" type="xsd:string" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="getProperties">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="user" type="xsd:string" />
+ <xsd:element name="role" type="xsd:string" />
+ <xsd:element name="realm" type="xsd:string" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="realms">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="realm" type="xsd:string" maxOccurs="unbounded" minOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="roles">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="roleType" type="tns:abstractType"
+ maxOccurs="unbounded" minOccurs="0" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="users">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="userType" type="tns:abstractType"
+ maxOccurs="unbounded" minOccurs="0" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="attributes">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="attribute" type="xsd:string" maxOccurs="unbounded" minOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="AuthenticationFault" type="xsd:string" />
+ <xsd:element name="RemoteFault" type="xsd:string" />
+ <xsd:element name="RBACFault" type="xsd:string" />
+ <xsd:element name="UserExistsFault" type="xsd:string" />
+ <xsd:element name="UserNotFoundFault" type="xsd:string" />
+ <xsd:element name="RoleExistsFault" type="xsd:string" />
+ <xsd:element name="RoleNotFoundFault" type="xsd:string" />
+ <xsd:element name="getRealms" type="xsd:string" maxOccurs="1" minOccurs="0"/>
+ <xsd:element name="getRoles" type="xsd:string" maxOccurs="1" minOccurs="0"/>
+ <xsd:element name="getUsers" type="xsd:string" maxOccurs="1" minOccurs="0"/>
+ <xsd:element name="details" type="tns:properties" />
+ </xsd:schema>
+ </wsdl:types>
+
+
+ <wsdl:message name="details">
+ <wsdl:part name="payload" element="tns:details" />
+ </wsdl:message>
+ <wsdl:message name="modifyUser">
+ <wsdl:part name="payload" element="tns:modifyUser" />
+ </wsdl:message>
+ <wsdl:message name="modifyRole">
+ <wsdl:part name="payload" element="tns:modifyRole" />
+ </wsdl:message>
+ <wsdl:message name="getRealms">
+ <wsdl:part name="payload" element="tns:getRealms" />
+ </wsdl:message>
+ <wsdl:message name="getRoles">
+ <wsdl:part name="payload" element="tns:getRoles" />
+ </wsdl:message>
+ <wsdl:message name="getUsers">
+ <wsdl:part name="payload" element="tns:getUsers" />
+ </wsdl:message>
+ <wsdl:message name="attributes">
+ <wsdl:part name="payload" element="tns:attributes" />
+ </wsdl:message>
+ <wsdl:message name="response">
+ <wsdl:part name="payload" element="tns:response" />
+ </wsdl:message>
+ <wsdl:message name="getAttributes">
+ <wsdl:part name="payload" element="tns:getAttributes" />
+ </wsdl:message>
+ <wsdl:message name="getProperties">
+ <wsdl:part name="payload" element="tns:getProperties" />
+ </wsdl:message>
+ <wsdl:message name="realms">
+ <wsdl:part name="payload" element="tns:realms" />
+ </wsdl:message>
+ <wsdl:message name="roles">
+ <wsdl:part name="payload" element="tns:roles" />
+ </wsdl:message>
+ <wsdl:message name="users">
+ <wsdl:part name="payload" element="tns:users" />
+ </wsdl:message>
+ <wsdl:message name="AuthenticationFault">
+ <wsdl:part name="payload" element="tns:AuthenticationFault" />
+ </wsdl:message>
+ <wsdl:message name="RemoteFault">
+ <wsdl:part name="payload" element="tns:RemoteFault" />
+ </wsdl:message>
+ <wsdl:message name="RBACFault">
+ <wsdl:part name="payload" element="tns:RBACFault" />
+ </wsdl:message>
+ <wsdl:message name="UserExistsFault">
+ <wsdl:part name="payload" element="tns:UserExistsFault" />
+ </wsdl:message>
+ <wsdl:message name="UserNotFoundFault">
+ <wsdl:part name="payload" element="tns:UserNotFoundFault" />
+ </wsdl:message>
+ <wsdl:message name="RoleExistsFault">
+ <wsdl:part name="payload" element="tns:RoleExistsFault" />
+ </wsdl:message>
+ <wsdl:message name="RoleNotFoundFault">
+ <wsdl:part name="payload" element="tns:RoleNotFoundFault" />
+ </wsdl:message>
+
+ <wsdl:portType name="RBACAdminPortType">
+ <wsdl:operation name="modifyUser">
+ <wsdl:input message="tns:modifyUser" />
+ <wsdl:output message="tns:response" />
+ <wsdl:fault message="tns:RemoteFault" name="RemoteFault" />
+ <wsdl:fault message="tns:RBACFault" name="RBACFault" />
+ <wsdl:fault message="tns:UserExistsFault" name="UserExistsFault" />
+ <wsdl:fault message="tns:UserNotFoundFault" name="UserNotFoundFault" />
+ </wsdl:operation>
+ <wsdl:operation name="modifyRole">
+ <wsdl:input message="tns:modifyRole" />
+ <wsdl:output message="tns:response" />
+ <wsdl:fault message="tns:RemoteFault" name="RemoteFault" />
+ <wsdl:fault message="tns:RBACFault" name="RBACFault" />
+ <wsdl:fault message="tns:RoleExistsFault" name="RoleExistsFault" />
+ <wsdl:fault message="tns:RoleNotFoundFault" name="RoleNotFoundFault" />
+ </wsdl:operation>
+ <wsdl:operation name="getRealms">
+ <wsdl:input message="tns:getRealms" />
+ <wsdl:output message="tns:realms" />
+ <wsdl:fault message="tns:RemoteFault" name="RemoteFault" />
+ <wsdl:fault message="tns:RBACFault" name="RBACFault" />
+ <wsdl:fault message="tns:AuthenticationFault" name="AuthenticationFault" />
+ </wsdl:operation>
+ <wsdl:operation name="getRoles">
+ <wsdl:input message="tns:getRoles" />
+ <wsdl:output message="tns:roles" />
+ <wsdl:fault message="tns:RemoteFault" name="RemoteFault" />
+ <wsdl:fault message="tns:RBACFault" name="RBACFault" />
+ <wsdl:fault message="tns:AuthenticationFault" name="AuthenticationFault" />
+ </wsdl:operation>
+ <wsdl:operation name="getAttributes">
+ <wsdl:input message="tns:getAttributes" />
+ <wsdl:output message="tns:attributes" />
+ <wsdl:fault message="tns:RBACFault" name="RBACFault" />
+ </wsdl:operation>
+ <wsdl:operation name="getProperties">
+ <wsdl:input message="tns:getProperties" />
+ <wsdl:output message="tns:details" />
+ <wsdl:fault message="tns:RemoteFault" name="RemoteFault" />
+ <wsdl:fault message="tns:RBACFault" name="RBACFault" />
+ </wsdl:operation>
+ <wsdl:operation name="getUsers">
+ <wsdl:input message="tns:getUsers" />
+ <wsdl:output message="tns:users" />
+ <wsdl:fault message="tns:RemoteFault" name="RemoteFault" />
+ <wsdl:fault message="tns:RBACFault" name="RBACFault" />
+ <wsdl:fault message="tns:AuthenticationFault" name="AuthenticationFault" />
+ </wsdl:operation>
+ </wsdl:portType>
+
+
+ <wsdl:binding name="RBACAdminSOAP" type="tns:RBACAdminPortType">
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="modifyUser">
+ <soap:operation soapAction="modifyUser" />
+ <wsdl:input>
+ <soap:body parts="payload" use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body parts="payload" use="literal" />
+ </wsdl:output>
+ <wsdl:fault name="RemoteFault">
+ <soap:fault use="literal" name="RemoteFault" />
+ </wsdl:fault>
+ <wsdl:fault name="RBACFault">
+ <soap:fault use="literal" name="RBACFault" />
+ </wsdl:fault>
+ <wsdl:fault name="UserExistsFault">
+ <soap:fault use="literal" name="UserExistsFault" />
+ </wsdl:fault>
+ <wsdl:fault name="UserNotFoundFault">
+ <soap:fault use="literal" name="UserNotFoundFault" />
+ </wsdl:fault>
+ </wsdl:operation>
+ <wsdl:operation name="modifyRole">
+ <soap:operation soapAction="modifyRole" />
+ <wsdl:input>
+ <soap:body parts="payload" use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body parts="payload" use="literal" />
+ </wsdl:output>
+ <wsdl:fault name="RemoteFault">
+ <soap:fault use="literal" name="RemoteFault" />
+ </wsdl:fault>
+ <wsdl:fault name="RBACFault">
+ <soap:fault use="literal" name="RBACFault" />
+ </wsdl:fault>
+ <wsdl:fault name="RoleExistsFault">
+ <soap:fault use="literal" name="RoleExistsFault" />
+ </wsdl:fault>
+ <wsdl:fault name="RoleNotFoundFault">
+ <soap:fault use="literal" name="RoleNotFoundFault" />
+ </wsdl:fault>
+ </wsdl:operation>
+ <wsdl:operation name="getRealms">
+ <soap:operation soapAction="getRealms" />
+ <wsdl:input>
+ <soap:body parts="payload" use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body parts="payload" use="literal" />
+ </wsdl:output>
+ <wsdl:fault name="RemoteFault">
+ <soap:fault use="literal" name="RemoteFault" />
+ </wsdl:fault>
+ <wsdl:fault name="RBACFault">
+ <soap:fault use="literal" name="RBACFault" />
+ </wsdl:fault>
+ <wsdl:fault name="AuthenticationFault">
+ <soap:fault use="literal" name="AuthenticationFault" />
+ </wsdl:fault>
+ </wsdl:operation>
+ <wsdl:operation name="getRoles">
+ <soap:operation soapAction="getRoles" />
+ <wsdl:input>
+ <soap:body parts="payload" use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body parts="payload" use="literal" />
+ </wsdl:output>
+ <wsdl:fault name="RemoteFault">
+ <soap:fault use="literal" name="RemoteFault" />
+ </wsdl:fault>
+ <wsdl:fault name="RBACFault">
+ <soap:fault use="literal" name="RBACFault" />
+ </wsdl:fault>
+ <wsdl:fault name="AuthenticationFault">
+ <soap:fault use="literal" name="AuthenticationFault" />
+ </wsdl:fault>
+ </wsdl:operation>
+ <wsdl:operation name="getAttributes">
+ <soap:operation soapAction="getAttributes" />
+ <wsdl:input>
+ <soap:body parts="payload" use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body parts="payload" use="literal" />
+ </wsdl:output>
+ <wsdl:fault name="RBACFault">
+ <soap:fault use="literal" name="RBACFault" />
+ </wsdl:fault>
+ </wsdl:operation>
+ <wsdl:operation name="getProperties">
+ <soap:operation soapAction="getProperties" />
+ <wsdl:input>
+ <soap:body parts="payload" use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body parts="payload" use="literal" />
+ </wsdl:output>
+ <wsdl:fault name="RemoteFault">
+ <soap:fault use="literal" name="RemoteFault" />
+ </wsdl:fault>
+ <wsdl:fault name="RBACFault">
+ <soap:fault use="literal" name="RBACFault" />
+ </wsdl:fault>
+ </wsdl:operation>
+ <wsdl:operation name="getUsers">
+ <soap:operation soapAction="getUsers" />
+ <wsdl:input>
+ <soap:body parts="payload" use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body parts="payload" use="literal" />
+ </wsdl:output>
+ <wsdl:fault name="RemoteFault">
+ <soap:fault use="literal" name="RemoteFault" />
+ </wsdl:fault>
+ <wsdl:fault name="RBACFault">
+ <soap:fault use="literal" name="RBACFault" />
+ </wsdl:fault>
+ <wsdl:fault name="AuthenticationFault">
+ <soap:fault use="literal" name="AuthenticationFault" />
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
+
+ <wsdl:service name="RBACAdminService">
+ <wsdl:port name="RBACAdminService" binding="tns:RBACAdminSOAP">
+ <soap:address location="http://localhost:8080/axis2/services/RBACAdminService" />
+ </wsdl:port>
+ </wsdl:service>
+</wsdl:definitions>
View
25 ws-service/src/main/axis2/services.xml
@@ -64,4 +64,29 @@
<parameter name="ServiceClass">org.intalio.tempo.security.ws.TokenWS</parameter>
</service>
+<service name="RBACAdminService" scope="application">
+ <description>RBACAdmin</description>
+ <operation name="modifyUser">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </operation>
+ <operation name="modifyRole">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </operation>
+ <operation name="getRealms">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </operation>
+ <operation name="getRoles">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </operation>
+ <operation name="getUsers">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </operation>
+ <operation name="getAttributes">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </operation>
+ <operation name="getProperties">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass">org.intalio.tempo.security.ws.RBACAdminWS</parameter>
+</service>
</serviceGroup>
Please sign in to comment.
Something went wrong with that request. Please try again.