diff --git a/src/main/java/com/mostafa/security/policy/PolicyDefinition.java b/src/main/java/com/mostafa/security/policy/PolicyDefinition.java new file mode 100644 index 0000000..92b6ceb --- /dev/null +++ b/src/main/java/com/mostafa/security/policy/PolicyDefinition.java @@ -0,0 +1,7 @@ +package com.mostafa.security.policy; + +import java.util.List; + +public interface PolicyDefinition { + public List getAllPolicyRules(); +} \ No newline at end of file diff --git a/src/main/java/com/mostafa/security/policy/PolicyEnforcement.java b/src/main/java/com/mostafa/security/policy/PolicyEnforcement.java index fed3fe7..d9e2c60 100644 --- a/src/main/java/com/mostafa/security/policy/PolicyEnforcement.java +++ b/src/main/java/com/mostafa/security/policy/PolicyEnforcement.java @@ -3,18 +3,22 @@ import java.util.ArrayList; import java.util.List; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.expression.EvaluationException; import org.springframework.stereotype.Component; @Component public class PolicyEnforcement { + private static Logger logger = LoggerFactory.getLogger(PolicyEnforcement.class); + @Autowired - private PolicyManager policyManager; + private PolicyDefinition policyDefinition; public boolean check(Object subject, Object resource, Object action) { List matchedRules = new ArrayList<>(); - List allRules = policyManager.getAllPolicies(); + List allRules = policyDefinition.getAllPolicyRules(); SecurityAccessContext cxt = new SecurityAccessContext(subject, resource, action, null); for(PolicyRule rule : allRules) { @@ -23,7 +27,7 @@ public boolean check(Object subject, Object resource, Object action) { matchedRules.add(rule); } } catch(EvaluationException ex) { - //just ignore + logger.info("An error occurred while evaluating PolicyRule.", ex); } } @@ -33,7 +37,7 @@ public boolean check(Object subject, Object resource, Object action) { return true; } } catch(EvaluationException ex) { - //just ignore + logger.info("An error occurred while evaluating PolicyRule.", ex); } } return false; diff --git a/src/main/java/com/mostafa/security/policy/PolicyRule.java b/src/main/java/com/mostafa/security/policy/PolicyRule.java index 7f0e4b2..31f585f 100644 --- a/src/main/java/com/mostafa/security/policy/PolicyRule.java +++ b/src/main/java/com/mostafa/security/policy/PolicyRule.java @@ -3,6 +3,8 @@ import org.springframework.expression.Expression; public class PolicyRule { + private String name; + private String description; /* * Boolean SpEL expression. If evaluated to true, then this rule is applied to the request access context. */ @@ -13,7 +15,15 @@ public class PolicyRule { */ private Expression condition; - + public PolicyRule() { + + } + + public PolicyRule(String name, String description, Expression target, Expression condition) { + this(target, condition); + this.name = name; + this.description = description; + } public PolicyRule(Expression target, Expression condition) { super(); @@ -36,4 +46,20 @@ public Expression getCondition() { public void setCondition(Expression condition) { this.condition = condition; } + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + public String getDescription() { + return description; + } + + public void setDescription(String description) { + this.description = description; + } } diff --git a/src/main/java/com/mostafa/security/policy/SecurityAccessContext.java b/src/main/java/com/mostafa/security/policy/SecurityAccessContext.java index 5e69de4..2b83431 100644 --- a/src/main/java/com/mostafa/security/policy/SecurityAccessContext.java +++ b/src/main/java/com/mostafa/security/policy/SecurityAccessContext.java @@ -39,6 +39,7 @@ public Object getEnvironment() { public void setEnvironment(Object environment) { this.environment = environment; } + @Override public int hashCode() { final int prime = 31; diff --git a/src/main/java/com/mostafa/security/policy/PolicyManager.java b/src/main/java/com/mostafa/security/policy/SimplePolicyDefinition.java similarity index 53% rename from src/main/java/com/mostafa/security/policy/PolicyManager.java rename to src/main/java/com/mostafa/security/policy/SimplePolicyDefinition.java index 237589b..b1f4787 100644 --- a/src/main/java/com/mostafa/security/policy/PolicyManager.java +++ b/src/main/java/com/mostafa/security/policy/SimplePolicyDefinition.java @@ -10,7 +10,7 @@ import org.springframework.stereotype.Component; @Component -public class PolicyManager { +public class SimplePolicyDefinition implements PolicyDefinition { private List rules; @PostConstruct @@ -18,12 +18,14 @@ private void init(){ ExpressionParser exp = new SpelExpressionParser(); rules = new ArrayList<>(); - String ownerRule = "subject.name == resource.owner"; - String targetRule = "true"; - - rules.add(new PolicyRule(exp.parseExpression(targetRule), exp.parseExpression(ownerRule))); + PolicyRule newRule = new PolicyRule(); + newRule.setName("ResourceOwner"); + newRule.setDescription("Resource owner should have access to it."); + newRule.setCondition(exp.parseExpression("true")); + newRule.setTarget(exp.parseExpression("subject.name == resource.owner")); + rules.add(newRule); } - public List getAllPolicies() { + public List getAllPolicyRules() { return rules; }