Split the access-control from the sample-issue-tracker

AbacSpringSecurity.postman_collection.json

@@ -10,7 +10,7 @@
 		{
 			"name": "Project - Add",
 			"request": {
-				"url": "http://localhost:8080/AbacSpringSecurity/projects/",
+				"url": "http://localhost:8080/sample-issue-tracker/projects/",
 				"method": "POST",
 				"header": [
 					{
@@ -35,7 +35,7 @@
 		{
 			"name": "Project - List",
 			"request": {
-				"url": "http://localhost:8080/AbacSpringSecurity/projects/",
+				"url": "http://localhost:8080/sample-issue-tracker/projects/",
 				"method": "GET",
 				"header": [
 					{
@@ -60,7 +60,7 @@
 		{
 			"name": "Project - Assign PM",
 			"request": {
-				"url": "http://localhost:8080/AbacSpringSecurity/projects/1/pm/",
+				"url": "http://localhost:8080/sample-issue-tracker/projects/1/pm/",
 				"method": "PUT",
 				"header": [
 					{
@@ -85,7 +85,7 @@
 		{
 			"name": "Project - Assign Developer",
 			"request": {
-				"url": "http://localhost:8080/AbacSpringSecurity/projects/1/users/",
+				"url": "http://localhost:8080/sample-issue-tracker/projects/1/users/",
 				"method": "POST",
 				"header": [
 					{
@@ -110,7 +110,7 @@
 		{
 			"name": "Project - Assign Tester",
 			"request": {
-				"url": "http://localhost:8080/AbacSpringSecurity/projects/1/users/",
+				"url": "http://localhost:8080/sample-issue-tracker/projects/1/users/",
 				"method": "POST",
 				"header": [
 					{
@@ -135,7 +135,7 @@
 		{
 			"name": "Project - List Users",
 			"request": {
-				"url": "http://localhost:8080/AbacSpringSecurity/projects/1/users/",
+				"url": "http://localhost:8080/sample-issue-tracker/projects/1/users/",
 				"method": "GET",
 				"header": [
 					{
@@ -155,7 +155,7 @@
 		{
 			"name": "Project - Delete User",
 			"request": {
-				"url": "http://localhost:8080/AbacSpringSecurity/projects/1/users/dev1",
+				"url": "http://localhost:8080/sample-issue-tracker/projects/1/users/dev1",
 				"method": "DELETE",
 				"header": [
 					{
@@ -175,7 +175,7 @@
 		{
 			"name": "Project - View",
 			"request": {
-				"url": "http://localhost:8080/AbacSpringSecurity/projects/1/",
+				"url": "http://localhost:8080/sample-issue-tracker/projects/1/",
 				"method": "GET",
 				"header": [
 					{
@@ -200,7 +200,7 @@
 		{
 			"name": "Project - Delete",
 			"request": {
-				"url": "http://localhost:8080/AbacSpringSecurity/projects/1/",
+				"url": "http://localhost:8080/sample-issue-tracker/projects/1/",
 				"method": "DELETE",
 				"header": [
 					{
@@ -220,7 +220,7 @@
 		{
 			"name": "Issues - List ",
 			"request": {
-				"url": "http://localhost:8080/AbacSpringSecurity/projects/1/issues/",
+				"url": "http://localhost:8080/sample-issue-tracker/projects/1/issues/",
 				"method": "GET",
 				"header": [
 					{
@@ -240,7 +240,7 @@
 		{
 			"name": "Issues - Create",
 			"request": {
-				"url": "http://localhost:8080/AbacSpringSecurity/projects/1/issues/",
+				"url": "http://localhost:8080/sample-issue-tracker/projects/1/issues/",
 				"method": "POST",
 				"header": [
 					{
@@ -265,7 +265,7 @@
 		{
 			"name": "Issues - Update",
 			"request": {
-				"url": "http://localhost:8080/AbacSpringSecurity/projects/1/issues/1/",
+				"url": "http://localhost:8080/sample-issue-tracker/projects/1/issues/1/",
 				"method": "PUT",
 				"header": [
 					{
@@ -290,7 +290,7 @@
 		{
 			"name": "Issues - Delete",
 			"request": {
-				"url": "http://localhost:8080/AbacSpringSecurity/projects/1/issues/1/",
+				"url": "http://localhost:8080/sample-issue-tracker/projects/1/issues/1/",
 				"method": "DELETE",
 				"header": [
 					{
@@ -310,7 +310,7 @@
 		{
 			"name": "Issues - Assign",
 			"request": {
-				"url": "http://localhost:8080/AbacSpringSecurity/projects/1/issues/1/assignee",
+				"url": "http://localhost:8080/sample-issue-tracker/projects/1/issues/1/assignee",
 				"method": "PUT",
 				"header": [
 					{
@@ -335,7 +335,7 @@
 		{
 			"name": "Issues - Change Status",
 			"request": {
-				"url": "http://localhost:8080/AbacSpringSecurity/projects/1/issues/1/status",
+				"url": "http://localhost:8080/sample-issue-tracker/projects/1/issues/1/status",
 				"method": "PUT",
 				"header": [
 					{

access-control/.gitignore

@@ -0,0 +1,7 @@
+# Maven
+/target/
+
+# Eclipse
+.classpath
+.project
+.settings/

access-control/pom.xml

@@ -0,0 +1,48 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<artifactId>access-control</artifactId>
+
+	<name>attribute-based-acccess-control</name>
+	<url>https://github.com/mostafa8eltaher/AbacSpringSecurity</url>
+
+	<packaging>jar</packaging>
+	<parent>
+        <groupId>edu.mostafa.security</groupId>
+		<artifactId>abac-spring-security-parent</artifactId>
+		<version>0.0.1-SNAPSHOT</version>
+        <relativePath>../</relativePath>
+    </parent>
+
+	<dependencies>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-core</artifactId>
+			<version>${spring.security.version}</version>
+		</dependency>
+
+		<dependency>
+			<groupId>com.fasterxml.jackson.core</groupId>
+			<artifactId>jackson-databind</artifactId>
+			<version>2.8.1</version>
+		</dependency>
+		<dependency>
+			<groupId>org.slf4j</groupId>
+		    <artifactId>slf4j-api</artifactId>
+		    <version>1.7.20</version>
+		</dependency>
+	</dependencies>
+
+	<build>
+		<plugins>
+			<plugin>
+				<artifactId>maven-compiler-plugin</artifactId>
+				<version>3.5.1</version>
+				<configuration>
+					<source>1.8</source>
+					<target>1.8</target>
+				</configuration>
+			</plugin>
+		</plugins>
+	</build>
+</project>

src/main/java/edu/mostafa/abac/security/policy/SecurityAccessContext.java → access-control/src/main/java/edu/mostafa/abac/security/policy/SecurityAccessContext.java

@@ -6,8 +6,6 @@ public class SecurityAccessContext {
 	private Object action;
 	private Object environment;
 
-
-
 	public SecurityAccessContext(Object subject, Object resource, Object action, Object environment) {
 		super();
 		this.subject = subject;

src/main/java/edu/mostafa/abac/security/spring/AbacPermissionEvaluator.java → access-control/src/main/java/edu/mostafa/abac/security/spring/AbacPermissionEvaluator.java

@@ -10,7 +10,6 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.web.authentication.WebAuthenticationDetails;
 import org.springframework.stereotype.Component;
 
 import edu.mostafa.abac.security.policy.PolicyEnforcement;
@@ -27,12 +26,14 @@ public boolean hasPermission(Authentication authentication , Object targetDomain
 		Object user = authentication.getPrincipal();
 		Map<String, Object> environment = new HashMap<>();
 
+		/*
 		Object authDetails = authentication.getDetails();
 		if(authDetails != null) {
 			if(authDetails instanceof WebAuthenticationDetails) {
 				environment.put("remoteAddress", ((WebAuthenticationDetails) authDetails).getRemoteAddress());
 			}
 		}
+		*/
 		environment.put("time", new Date());
 
 		logger.debug("hasPersmission({}, {}, {})", user, targetDomainObject, permission);

src/main/java/edu/mostafa/abac/security/spring/ContextAwarePolicyEnforcement.java → access-control/src/main/java/edu/mostafa/abac/security/spring/ContextAwarePolicyEnforcement.java

@@ -8,7 +8,6 @@
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.authentication.WebAuthenticationDetails;
 import org.springframework.stereotype.Component;
 
 import edu.mostafa.abac.security.policy.PolicyEnforcement;
@@ -26,12 +25,15 @@ public void checkPermission(Object resource, String permission) {
 		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 
 		Map<String, Object> environment = new HashMap<>();
+
+		/*
 		Object authDetails = auth.getDetails();
 		if(authDetails != null) {
 			if(authDetails instanceof WebAuthenticationDetails) {
 				environment.put("remoteAddress", ((WebAuthenticationDetails) authDetails).getRemoteAddress());
 			}
 		}
+		*/
 		environment.put("time", new Date());
 
 		if(!policy.check(auth.getPrincipal(), resource, permission, environment))

pom.xml

@@ -1,87 +1,29 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
-	<groupId>com.mostafa.security</groupId>
-	<artifactId>AbacSpringSecurity</artifactId>
+	<groupId>edu.mostafa.security</groupId>
+	<artifactId>abac-spring-security-parent</artifactId>
 	<version>0.0.1-SNAPSHOT</version>
 
-	<name>abac-spring-security</name>
+	<name>abac-spring-security-parent</name>
 	<url>https://github.com/mostafa8eltaher/AbacSpringSecurity</url>
 
-	<packaging>war</packaging>
+	<packaging>pom</packaging>
+
+	<modules>
+		<module>access-control</module>
+		<module>sample-issue-tracker</module>
+	</modules>
+
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<java.servlet.version>3.0.1</java.servlet.version>
 		<junit.version>4.12</junit.version>
 		<org.springframework.version>4.3.2.RELEASE</org.springframework.version>
 		<spring.security.version>4.1.1.RELEASE</spring.security.version>
 	</properties>
-
-	<dependencies>
-		<dependency>
-			<groupId>org.springframework</groupId>
-			<artifactId>spring-webmvc</artifactId>
-			<version>${org.springframework.version}</version>
-			<exclusions>
-				<exclusion>
-					<groupId>commons-logging</groupId>
-					<artifactId>commons-logging</artifactId>
-				</exclusion>
-			</exclusions>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-web</artifactId>
-			<version>${spring.security.version}</version>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-config</artifactId>
-			<version>${spring.security.version}</version>
-		</dependency>
-		<dependency>
-			<groupId>javax.servlet</groupId>
-			<artifactId>javax.servlet-api</artifactId>
-			<version>${java.servlet.version}</version>
-			<scope>provided</scope>
-		</dependency>
-
-		<dependency>
-			<groupId>org.springframework</groupId>
-			<artifactId>spring-test</artifactId>
-			<version>${org.springframework.version}</version>
-			<scope>test</scope>
-		</dependency>
-
-		<dependency>
-			<groupId>com.fasterxml.jackson.core</groupId>
-			<artifactId>jackson-databind</artifactId>
-			<version>2.8.1</version>
-		</dependency>
-		<dependency>
-			<groupId>ch.qos.logback</groupId>
-			<artifactId>logback-classic</artifactId>
-			<version>1.1.7</version>
-		</dependency>
-		<dependency>
-			<groupId>org.slf4j</groupId>
-			<artifactId>jcl-over-slf4j</artifactId>
-			<version>1.7.20</version>
-		</dependency>
-
-	</dependencies>
-
 	<build>
-		<finalName>AbacSpringSecurity</finalName>
 		<plugins>
-			<plugin>
-				<artifactId>maven-war-plugin</artifactId>
-				<version>2.6</version>
-				<configuration>
-					<failOnMissingWebXml>false</failOnMissingWebXml>
-				</configuration>
-			</plugin>
-
 			<plugin>
 				<artifactId>maven-compiler-plugin</artifactId>
 				<version>3.5.1</version>

sample-issue-tracker/.gitignore

@@ -0,0 +1,7 @@
+# Maven
+/target/
+
+# Eclipse
+.classpath
+.project
+.settings/