finished access controller, accessed it from command invoker and

configured everything within onlinebku 

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@14 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4

10 files changed, 344 insertions, 148 deletions

diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java
new file mode 100644
index 00000000..404e254e
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java
@@ -0,0 +1,48 @@
+package at.gv.egiz.bku.online.accesscontroller;

+

+import java.io.IOException;

+

+import org.apache.commons.logging.Log;

+import org.apache.commons.logging.LogFactory;

+import org.springframework.context.ResourceLoaderAware;

+import org.springframework.core.io.Resource;

+import org.springframework.core.io.ResourceLoader;

+

+import at.gv.egiz.bku.accesscontroller.SecurityManagerFacade;

+import at.gv.egiz.bku.online.conf.Configurator;

+

+public class SpringSecurityManager extends SecurityManagerFacade implements

+		ResourceLoaderAware {

+

+	private ResourceLoader resourceLoader;

+

+	private static Log log = LogFactory.getLog(SpringSecurityManager.class);

+

+	protected Configurator config;

+

+	public void setConfig(Configurator config) {

+		this.config = config;

+	}

+

+	public void init() {

+		String noMatch = config.getProperty("AccessController.acceptNoMatch");

+		if (noMatch != null) {

+			log.debug("Setting allow now match to: " + noMatch);

+			setAllowUnmatched(Boolean.getBoolean(noMatch));

+		}

+		String policy = config.getProperty("AccessController.policyResource");

+		log.info("Loading resource: " + policy);

+		try {

+			Resource res = resourceLoader.getResource(policy);

+			init(res.getInputStream());

+		} catch (IOException e) {

+			log.error(e);

+		}

+	}

+

+	@Override

+	public void setResourceLoader(ResourceLoader loader) {

+		this.resourceLoader = loader;

+	}

+

+}

diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java
index 0cb717c4..f51335e1 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java
@@ -16,29 +16,31 @@
 */
 package at.gv.egiz.bku.online.conf;

 

-import iaik.security.ecc.provider.ECCProvider;

-import iaik.xml.crypto.XSecProvider;

-

-import java.net.HttpURLConnection;

-import java.security.Provider;

-import java.security.Security;

-

-import javax.net.ssl.HttpsURLConnection;

-

-import org.apache.commons.logging.Log;

-import org.apache.commons.logging.LogFactory;

-

-import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider;

+import iaik.security.ecc.provider.ECCProvider;
+import iaik.xml.crypto.XSecProvider;
+
+import java.net.HttpURLConnection;
+import java.security.Provider;
+import java.security.Security;
+import java.util.Properties;
+
+import javax.net.ssl.HttpsURLConnection;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider;
 

 /**

  * 

  * TODO currently only the code to get started.  

  */

 public class Configurator {

-  private Log log = LogFactory.getLog(Configurator.class);

+  private Log log = LogFactory.getLog(Configurator.class);
+  
+  protected Properties properties;

 

   public Configurator() {

-    configure();

   }

 

   protected void configUrlConnections() {

@@ -63,7 +65,18 @@ public class Configurator {
   public void configure() {

     configureProviders();

     configUrlConnections();

-

   }

-

+
+  public void setConfiguration(Properties props) {
+  	this.properties = props;
+  	configure();
+  }
+  
+  public String getProperty(String key) {
+  	if (properties != null) {
+  		return properties.getProperty(key);
+  	}
+  	return null;
+  }
+  

 }

diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java
new file mode 100644
index 00000000..96588d7d
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java
@@ -0,0 +1,27 @@
+package at.gv.egiz.bku.online.conf;

+

+import java.io.IOException;

+import java.util.Properties;

+

+import org.apache.commons.logging.Log;

+import org.apache.commons.logging.LogFactory;

+import org.springframework.core.io.Resource;

+

+public class SpringConfigurator extends Configurator {

+

+	private final static Log log = LogFactory.getLog(SpringConfigurator.class);

+

+	public void setResource(Resource resource) {

+		log.debug("Loading config from: " + resource);

+		if (resource != null) {

+			Properties props = new Properties();

+			try {

+				props.load(resource.getInputStream());

+				super.setConfiguration(props);

+			} catch (IOException e) {

+				log.error("Cannot load config", e);

+			}

+		}

+	}

+

+}

diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java
index 53a7c164..20320d8e 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java
@@ -1,91 +1,88 @@
 /*
-* Copyright 2008 Federal Chancellery Austria and
-* Graz University of Technology
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*     http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
-package at.gv.egiz.bku.online.webapp;

-

-import java.util.Enumeration;

-import java.util.HashMap;

-import java.util.Locale;

-import java.util.Map;

-

-import javax.servlet.ServletException;

-import javax.servlet.http.HttpServletRequest;

-import javax.servlet.http.HttpServletResponse;

-import javax.servlet.http.HttpSession;

-

-import org.apache.commons.logging.Log;

-import org.apache.commons.logging.LogFactory;

-

-import at.gv.egiz.bku.binding.HTTPBindingProcessor;

-import at.gv.egiz.bku.binding.HttpUtil;

-import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage;

-

-/**

- * Handles SL requests and instantiates BindingProcessors 

- *

- */

-public class BKURequestHandler extends SpringBKUServlet {

-

-  public final static String REDIRECT_URL ="appletPage.jsp";

-

-  protected Log log = LogFactory.getLog(BKURequestHandler.class);

-

-  protected void doPost(HttpServletRequest req, HttpServletResponse resp)

-      throws ServletException, java.io.IOException {

-    log.debug("Got new request");

-    String lang = req.getHeader("Accept-Language");

-    Locale locale = AcceptLanguage.getLocale(lang);

-    log.debug("Using locale: "+locale);

-    HttpSession session = req.getSession();

-    if (session != null) {

-      session.invalidate();

-    }

-    String id = req.getSession(true).getId();

-    log.debug("Using session id: "+id);

-    HTTPBindingProcessor bindingProcessor;

-    if (req.isSecure()) {

-      bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager()

-          .createBindingProcessor("https", id, locale);

-    } else {

-      bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager()

-          .createBindingProcessor("http", id, locale);

-    }

-    Map<String, String> headerMap = new HashMap<String, String>();

-    for (Enumeration<String> headerName = req.getHeaderNames(); headerName

-        .hasMoreElements();) {

-      String header = headerName.nextElement();

-      if (header != null) {

-        headerMap.put(header, req.getHeader(header));

-      }

-    }

-    String charset = req.getCharacterEncoding();

-    String contentType = req.getContentType();

-    if (charset != null) {

-      contentType += ";"+charset;

-    }

-    headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType);

-    bindingProcessor.setHTTPHeaders(headerMap);

-    bindingProcessor.consumeRequestStream(req.getInputStream());

-    req.getInputStream().close();

-    getBindingProcessorManager().process(bindingProcessor);

-    resp.sendRedirect(REDIRECT_URL);

-  }

-

-  protected void doGet(HttpServletRequest req, HttpServletResponse resp)

-      throws ServletException, java.io.IOException {

-    doPost(req, resp);

-  }

-}

+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.online.webapp;
+
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Locale;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.bku.binding.HTTPBindingProcessor;
+import at.gv.egiz.bku.binding.HttpUtil;
+import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage;
+
+/**
+ * Handles SL requests and instantiates BindingProcessors
+ * 
+ */
+public class BKURequestHandler extends SpringBKUServlet {
+
+	public final static String REDIRECT_URL = "appletPage.jsp";
+
+	protected Log log = LogFactory.getLog(BKURequestHandler.class);
+
+	protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+			throws ServletException, java.io.IOException {
+		log.debug("Got new request");
+		String lang = req.getHeader("Accept-Language");
+		Locale locale = AcceptLanguage.getLocale(lang);
+		log.debug("Using locale: " + locale);
+		HttpSession session = req.getSession();
+		if (session != null) {
+			session.invalidate();
+		}
+		String id = req.getSession(true).getId();
+		log.debug("Using session id: " + id);
+		HTTPBindingProcessor bindingProcessor;
+
+		bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager()
+				.createBindingProcessor(req.getRequestURL().toString(), id, locale);
+
+		Map<String, String> headerMap = new HashMap<String, String>();
+		for (Enumeration<String> headerName = req.getHeaderNames(); headerName
+				.hasMoreElements();) {
+			String header = headerName.nextElement();
+			if (header != null) {
+				headerMap.put(header, req.getHeader(header));
+			}
+		}
+		String charset = req.getCharacterEncoding();
+		String contentType = req.getContentType();
+		if (charset != null) {
+			contentType += ";" + charset;
+		}
+		headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType);
+		bindingProcessor.setHTTPHeaders(headerMap);
+		bindingProcessor.consumeRequestStream(req.getInputStream());
+		req.getInputStream().close();
+		getBindingProcessorManager().process(bindingProcessor);
+		resp.sendRedirect(REDIRECT_URL);
+	}
+
+	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+			throws ServletException, java.io.IOException {
+		doPost(req, resp);
+	}
+}
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml
new file mode 100644
index 00000000..15d62155
--- /dev/null
+++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<AccessControl>

+	<Chains>

+		<Chain Id="InputChain">

+			<Rules>

+				<Rule Id="rule-1">

+					<AuthClass>certifiedGovAgency</AuthClass>

+					<AnyPeer />

+					<Action>

+						<RuleAction>allow</RuleAction>

+					</Action>

+					<UserInteraction>confirm</UserInteraction>

+				</Rule>

+				<Rule Id="rule-2">

+					<AuthClass>pseudoanonymous</AuthClass>

+					<AnyPeer />

+					<Action>

+						<ChainRef>Command</ChainRef>

+					</Action>

+					<UserInteraction>none</UserInteraction>

+				</Rule>

+				<Rule Id="rule-3">

+					<AuthClass>anonymous</AuthClass>

+					<IPv4Address>127.0.0.1</IPv4Address>

+					<Action>

+						<ChainRef>Command</ChainRef>

+					</Action>

+					<UserInteraction>none</UserInteraction>

+				</Rule>

+				<Rule Id="rule-4">

+					<AuthClass>anonymous</AuthClass>

+					<DomainName>$.gv.at</DomainName>

+					<Action>

+						<RuleAction>allow</RuleAction>

+					</Action>

+					<UserInteraction>confirm</UserInteraction>

+				</Rule>

+			</Rules>

+		</Chain>

+		<Chain Id="Command">

+			<Rules>

+				<Rule Id="cmd-rule-1">

+					<AuthClass>certified</AuthClass>

+					<AnyPeer />

+					<Command Name="Infobox*">

+						<Param Name="InfoboxIdentifier">IdentityLink</Param>

+						<Param Name="PersonIdentifier">.*</Param>

+					</Command>

+					<Action>

+						<RuleAction>allow</RuleAction>

+					</Action>

+					<UserInteraction>confirm</UserInteraction>

+				</Rule>

+				<Rule Id="cmd-rule-2">

+					<AuthClass>certified</AuthClass>

+					<URL>https://finanzonline.bmf.gv.at/*

+					</URL>

+					<Command Name="InfoboxReadRequest">

+						<Param Name="InfoboxIdentifier">Mandates</Param>

+						<Param Name="PersonIdentifier">.*</Param>

+					</Command>

+					<Action>

+						<RuleAction>allow</RuleAction>

+					</Action>

+					<UserInteraction>info</UserInteraction>

+				</Rule>

+				<Rule Id="cmd-rule-3">

+					<AuthClass>certified</AuthClass>

+					<AnyPeer />

+					<Command Name="InfoboxReadRequest" />

+					<Action>

+						<RuleAction>allow</RuleAction>

+					</Action>

+					<UserInteraction>none</UserInteraction>

+				</Rule>

+				<Rule Id="cmd-rule-4">

+					<AuthClass>anonymous</AuthClass>

+					<AnyPeer />

+					<Command Name="InfoboxReadRequest" />

+					<IPv4Address>127.0.0.1</IPv4Address>

+					<Action>

+						<RuleAction>allow</RuleAction>

+					</Action>

+					<UserInteraction>none</UserInteraction>

+				</Rule>

+			</Rules>

+		</Chain>

+		<Chain Id="OutputChain">

+			<Rules>

+				<Rule Id="out-1">

+					<Action>

+						<RuleAction>allow</RuleAction>

+					</Action>

+				</Rule>

+			</Rules>

+		</Chain>

+	</Chains>

+</AccessControl>

diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties
new file mode 100644
index 00000000..12deac35
--- /dev/null
+++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties
@@ -0,0 +1,3 @@
+# Configuration for online CCE

+AccessController.acceptUnmatched=false

+AccessController.policyResource=classpath:at/gv/egiz/bku/online/conf/accessControlConfig.xml
\ No newline at end of file
diff --git a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml
index 7a2f12b8..c5da25c0 100644
--- a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml
@@ -1,43 +1,53 @@
 <?xml version="1.0" encoding="UTF-8"?>

-<!--
-  Copyright 2008 Federal Chancellery Austria and
-  Graz University of Technology
-
-  Licensed under the Apache License, Version 2.0 (the "License");
-  you may not use this file except in compliance with the License.
-  You may obtain a copy of the License at
-
-      http://www.apache.org/licenses/LICENSE-2.0
-
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS,
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"

-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"

-  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd">

-  <bean id="STALFactory" class="at.gv.egiz.stal.service.impl.RequestBrokerSTALFactory"

-    scope="singleton" />

-  <bean id="commandInvoker" class="at.gv.egiz.bku.binding.SLCommandInvokerImpl" />

-  <bean id="bindingProcessorManager" class="at.gv.egiz.bku.binding.BindingProcessorManagerImpl"

-    scope="singleton">

-    <constructor-arg ref="STALFactory"></constructor-arg>

-    <constructor-arg ref="commandInvoker"></constructor-arg>

-  </bean>

-  <bean

-    class="org.springframework.web.context.support.ServletContextAttributeExporter">

-    <property name="attributes">

-      <map>

-        <entry key="bindingProcessorManager">

-          <ref bean="bindingProcessorManager" />

-        </entry>

-      </map>

-    </property>

-  </bean>

-  <!-- Configure Configuration -->

-  <bean id="configurator" class="at.gv.egiz.bku.online.conf.Configurator"

-    scope="singleton">

-  </bean>

+	<!--

+		Copyright 2008 Federal Chancellery Austria and Graz University of

+		Technology Licensed under the Apache License, Version 2.0 (the

+		"License"); you may not use this file except in compliance with the

+		License. You may obtain a copy of the License at

+		http://www.apache.org/licenses/LICENSE-2.0 Unless required by

+		applicable law or agreed to in writing, software distributed under the

+		License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR

+		CONDITIONS OF ANY KIND, either express or implied. See the License for

+		the specific language governing permissions and limitations under the

+		License.

+	-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd">

+

+	<bean id="STALFactory" class="at.gv.egiz.stal.service.impl.RequestBrokerSTALFactory"

+		scope="singleton" />

+

+	<bean id="accessController" class="at.gv.egiz.bku.online.accesscontroller.SpringSecurityManager"

+		scope="singleton" init-method="init">

+		<property name="config" ref="configurator"/>

+		</bean>

+

+	<bean id="commandInvoker" class="at.gv.egiz.bku.binding.SLCommandInvokerImpl">

+		<property name="securityManager" ref="accessController" />

+	</bean>

+

+	<bean id="bindingProcessorManager" class="at.gv.egiz.bku.binding.BindingProcessorManagerImpl"

+		scope="singleton">

+		<constructor-arg ref="STALFactory"></constructor-arg>

+		<constructor-arg ref="commandInvoker"></constructor-arg>

+	</bean>

+

+	<bean

+		class="org.springframework.web.context.support.ServletContextAttributeExporter">

+		<property name="attributes">

+			<map>

+				<entry key="bindingProcessorManager">

+					<ref bean="bindingProcessorManager" />

+				</entry>

+			</map>

+		</property>

+	</bean>

+

+	<!-- Configure Configuration -->

+	<bean id="configurator" class="at.gv.egiz.bku.online.conf.SpringConfigurator"

+		scope="singleton">

+		<property name="resource" value="classpath:at/gv/egiz/bku/online/conf/defaultConf.properties"/>

+	</bean>

+

 </beans>
\ No newline at end of file
diff --git a/BKUOnline/src/main/webapp/applet/BKUApplet-1.0-SNAPSHOT.jar b/BKUOnline/src/main/webapp/applet/BKUApplet-1.0-SNAPSHOT.jar
new file mode 100644
index 00000000..986842db
--- /dev/null
+++ b/BKUOnline/src/main/webapp/applet/BKUApplet-1.0-SNAPSHOT.jar
diff --git a/BKUOnline/src/main/webapp/applet/commons-logging-1.1.1.jar b/BKUOnline/src/main/webapp/applet/commons-logging-1.1.1.jar
new file mode 100644
index 00000000..1deef144
--- /dev/null
+++ b/BKUOnline/src/main/webapp/applet/commons-logging-1.1.1.jar
diff --git a/BKUOnline/src/main/webapp/applet/iaik_jce_me4se-3.04.jar b/BKUOnline/src/main/webapp/applet/iaik_jce_me4se-3.04.jar
new file mode 100644
index 00000000..f2173562
--- /dev/null
+++ b/BKUOnline/src/main/webapp/applet/iaik_jce_me4se-3.04.jar