From b2f9275f2c929f4c0df33e1dfd5911502d3d3888 Mon Sep 17 00:00:00 2001 From: cdanger Date: Sat, 13 Feb 2021 22:52:58 +0100 Subject: [PATCH 01/18] updating poms for 4.0.2-SNAPSHOT development --- cxf-spring-boot-server/pom.xml | 4 ++-- jaxrs/pom.xml | 2 +- pom.xml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cxf-spring-boot-server/pom.xml b/cxf-spring-boot-server/pom.xml index be75a75..f241264 100644 --- a/cxf-spring-boot-server/pom.xml +++ b/cxf-spring-boot-server/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-restful-pdp - 4.0.1-SNAPSHOT + 4.0.2-SNAPSHOT authzforce-ce-restful-pdp-cxf-spring-boot-server ${project.groupId}:${project.artifactId} @@ -24,7 +24,7 @@ org.ow2.authzforce authzforce-ce-restful-pdp-jaxrs - 4.0.1-SNAPSHOT + 4.0.2-SNAPSHOT org.apache.cxf diff --git a/jaxrs/pom.xml b/jaxrs/pom.xml index acd71df..2b5ed07 100644 --- a/jaxrs/pom.xml +++ b/jaxrs/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-restful-pdp - 4.0.1-SNAPSHOT + 4.0.2-SNAPSHOT authzforce-ce-restful-pdp-jaxrs ${project.groupId}:${project.artifactId} diff --git a/pom.xml b/pom.xml index 8ab7d3b..1e987cf 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ 8.0.0 authzforce-ce-restful-pdp - 4.0.1-SNAPSHOT + 4.0.2-SNAPSHOT pom ${project.groupId}:${project.artifactId} AuthzForce - Parent Project of RESTful PDP API implementation according to REST Profile of XACML 3.0 From 4337dc801e2c30a982ec9cc585997f24cf677500 Mon Sep 17 00:00:00 2001 From: cdanger Date: Sat, 13 Feb 2021 22:59:30 +0100 Subject: [PATCH 02/18] updating develop poms to master versions to avoid merge conflicts --- cxf-spring-boot-server/pom.xml | 4 ++-- jaxrs/pom.xml | 2 +- pom.xml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cxf-spring-boot-server/pom.xml b/cxf-spring-boot-server/pom.xml index f241264..c5a050a 100644 --- a/cxf-spring-boot-server/pom.xml +++ b/cxf-spring-boot-server/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-restful-pdp - 4.0.2-SNAPSHOT + 4.0.1 authzforce-ce-restful-pdp-cxf-spring-boot-server ${project.groupId}:${project.artifactId} @@ -24,7 +24,7 @@ org.ow2.authzforce authzforce-ce-restful-pdp-jaxrs - 4.0.2-SNAPSHOT + 4.0.1 org.apache.cxf diff --git a/jaxrs/pom.xml b/jaxrs/pom.xml index 2b5ed07..f6e2752 100644 --- a/jaxrs/pom.xml +++ b/jaxrs/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-restful-pdp - 4.0.2-SNAPSHOT + 4.0.1 authzforce-ce-restful-pdp-jaxrs ${project.groupId}:${project.artifactId} diff --git a/pom.xml b/pom.xml index 1e987cf..9f498e0 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ 8.0.0 authzforce-ce-restful-pdp - 4.0.2-SNAPSHOT + 4.0.1 pom ${project.groupId}:${project.artifactId} AuthzForce - Parent Project of RESTful PDP API implementation according to REST Profile of XACML 3.0 From 6da9157bff6a1f3da7234da3700c1241c0f56af1 Mon Sep 17 00:00:00 2001 From: cdanger Date: Sat, 13 Feb 2021 22:59:31 +0100 Subject: [PATCH 03/18] Updating develop poms back to pre merge state --- cxf-spring-boot-server/pom.xml | 4 ++-- jaxrs/pom.xml | 2 +- pom.xml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cxf-spring-boot-server/pom.xml b/cxf-spring-boot-server/pom.xml index c5a050a..f241264 100644 --- a/cxf-spring-boot-server/pom.xml +++ b/cxf-spring-boot-server/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-restful-pdp - 4.0.1 + 4.0.2-SNAPSHOT authzforce-ce-restful-pdp-cxf-spring-boot-server ${project.groupId}:${project.artifactId} @@ -24,7 +24,7 @@ org.ow2.authzforce authzforce-ce-restful-pdp-jaxrs - 4.0.1 + 4.0.2-SNAPSHOT org.apache.cxf diff --git a/jaxrs/pom.xml b/jaxrs/pom.xml index f6e2752..2b5ed07 100644 --- a/jaxrs/pom.xml +++ b/jaxrs/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-restful-pdp - 4.0.1 + 4.0.2-SNAPSHOT authzforce-ce-restful-pdp-jaxrs ${project.groupId}:${project.artifactId} diff --git a/pom.xml b/pom.xml index 9f498e0..1e987cf 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ 8.0.0 authzforce-ce-restful-pdp - 4.0.1 + 4.0.2-SNAPSHOT pom ${project.groupId}:${project.artifactId} AuthzForce - Parent Project of RESTful PDP API implementation according to REST Profile of XACML 3.0 From 6d312974c52eeebad7c87d67a20e3ab86a8a19a5 Mon Sep 17 00:00:00 2001 From: Cyril Dangerville <1372580+cdanger@users.noreply.github.com> Date: Fri, 19 Mar 2021 10:54:16 +0100 Subject: [PATCH 04/18] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 83c608a..6ce97c1 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ See [AuthzForce Core features](https://github.com/authzforce/core#features) for See [AuthzForce Core limitations](https://github.com/authzforce/core#limitations). ## System requirements -Java (JRE) 8 or later. +Java (JRE) 11 or later. ## Versions From 5ff1258fd06f874c5cf386a7287a4ec5f2d47219 Mon Sep 17 00:00:00 2001 From: Cyril Dangerville <1372580+cdanger@users.noreply.github.com> Date: Thu, 27 May 2021 11:53:42 +0200 Subject: [PATCH 05/18] Fixed link to Maven Central --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6ce97c1..c7183f0 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ See the [change log](CHANGELOG.md) following the *Keep a CHANGELOG* [conventions See the [license file](LICENSE). ## Getting started -Get the [latest executable jar](http://central.maven.org/maven2/org/ow2/authzforce/authzforce-ce-restful-pdp-cxf-spring-boot-server/) from Maven Central with groupId/artifactId = `org.ow2.authzforce`/`authzforce-ce-restful-pdp-cxf-spring-boot-server`. +Get the [latest executable jar](https://repo1.maven.org/maven2/org/ow2/authzforce/authzforce-ce-restful-pdp-cxf-spring-boot-server/) from Maven Central with groupId/artifactId = `org.ow2.authzforce`/`authzforce-ce-restful-pdp-cxf-spring-boot-server`. Make sure it is executable (replace `M.m.p` with the current version): From c7c2ed0b786497b1135c9c26292ad43af571b018 Mon Sep 17 00:00:00 2001 From: Cyril Dangerville <1372580+cdanger@users.noreply.github.com> Date: Thu, 27 May 2021 11:56:53 +0200 Subject: [PATCH 06/18] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c7183f0..88b56f1 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ See the [change log](CHANGELOG.md) following the *Keep a CHANGELOG* [conventions See the [license file](LICENSE). ## Getting started -Get the [latest executable jar](https://repo1.maven.org/maven2/org/ow2/authzforce/authzforce-ce-restful-pdp-cxf-spring-boot-server/) from Maven Central with groupId/artifactId = `org.ow2.authzforce`/`authzforce-ce-restful-pdp-cxf-spring-boot-server`. +Get the [latest executable jar](https://repo1.maven.org/maven2/org/ow2/authzforce/authzforce-ce-restful-pdp-cxf-spring-boot-server/) from Maven Central with groupId/artifactId = `org.ow2.authzforce`/`authzforce-ce-restful-pdp-cxf-spring-boot-server`. The name of the JAR is `authzforce-ce-restful-pdp-cxf-spring-boot-server-X.X.X.jar` (replace X.X.X with the latest version). Make sure it is executable (replace `M.m.p` with the current version): From 5092587cb2c2aac1253ea32d0b66cf61ddf9714f Mon Sep 17 00:00:00 2001 From: Cyril Dangerville <1372580+cdanger@users.noreply.github.com> Date: Thu, 27 May 2021 11:57:48 +0200 Subject: [PATCH 07/18] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 88b56f1..0f87636 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ See the [change log](CHANGELOG.md) following the *Keep a CHANGELOG* [conventions See the [license file](LICENSE). ## Getting started -Get the [latest executable jar](https://repo1.maven.org/maven2/org/ow2/authzforce/authzforce-ce-restful-pdp-cxf-spring-boot-server/) from Maven Central with groupId/artifactId = `org.ow2.authzforce`/`authzforce-ce-restful-pdp-cxf-spring-boot-server`. The name of the JAR is `authzforce-ce-restful-pdp-cxf-spring-boot-server-X.X.X.jar` (replace X.X.X with the latest version). +Get the [latest executable jar](https://repo1.maven.org/maven2/org/ow2/authzforce/authzforce-ce-restful-pdp-cxf-spring-boot-server/) from Maven Central with groupId/artifactId = `org.ow2.authzforce`/`authzforce-ce-restful-pdp-cxf-spring-boot-server`. The name of the JAR is `authzforce-ce-restful-pdp-cxf-spring-boot-server-M.m.p.jar` (replace `M.m.p` with the latest version). Make sure it is executable (replace `M.m.p` with the current version): From de963f90e5f29600f151c681f90a34647ef10809 Mon Sep 17 00:00:00 2001 From: Cyril Dangerville <1372580+cdanger@users.noreply.github.com> Date: Thu, 27 May 2021 12:34:41 +0200 Subject: [PATCH 08/18] Update pdp.xml --- cxf-spring-boot-server/src/test/resources/server/pdp.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cxf-spring-boot-server/src/test/resources/server/pdp.xml b/cxf-spring-boot-server/src/test/resources/server/pdp.xml index 1026428..15b6196 100644 --- a/cxf-spring-boot-server/src/test/resources/server/pdp.xml +++ b/cxf-spring-boot-server/src/test/resources/server/pdp.xml @@ -6,11 +6,11 @@ ${PARENT_DIR}/IIA001/Policy.xml - + urn:ow2:authzforce:feature:pdp:request-preproc:xacml-xml:default-lax urn:ow2:authzforce:feature:pdp:request-preproc:xacml-json:default-lax urn:ow2:authzforce:feature:pdp:result-postproc:xacml-json:default - \ No newline at end of file + From 7ae96ea861591c6423d3e006edfda3f22fbd32bf Mon Sep 17 00:00:00 2001 From: Cyril Dangerville <1372580+cdanger@users.noreply.github.com> Date: Fri, 28 May 2021 01:29:02 +0200 Subject: [PATCH 09/18] Update pdp.xml --- cxf-spring-boot-server/src/test/resources/server/pdp.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cxf-spring-boot-server/src/test/resources/server/pdp.xml b/cxf-spring-boot-server/src/test/resources/server/pdp.xml index 15b6196..68dd1fa 100644 --- a/cxf-spring-boot-server/src/test/resources/server/pdp.xml +++ b/cxf-spring-boot-server/src/test/resources/server/pdp.xml @@ -6,10 +6,11 @@ ${PARENT_DIR}/IIA001/Policy.xml - + urn:ow2:authzforce:feature:pdp:request-preproc:xacml-xml:default-lax + urn:ow2:authzforce:feature:pdp:request-preproc:xacml-json:default-lax urn:ow2:authzforce:feature:pdp:result-postproc:xacml-json:default From a0f1dc845745762b53421b2feb1b0ad6fd6cdc91 Mon Sep 17 00:00:00 2001 From: Cyril Dangerville <1372580+cdanger@users.noreply.github.com> Date: Fri, 10 Dec 2021 01:30:26 +0100 Subject: [PATCH 10/18] Update README.md --- README.md | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/README.md b/README.md index 0f87636..7b2acd0 100644 --- a/README.md +++ b/README.md @@ -84,6 +84,45 @@ In order to use them, put the extension JAR(s) into an `extensions` folder in th $ java -Dloader.path=extensions -jar authzforce-ce-restful-pdp-cxf-spring-boot-server-M.m.p.jar ``` +### Example with MongoDBPolicyProvider extension +To use the Policy Provider for policies stored in MongoDB, please make sure the JAR with the MongoDB policy provider, i.e. the `authzforce-ce-core-pdp-testutils` module (in the **same version** as `authzforce-ce-core-pdp-engine` that is already included in AuthzForce RESTful PDP) is on the classpath, eg. in the *extensions* folder mentioned above, with *and all its required dependencies*. The main dependencies (looking at the pom of `pdp-testutils` module) in Maven terms are: + +```xml + + org.jongo + jongo + + ${jongo.version} + + + org.mongodb + mongo-java-driver + + ${mongo-java-driver.version} + +``` + +These dependencies have dependencies as well, so make sure to include them all, if not already on the classpath. (There is a way to assemble all jars in a dependency tree automatically with Maven.) + +Then do steps 2 to 4 of [Using Policy Providers](https://github.com/authzforce/core/wiki/Policy-Providers#using-policy-providers), that is to say: +1. Add this import to PDP extensions schema (`pdp-ext.xsd`) to allow using the extension(s) from the `authzforce-ce-core-pdp-testutils` module in PDP configuration: + ```xml + + ``` +1. Add an entry to the XML catalog (`catalog.xml`) to locate the schema corresponding to this namespace: + ```xml + + ``` +1. Add the `policyProvider` element to the PDP configuration (`pdp.xml`), using the new namespace above, like in [this example](https://github.com/authzforce/core/blob/master/pdp-testutils/src/test/resources/org/ow2/authzforce/core/pdp/testutil/test/pdp.xml) (follow the link). You should have something like this in the end: + +```xml + + + + root + +``` + ## Vulnerability reporting If you want to report a vulnerability, you must do so on the [OW2 Issue Tracker](https://gitlab.ow2.org/authzforce/restful-pdp/issues) and when creating the issue, check the box labeled **"This issue is confidential and should only be visible to team members with at least Reporter access"**. Then, if the AuthzForce team can confirm it, they will make it public and set a fix version. From 470e04e16d3bbac4637155fac375e53a4ff40454 Mon Sep 17 00:00:00 2001 From: Cyril Dangerville <1372580+cdanger@users.noreply.github.com> Date: Fri, 10 Dec 2021 01:40:49 +0100 Subject: [PATCH 11/18] Update README.md --- README.md | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/README.md b/README.md index 7b2acd0..8c82fa0 100644 --- a/README.md +++ b/README.md @@ -113,15 +113,7 @@ Then do steps 2 to 4 of [Using Policy Providers](https://github.com/authzforce/c ```xml ``` -1. Add the `policyProvider` element to the PDP configuration (`pdp.xml`), using the new namespace above, like in [this example](https://github.com/authzforce/core/blob/master/pdp-testutils/src/test/resources/org/ow2/authzforce/core/pdp/testutil/test/pdp.xml) (follow the link). You should have something like this in the end: - -```xml - - - - root - -``` +1. Add the `policyProvider` element to the PDP configuration (`pdp.xml`), using the new namespace above, like in [this example](https://github.com/authzforce/core/blob/master/pdp-testutils/src/test/resources/org/ow2/authzforce/core/pdp/testutil/test/pdp.xml) (follow the link). ## Vulnerability reporting If you want to report a vulnerability, you must do so on the [OW2 Issue Tracker](https://gitlab.ow2.org/authzforce/restful-pdp/issues) and when creating the issue, check the box labeled **"This issue is confidential and should only be visible to team members with at least Reporter access"**. Then, if the AuthzForce team can confirm it, they will make it public and set a fix version. From 46ab75607273ab238349356f4d32a431a4bfdfe8 Mon Sep 17 00:00:00 2001 From: Cyril Dangerville <1372580+cdanger@users.noreply.github.com> Date: Fri, 10 Dec 2021 01:51:35 +0100 Subject: [PATCH 12/18] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 8c82fa0..e24e46f 100644 --- a/README.md +++ b/README.md @@ -115,6 +115,8 @@ Then do steps 2 to 4 of [Using Policy Providers](https://github.com/authzforce/c ``` 1. Add the `policyProvider` element to the PDP configuration (`pdp.xml`), using the new namespace above, like in [this example](https://github.com/authzforce/core/blob/master/pdp-testutils/src/test/resources/org/ow2/authzforce/core/pdp/testutil/test/pdp.xml) (follow the link). +[More info](https://github.com/authzforce/core/wiki/Policy-Providers#more-info-on-the-mongodbpolicyprovider). + ## Vulnerability reporting If you want to report a vulnerability, you must do so on the [OW2 Issue Tracker](https://gitlab.ow2.org/authzforce/restful-pdp/issues) and when creating the issue, check the box labeled **"This issue is confidential and should only be visible to team members with at least Reporter access"**. Then, if the AuthzForce team can confirm it, they will make it public and set a fix version. From 2486891eeb5a960fe7e2e81dbdedbd73fde84991 Mon Sep 17 00:00:00 2001 From: cdanger Date: Mon, 7 Feb 2022 23:15:15 +0100 Subject: [PATCH 13/18] - Upgraded authzforce-ce-parent to 8.2.0, authzforce-ce-core to 19.0.0, Apache CXF to 3.5.0, authzforce-ce-jaxrs-utils to 2.0.3, testng to 6.14.3 --- CONTRIBUTING.md | 5 +++-- docker/pdp/conf/pdp.xml | 2 +- jaxrs/pom.xml | 12 +++++++++--- .../pdp/jaxrs/test/XacmlRestProfileJaxRsTest.java | 15 ++++++--------- jaxrs/src/test/resources/GH-9/pdp.xml | 8 ++++++++ jaxrs/src/test/resources/catalog.xml | 11 +++++++++++ jaxrs/src/test/resources/pdp-ext.xsd | 10 ++++++++++ jaxrs/src/test/suites/conformance.xml | 2 +- jaxrs/src/test/suites/regression.xml | 12 ++++++++++++ pom.xml | 13 +------------ 10 files changed, 62 insertions(+), 28 deletions(-) create mode 100644 jaxrs/src/test/resources/GH-9/pdp.xml create mode 100644 jaxrs/src/test/resources/catalog.xml create mode 100644 jaxrs/src/test/resources/pdp-ext.xsd create mode 100644 jaxrs/src/test/suites/regression.xml diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 30fb9e4..b1e8c08 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -19,10 +19,11 @@ 1. Connect and log in to the OSS Nexus Repository Manager: https://oss.sonatype.org/ 1. Go to Staging Profiles and select the pending repository authzforce-*... you just uploaded with `jgitflow:release-finish` 1. Click the Release button to release to Maven Central. -1. Build the Docker image +1. Build and publish the Docker image to Docker Hub ```shell $ docker build -t authzforce/restful-pdp:${project.version} . - $ docker push + $ docker login + $ docker push authzforce/restful-pdp:${project.version} ``` More info on jgitflow: http://jgitflow.bitbucket.org/ diff --git a/docker/pdp/conf/pdp.xml b/docker/pdp/conf/pdp.xml index 37ba5bb..2b29101 100644 --- a/docker/pdp/conf/pdp.xml +++ b/docker/pdp/conf/pdp.xml @@ -1,5 +1,5 @@ - diff --git a/jaxrs/pom.xml b/jaxrs/pom.xml index 2b5ed07..dc95f8d 100644 --- a/jaxrs/pom.xml +++ b/jaxrs/pom.xml @@ -17,7 +17,7 @@ ${git.url.base}/restful-pdp/jaxrs - 17.0.0 + 19.0.0 @@ -33,12 +33,18 @@ org.ow2.authzforce authzforce-ce-jaxrs-utils - 2.0.0 + 2.0.3 + + + org.ow2.authzforce + authzforce-ce-core-pdp-testutils + ${authzforce-ce-core.version} + test org.testng testng - 6.11 + 6.14.3 test diff --git a/jaxrs/src/test/java/org/ow2/authzforce/rest/pdp/jaxrs/test/XacmlRestProfileJaxRsTest.java b/jaxrs/src/test/java/org/ow2/authzforce/rest/pdp/jaxrs/test/XacmlRestProfileJaxRsTest.java index 908befd..2a4505f 100644 --- a/jaxrs/src/test/java/org/ow2/authzforce/rest/pdp/jaxrs/test/XacmlRestProfileJaxRsTest.java +++ b/jaxrs/src/test/java/org/ow2/authzforce/rest/pdp/jaxrs/test/XacmlRestProfileJaxRsTest.java @@ -29,12 +29,8 @@ import org.ow2.authzforce.xacml.json.model.LimitsCheckingJSONObject; import org.ow2.authzforce.xacml.json.model.XacmlJsonUtils; import org.testng.Assert; -import org.testng.annotations.AfterClass; -import org.testng.annotations.BeforeClass; -import org.testng.annotations.Test; +import org.testng.annotations.*; -import java.io.FileInputStream; -import java.io.FileNotFoundException; import java.io.FileReader; import java.io.IOException; import java.nio.charset.StandardCharsets; @@ -63,9 +59,9 @@ public class XacmlRestProfileJaxRsTest private static Server server; - private static void startServer() throws Exception + private static void startServer(String pdpConfigLocation) throws Exception { - final PdpEngineConfiguration pdpConf = PdpEngineConfiguration.getInstance("src/test/resources/pdp.xml"); + final PdpEngineConfiguration pdpConf = PdpEngineConfiguration.getInstance(pdpConfigLocation, "src/test/resources/catalog.xml", "src/test/resources/pdp-ext.xsd"); /* * See also http://cxf.apache.org/docs/secure-jax-rs-services.html */ @@ -83,10 +79,11 @@ private static void startServer() throws Exception server = sf.create(); } + @Parameters("pdp_config_location") @BeforeClass - public static void initialize() throws Exception + public static void initialize(@Optional("src/test/resources/pdp.xml") String pdpConfigLocation) throws Exception { - startServer(); + startServer(pdpConfigLocation); } @AfterClass diff --git a/jaxrs/src/test/resources/GH-9/pdp.xml b/jaxrs/src/test/resources/GH-9/pdp.xml new file mode 100644 index 0000000..9f4ed9c --- /dev/null +++ b/jaxrs/src/test/resources/GH-9/pdp.xml @@ -0,0 +1,8 @@ + + + + root + + diff --git a/jaxrs/src/test/resources/catalog.xml b/jaxrs/src/test/resources/catalog.xml new file mode 100644 index 0000000..e59a9d7 --- /dev/null +++ b/jaxrs/src/test/resources/catalog.xml @@ -0,0 +1,11 @@ + + + + + + + + + diff --git a/jaxrs/src/test/resources/pdp-ext.xsd b/jaxrs/src/test/resources/pdp-ext.xsd new file mode 100644 index 0000000..b21e4db --- /dev/null +++ b/jaxrs/src/test/resources/pdp-ext.xsd @@ -0,0 +1,10 @@ + + + + + Schemas of enabled AuthzForce PDP engine extensions, such as attribute providers. + + + + + \ No newline at end of file diff --git a/jaxrs/src/test/suites/conformance.xml b/jaxrs/src/test/suites/conformance.xml index 0044457..c390c8b 100644 --- a/jaxrs/src/test/suites/conformance.xml +++ b/jaxrs/src/test/suites/conformance.xml @@ -3,7 +3,7 @@ - + diff --git a/jaxrs/src/test/suites/regression.xml b/jaxrs/src/test/suites/regression.xml new file mode 100644 index 0000000..f4f647a --- /dev/null +++ b/jaxrs/src/test/suites/regression.xml @@ -0,0 +1,12 @@ + + + + + + + + + + + + diff --git a/pom.xml b/pom.xml index 1e987cf..15fe75f 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-parent - 8.0.0 + 8.2.0 authzforce-ce-restful-pdp 4.0.2-SNAPSHOT @@ -28,17 +28,6 @@ - - - - - junit - junit - 4.13.1 - - - - jaxrs cxf-spring-boot-server From 5ae4558cc6ebba50513d44bd3dbbdce314f622b4 Mon Sep 17 00:00:00 2001 From: cdanger Date: Mon, 7 Feb 2022 23:18:22 +0100 Subject: [PATCH 14/18] updating poms for 5.0.0 branch with snapshot versions --- cxf-spring-boot-server/pom.xml | 4 ++-- jaxrs/pom.xml | 2 +- pom.xml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cxf-spring-boot-server/pom.xml b/cxf-spring-boot-server/pom.xml index f241264..726d226 100644 --- a/cxf-spring-boot-server/pom.xml +++ b/cxf-spring-boot-server/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-restful-pdp - 4.0.2-SNAPSHOT + 5.0.0-SNAPSHOT authzforce-ce-restful-pdp-cxf-spring-boot-server ${project.groupId}:${project.artifactId} @@ -24,7 +24,7 @@ org.ow2.authzforce authzforce-ce-restful-pdp-jaxrs - 4.0.2-SNAPSHOT + 5.0.0-SNAPSHOT org.apache.cxf diff --git a/jaxrs/pom.xml b/jaxrs/pom.xml index dc95f8d..60cdbdf 100644 --- a/jaxrs/pom.xml +++ b/jaxrs/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-restful-pdp - 4.0.2-SNAPSHOT + 5.0.0-SNAPSHOT authzforce-ce-restful-pdp-jaxrs ${project.groupId}:${project.artifactId} diff --git a/pom.xml b/pom.xml index 15fe75f..31ee140 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ 8.2.0 authzforce-ce-restful-pdp - 4.0.2-SNAPSHOT + 5.0.0-SNAPSHOT pom ${project.groupId}:${project.artifactId} AuthzForce - Parent Project of RESTful PDP API implementation according to REST Profile of XACML 3.0 From 8d58afe4e4bf887f1c70cee690d66980443081c5 Mon Sep 17 00:00:00 2001 From: cdanger Date: Tue, 8 Feb 2022 00:24:16 +0100 Subject: [PATCH 15/18] - Prepared changelog and Docker files for next release --- CHANGELOG.md | 38 +++++++++++++++++++++++++++++++ cxf-spring-boot-server/Dockerfile | 2 +- docker/docker-compose.yml | 2 +- 3 files changed, 40 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5dc4ea1..7194c84 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,44 @@ All notable changes to this project are documented in this file following the [K Issues reported on [GitHub](https://github.com/authzforce/core/issues) are referenced in the form of `[GH-N]`, where N is the issue number. Issues reported on [OW2](https://jira.ow2.org/browse/AUTHZFORCE/) are mentioned in the form of `[OW2-N]`, where N is the issue number. +## 5.0.0 +### Changed +- **PDP configuration XML schema changed: follow [AuthzForce Core migration instructions](https://github.com/authzforce/core/blob/develop/MIGRATION.md#migration-from-version-17x-to-18x) to migrate your old PDP configuration(s) (`pdp.xml`) to the new schema.** + - Target namespace changed to `http://authzforce.github.io/core/xmlns/pdp/8` + - `useStandardDatatypes` replaced with `standardDatatypesEnabled`; + - `useStandardFunctions` replaced with `standardFunctionsEnabled` + - `useStandardCombiningAlgorithms` replaced with `standardCombiningAlgorithmsEnabled` + - `enableXPath` replaced with `xPathEnabled` + - `standardEnvAttributeSource` replaced with `standardAttributeProvidersEnabled` and new `attributeProvider` type `StdEnvAttributeProviderDescriptor`. More info in [AuthzForce Core README](https://github.com/authzforce/core#providing-current-datetime-current-date-and-current-time-attributes). + - `pdp/@version` attribute changed from required to optional with default value `8.1` +- Parent project `authzforce-ce-parent` upgraded to 8.2.0: +- Dependencies upgraded: + - `authzforce-ce-core-pdp-engine`/`authzforce-ce-core-pdp-io-xacml-json`: 19.0.0 + - `authzforce-ce-core-pdp-api`: 20.0.0 + - `authzforce-ce-jaxrs-utils`: 2.0.3 + - `authzforce-ce-xacml-json-model`: 3.0.4 + - Saxon-HE: 10.6 + - Guava: 31.0 + - Apache CXF: 3.5.0 + - Spring Boot: 2.6.1 + - Spring Core: 5.2.14 + - SLF4J: 1.7.32 + - `jaxb2-basics-runtime`: 0.12.0 + - `javax.mail`: 1.6.2 + +- API changes: + + - For better support of XACML standard Multiple Decision Profile, request evaluation methods of the following PDP extensions now take an extra optional parameter (`Optional`) for the Multiple Decision Request context: `CombiningAlg`, `Function`, `NamedAttributeProvider`, `PolicyProvider`. + +### Added +- XACML JSON Profile feature: support for JSON Objects in XACML/JSON Attribute Values (linked to issue authzforce/server#61 ), allowing for complex structures (JSON objects) as data types +- Support for `` equivalent in ``/`` elements: this feature is a workaround for a limitation in XACML schema which is not allowing Variables (``) in `Match` elements; i.e. the feature allows policy writers to use an equivalent of ``s in `` elements (without changing the XACML schema) through a special kind of `` (in a specific `Category`, and `AttributeId` is used as `VariableId`). More info in [AuthzForce Core README](https://github.com/authzforce/core#using-variables-variablereference-in-targetmatch). + +### Fixed +- Loading XACML/JSON schemas offline (linked to issue authzforce/server#64) +- CVE-2021-22118, CVE-2021-22696 and CVE-2021-3046 + + ## 4.0.1 ### Fixed - Dockerfile diff --git a/cxf-spring-boot-server/Dockerfile b/cxf-spring-boot-server/Dockerfile index b1748ad..ce3a1bf 100644 --- a/cxf-spring-boot-server/Dockerfile +++ b/cxf-spring-boot-server/Dockerfile @@ -12,7 +12,7 @@ VOLUME /tmp RUN addgroup --system spring && adduser --system --home /home/spring --ingroup spring --disabled-password spring USER spring:spring WORKDIR /home/spring -ARG JAR_FILE=target/*-4.0.1.jar +ARG JAR_FILE=target/*-5.0.0.jar COPY ${JAR_FILE} /app.jar # COPY extensions /extensions diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 61f0e40..e17b158 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -6,7 +6,7 @@ services: pdp: # depends_on: # - iam - image: authzforce/restful-pdp:4.0.1 + image: authzforce/restful-pdp:5.0.0 ports: - "8080:8080" From ede870235570d4c81eda32d035535f24a664f58a Mon Sep 17 00:00:00 2001 From: cdanger Date: Tue, 8 Feb 2022 00:24:35 +0100 Subject: [PATCH 16/18] updating poms for branch'release/5.0.0' with non-snapshot versions --- cxf-spring-boot-server/pom.xml | 4 ++-- jaxrs/pom.xml | 2 +- pom.xml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cxf-spring-boot-server/pom.xml b/cxf-spring-boot-server/pom.xml index 726d226..af80098 100644 --- a/cxf-spring-boot-server/pom.xml +++ b/cxf-spring-boot-server/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-restful-pdp - 5.0.0-SNAPSHOT + 5.0.0 authzforce-ce-restful-pdp-cxf-spring-boot-server ${project.groupId}:${project.artifactId} @@ -24,7 +24,7 @@ org.ow2.authzforce authzforce-ce-restful-pdp-jaxrs - 5.0.0-SNAPSHOT + 5.0.0 org.apache.cxf diff --git a/jaxrs/pom.xml b/jaxrs/pom.xml index 60cdbdf..eab8630 100644 --- a/jaxrs/pom.xml +++ b/jaxrs/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-restful-pdp - 5.0.0-SNAPSHOT + 5.0.0 authzforce-ce-restful-pdp-jaxrs ${project.groupId}:${project.artifactId} diff --git a/pom.xml b/pom.xml index 31ee140..b260de2 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ 8.2.0 authzforce-ce-restful-pdp - 5.0.0-SNAPSHOT + 5.0.0 pom ${project.groupId}:${project.artifactId} AuthzForce - Parent Project of RESTful PDP API implementation according to REST Profile of XACML 3.0 From e40b531823a57d3c0b529fc0cf25157e2036a2e0 Mon Sep 17 00:00:00 2001 From: cdanger Date: Tue, 8 Feb 2022 02:25:34 +0100 Subject: [PATCH 17/18] - Upgraded authzforce-ce-parent: 8.2.1 - Upgraded tomcat-embed-core: 9.0.58 - Added dependencyManagement for spring-boot-dependencies:2.6.3 to override v2.6.1 dependency of cxf-spring-boot-starter-jaxrs:3.5.0 - Prepared changelog and Docker files for next release --- cxf-spring-boot-server/pom.xml | 26 +++++++++++++++++-- .../springboot/CxfJaxrsPdpSpringBootApp.java | 4 +-- .../src/main/resources/pdp.xml | 3 +-- .../test/XacmlRestProfileJaxRsTest.java | 4 +-- .../src/test/resources/server/pdp.xml | 3 +-- .../authzforce/rest/pdp/jaxrs/PdpBundle.java | 20 +++++++------- .../rest/pdp/jaxrs/XacmlPdpResource.java | 4 +-- .../jaxrs/test/XacmlRestProfileJaxRsTest.java | 4 +-- jaxrs/src/test/resources/pdp.xml | 2 +- pom.xml | 2 +- 10 files changed, 45 insertions(+), 27 deletions(-) diff --git a/cxf-spring-boot-server/pom.xml b/cxf-spring-boot-server/pom.xml index af80098..fddd012 100644 --- a/cxf-spring-boot-server/pom.xml +++ b/cxf-spring-boot-server/pom.xml @@ -17,9 +17,31 @@ ${git.url.base}/restful-pdp/cxf-spring-boot-server - - 9.0.41 + 9.0.58 + + + + org.springframework.boot + spring-boot-dependencies + + ${spring-boot-starter.version} + pom + import + + + + org.skyscreamer + jsonassert + + + com.jayway.jsonpath + json-path + + + + + org.ow2.authzforce diff --git a/cxf-spring-boot-server/src/main/java/org/ow2/authzforce/rest/pdp/cxf/springboot/CxfJaxrsPdpSpringBootApp.java b/cxf-spring-boot-server/src/main/java/org/ow2/authzforce/rest/pdp/cxf/springboot/CxfJaxrsPdpSpringBootApp.java index 76c2b39..41831d9 100644 --- a/cxf-spring-boot-server/src/main/java/org/ow2/authzforce/rest/pdp/cxf/springboot/CxfJaxrsPdpSpringBootApp.java +++ b/cxf-spring-boot-server/src/main/java/org/ow2/authzforce/rest/pdp/cxf/springboot/CxfJaxrsPdpSpringBootApp.java @@ -1,5 +1,5 @@ -/** - * Copyright (C) 2012-2021 THALES. +/* + * Copyright (C) 2012-2022 THALES. * * This file is part of AuthzForce CE. * diff --git a/cxf-spring-boot-server/src/main/resources/pdp.xml b/cxf-spring-boot-server/src/main/resources/pdp.xml index 71416be..6a4ce9a 100644 --- a/cxf-spring-boot-server/src/main/resources/pdp.xml +++ b/cxf-spring-boot-server/src/main/resources/pdp.xml @@ -1,8 +1,7 @@ + xmlns="http://authzforce.github.io/core/xmlns/pdp/8" maxVariableRefDepth="10" maxPolicyRefDepth="10"> diff --git a/cxf-spring-boot-server/src/test/java/org/ow2/authzforce/rest/pdp/cxf/springboot/test/XacmlRestProfileJaxRsTest.java b/cxf-spring-boot-server/src/test/java/org/ow2/authzforce/rest/pdp/cxf/springboot/test/XacmlRestProfileJaxRsTest.java index 20f9ed4..e05cb5a 100644 --- a/cxf-spring-boot-server/src/test/java/org/ow2/authzforce/rest/pdp/cxf/springboot/test/XacmlRestProfileJaxRsTest.java +++ b/cxf-spring-boot-server/src/test/java/org/ow2/authzforce/rest/pdp/cxf/springboot/test/XacmlRestProfileJaxRsTest.java @@ -1,5 +1,5 @@ -/** - * Copyright (C) 2012-2021 THALES. +/* + * Copyright (C) 2012-2022 THALES. * * This file is part of AuthzForce CE. * diff --git a/cxf-spring-boot-server/src/test/resources/server/pdp.xml b/cxf-spring-boot-server/src/test/resources/server/pdp.xml index 68dd1fa..c5efd27 100644 --- a/cxf-spring-boot-server/src/test/resources/server/pdp.xml +++ b/cxf-spring-boot-server/src/test/resources/server/pdp.xml @@ -1,6 +1,5 @@ - + ${PARENT_DIR}/IIA001/Policy.xml diff --git a/jaxrs/src/main/java/org/ow2/authzforce/rest/pdp/jaxrs/PdpBundle.java b/jaxrs/src/main/java/org/ow2/authzforce/rest/pdp/jaxrs/PdpBundle.java index c356adb..854cca6 100644 --- a/jaxrs/src/main/java/org/ow2/authzforce/rest/pdp/jaxrs/PdpBundle.java +++ b/jaxrs/src/main/java/org/ow2/authzforce/rest/pdp/jaxrs/PdpBundle.java @@ -1,5 +1,5 @@ -/** - * Copyright 2012-2021 THALES. +/* + * Copyright 2012-2022 THALES. * * This file is part of AuthzForce CE. * @@ -17,18 +17,12 @@ */ package org.ow2.authzforce.rest.pdp.jaxrs; -import java.io.IOException; -import java.util.Map; -import java.util.Map.Entry; - import oasis.names.tc.xacml._3_0.core.schema.wd_17.Request; import oasis.names.tc.xacml._3_0.core.schema.wd_17.Response; - import org.json.JSONObject; import org.ow2.authzforce.core.pdp.api.CloseablePdpEngine; import org.ow2.authzforce.core.pdp.api.DecisionRequestPreprocessor; import org.ow2.authzforce.core.pdp.api.DecisionResultPostprocessor; -import org.ow2.authzforce.core.pdp.api.XmlUtils; import org.ow2.authzforce.core.pdp.api.io.BaseXacmlJaxbResultPostprocessor; import org.ow2.authzforce.core.pdp.api.io.PdpEngineInoutAdapter; import org.ow2.authzforce.core.pdp.api.value.AttributeValueFactoryRegistry; @@ -39,6 +33,10 @@ import org.ow2.authzforce.core.pdp.io.xacml.json.BaseXacmlJsonResultPostprocessor; import org.ow2.authzforce.core.pdp.io.xacml.json.SingleDecisionXacmlJsonRequestPreprocessor; +import java.io.IOException; +import java.util.Map; +import java.util.Map.Entry; + /** * Bundle containing the PDP engine with associated adapters * @@ -73,12 +71,12 @@ public PdpBundle(final PdpEngineConfiguration pdpConf, final boolean enableXacml final int clientReqErrVerbosityLevel = pdpConf.getClientRequestErrorVerbosityLevel(); final AttributeValueFactoryRegistry attValFactoryRegistry = pdpConf.getAttributeValueFactoryRegistry(); final boolean isStrictAttIssuerMatchEnabled = pdpConf.isStrictAttributeIssuerMatchEnabled(); - final boolean isXpathEnabled = pdpConf.isXpathEnabled(); + final boolean isXpathEnabled = pdpConf.isXPathEnabled(); - this.xacmlJaxbIoAdapter = PdpEngineAdapters.newInoutAdapter(Request.class, Response.class, engine, ioProcChains, extraPdpFeatures -> SingleDecisionXacmlJaxbRequestPreprocessor.LaxVariantFactory.INSTANCE.getInstance(attValFactoryRegistry, isStrictAttIssuerMatchEnabled, isXpathEnabled, XmlUtils.SAXON_PROCESSOR, + this.xacmlJaxbIoAdapter = PdpEngineAdapters.newInoutAdapter(Request.class, Response.class, engine, ioProcChains, extraPdpFeatures -> SingleDecisionXacmlJaxbRequestPreprocessor.LaxVariantFactory.INSTANCE.getInstance(attValFactoryRegistry, isStrictAttIssuerMatchEnabled, isXpathEnabled, extraPdpFeatures), () -> new BaseXacmlJaxbResultPostprocessor(clientReqErrVerbosityLevel)); - this.xacmlJsonIoAdapter = enableXacmlJsonProfile ? PdpEngineAdapters.newInoutAdapter(JSONObject.class, JSONObject.class, engine, ioProcChains, extraPdpFeatures -> SingleDecisionXacmlJsonRequestPreprocessor.LaxVariantFactory.INSTANCE.getInstance(attValFactoryRegistry, isStrictAttIssuerMatchEnabled, isXpathEnabled, XmlUtils.SAXON_PROCESSOR, + this.xacmlJsonIoAdapter = enableXacmlJsonProfile ? PdpEngineAdapters.newInoutAdapter(JSONObject.class, JSONObject.class, engine, ioProcChains, extraPdpFeatures -> SingleDecisionXacmlJsonRequestPreprocessor.LaxVariantFactory.INSTANCE.getInstance(attValFactoryRegistry, isStrictAttIssuerMatchEnabled, isXpathEnabled, extraPdpFeatures), () -> new BaseXacmlJsonResultPostprocessor(clientReqErrVerbosityLevel)) : null; } diff --git a/jaxrs/src/main/java/org/ow2/authzforce/rest/pdp/jaxrs/XacmlPdpResource.java b/jaxrs/src/main/java/org/ow2/authzforce/rest/pdp/jaxrs/XacmlPdpResource.java index 73ce447..130c80f 100644 --- a/jaxrs/src/main/java/org/ow2/authzforce/rest/pdp/jaxrs/XacmlPdpResource.java +++ b/jaxrs/src/main/java/org/ow2/authzforce/rest/pdp/jaxrs/XacmlPdpResource.java @@ -1,5 +1,5 @@ -/** - * Copyright 2012-2021 THALES. +/* + * Copyright 2012-2022 THALES. * * This file is part of AuthzForce CE. * diff --git a/jaxrs/src/test/java/org/ow2/authzforce/rest/pdp/jaxrs/test/XacmlRestProfileJaxRsTest.java b/jaxrs/src/test/java/org/ow2/authzforce/rest/pdp/jaxrs/test/XacmlRestProfileJaxRsTest.java index 2a4505f..44883f0 100644 --- a/jaxrs/src/test/java/org/ow2/authzforce/rest/pdp/jaxrs/test/XacmlRestProfileJaxRsTest.java +++ b/jaxrs/src/test/java/org/ow2/authzforce/rest/pdp/jaxrs/test/XacmlRestProfileJaxRsTest.java @@ -1,5 +1,5 @@ -/** - * Copyright 2012-2021 THALES. +/* + * Copyright 2012-2022 THALES. * * This file is part of AuthzForce CE. * diff --git a/jaxrs/src/test/resources/pdp.xml b/jaxrs/src/test/resources/pdp.xml index 4f1e44e..7f9cc18 100644 --- a/jaxrs/src/test/resources/pdp.xml +++ b/jaxrs/src/test/resources/pdp.xml @@ -1,5 +1,5 @@ - + ${PARENT_DIR}/IIA001/Policy.xml diff --git a/pom.xml b/pom.xml index b260de2..7002456 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-parent - 8.2.0 + 8.2.1 authzforce-ce-restful-pdp 5.0.0 From 79704968e35f6f7b5fdf95093d99cc68f8848ee5 Mon Sep 17 00:00:00 2001 From: cdanger Date: Tue, 8 Feb 2022 02:26:09 +0100 Subject: [PATCH 18/18] - Updated changelog --- CHANGELOG.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7194c84..5c2b730 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,7 +14,7 @@ Issues reported on [GitHub](https://github.com/authzforce/core/issues) are refer - `enableXPath` replaced with `xPathEnabled` - `standardEnvAttributeSource` replaced with `standardAttributeProvidersEnabled` and new `attributeProvider` type `StdEnvAttributeProviderDescriptor`. More info in [AuthzForce Core README](https://github.com/authzforce/core#providing-current-datetime-current-date-and-current-time-attributes). - `pdp/@version` attribute changed from required to optional with default value `8.1` -- Parent project `authzforce-ce-parent` upgraded to 8.2.0: +- Parent project `authzforce-ce-parent` upgraded to 8.2.1: - Dependencies upgraded: - `authzforce-ce-core-pdp-engine`/`authzforce-ce-core-pdp-io-xacml-json`: 19.0.0 - `authzforce-ce-core-pdp-api`: 20.0.0 @@ -23,11 +23,12 @@ Issues reported on [GitHub](https://github.com/authzforce/core/issues) are refer - Saxon-HE: 10.6 - Guava: 31.0 - Apache CXF: 3.5.0 - - Spring Boot: 2.6.1 + - Spring Boot: 2.6.3 - Spring Core: 5.2.14 - SLF4J: 1.7.32 - `jaxb2-basics-runtime`: 0.12.0 - `javax.mail`: 1.6.2 + - `tomcat-embed-core`: 9.0.58 - API changes: