import com.nailabs.abac.credential.*;
import com.nailabs.abac.process.*;
import com.nailabs.abac.trust.*;
import com.nailabs.abac.test.*;
import edu.stanford.peer.rbtm.credential.*;
import java.io.*;
import java.text.*;
import java.util.*;
import java.rmi.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class AccessMediator implements Filter {
private Entity eid = null;
private EntityExpression target = null;
NegotiatorFactory clientFactory = null;
private FilterConfig conf = null;
Calendar cal = Calendar.getInstance();
DateFormat formatter = DateFormat.getDateInstance(DateFormat.FULL);
/** maximum no. of rmi lookup retries if a remote exception occurs */
private int MAX_RETRIES = 1;
private void getClientFactory(String hostName) {
StringBuffer url = new StringBuffer("//");
url.append(hostName).append("/");
url.append("ClientAuthenticationService");
//url.append("ClientRTMLService");
System.out.println("Attempting to contact" + url);
try {
clientFactory =
(NegotiatorFactory)Naming.lookup(url.toString());
}
catch(Exception ex) {
ex.printStackTrace();
}
}
private Negotiator getClient(String host, String client,
RMINegotiator me)
{
for(int i = 0; i < MAX_RETRIES; i++) {
try {
return (Negotiator)clientFactory.getNegotiator(client, me);
}
catch(Exception ex) {
ex.printStackTrace();
getClientFactory(host);
}
}
return null;
}
/** shared configuration hash table */
HashMap map = null;
public void init(FilterConfig config) throws ServletException {
String hashCode = config.getInitParameter("EntityHash");
String shortName = config.getInitParameter("EntityName");
String cfile = config.getInitParameter("PolicyFile");
String targetName = config.getInitParameter("PrimaryRole");
map = FrontierManager.loadConfiguration(cfile);
//map = RtmlTest.loadConfiguration(cfile);
config.getServletContext().log("map = " + map);
conf = config;
conf.getServletContext().log("Loading new filter for " + shortName +
" from " + cfile + " with role " +
targetName + "\n");
//RtmlFrontier.addFrontier(map);
FrontierManager.addFrontier(map);
//ResourcePolicy resourcePolicy =
// (ResourcePolicy)map.get("ResourcePolicy");
try {
//eid = new RtmlEntity(shortName, hashCode);
//target = resourcePolicy.requires(targetName);
eid = new SimpleEntity(shortName);
target = StaticCredential.getRole(targetName);
System.out.println("Frontiers: " +
FrontierManager.getFrontiers().toString());
//Iterator i = FrontierManager.getFrontiers().iterator();
}
catch(Exception ex) {
ex.printStackTrace();
}
}
public void destroy() { }
public RtmlEntity getEntityId(HttpServletRequest request) {
final String KEY = "EntityID";
final String HASH = "HashID";
String shortName = null;
String hashCode = null;
HttpSession session = request.getSession();
shortName = request.getParameter("id");
hashCode = request.getParameter("hash");
if(session.isNew()) { // new id bootstrapped
session.setAttribute(KEY, shortName);
} else if(shortName != null) { // forcing a new id manually
session.invalidate();
session = request.getSession();
session.setAttribute(KEY, shortName);
session.setAttribute(HASH, hashCode);
} else { // use the session's entity id value
shortName = (String)session.getAttribute(KEY);
hashCode = (String)session.getAttribute(HASH);
}
try {
System.out.println("Using RtmlEntity = " + shortName + "(" +
hashCode + ")");
return new RtmlEntity(shortName, hashCode);
} catch(Exception ex) {
ex.printStackTrace();
}
return null;
}
public Entity getEntity(HttpServletRequest request) {
final String KEY = "EntityID";
String shortName = null;
HttpSession session = request.getSession();
shortName = request.getParameter("id");
if(session.isNew()) { // new id bootstrapped
session.setAttribute(KEY, shortName);
} else if(shortName != null) { // forcing a new id manually
session.invalidate();
session = request.getSession();
session.setAttribute(KEY, shortName);
} else { // use the session's entity id value
shortName = (String)session.getAttribute(KEY);
}
try {
System.out.println("Using SimpleEntity = " + shortName);
SimpleEntity id = new SimpleEntity(shortName);
return (Entity)id;
} catch(Exception ex) {
ex.printStackTrace();
}
return null;
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws java.io.IOException, ServletException {
Entity peer = getEntity((HttpServletRequest)request);
//RtmlEntity peer = getEntityId((HttpServletRequest)request);
System.out.print("Filtering request from id = " + peer );
System.out.println(" for resource of " + eid.toString());
HashMap localMap = (HashMap)map.clone();
localMap.put("peer", peer);
NegotiationContext context = new NegotiationContext(map);
boolean success = false;
if(peer == null) {
printMessage(response.getWriter(),
"Authentication required!
");
return;
}
try {
String host = request.getRemoteHost();
RMINegotiator agent = new RMINegotiator(context);
//context.getGraph().addObserver(observer);
Negotiator peerAgent = getClient(host, peer.toString(), agent);
for(int i = 0; i < 4 && peerAgent == null; i++) {
peerAgent = getClient(host, peer.toString(), agent);
}
Entity realPeer = peerAgent.getSelf();
TrustTarget primary = new TrustTarget(eid, target, realPeer);
agent.setPeer(peerAgent);
agent.setRoot(primary);
success = agent.negotiate();
}
catch(Exception ex) {
ex.printStackTrace();
}
// allow or block this servlet
if(!success) {
printMessage(response.getWriter(),
"Sorry, page cannot be displayed!
");
return;
}
chain.doFilter(request, response);
}
protected void printExpiration(PrintWriter out) {
out.print("");
}
protected void printMessage(PrintWriter out, String body) {
out.print("\n\t\n\t");
printExpiration(out);
out.println("\t\n\t");
out.println(body);
out.println("\t\n");
out.flush();
return;
}
}