diff --git a/extensions/extensions-docker/aissemble-policy-decision-point/src/main/resources/authorization/attributes/test-attributes.json b/extensions/extensions-docker/aissemble-policy-decision-point/src/main/resources/authorization/attributes/test-attributes.json index af8319a89..9eb062e4f 100644 --- a/extensions/extensions-docker/aissemble-policy-decision-point/src/main/resources/authorization/attributes/test-attributes.json +++ b/extensions/extensions-docker/aissemble-policy-decision-point/src/main/resources/authorization/attributes/test-attributes.json @@ -4,6 +4,6 @@ "category": "subject", "type": "boolean", "required": "false", - "attributePointClass": "com.boozallen.LocalAttributePoint" + "attributePointClass": "com.boozallen.aissemble.security.LocalAttributePoint" } ] \ No newline at end of file diff --git a/extensions/extensions-docker/aissemble-policy-decision-point/src/main/resources/docker/Dockerfile b/extensions/extensions-docker/aissemble-policy-decision-point/src/main/resources/docker/Dockerfile index 31845b11e..c151c141b 100644 --- a/extensions/extensions-docker/aissemble-policy-decision-point/src/main/resources/docker/Dockerfile +++ b/extensions/extensions-docker/aissemble-policy-decision-point/src/main/resources/docker/Dockerfile @@ -12,7 +12,7 @@ RUN mkdir -p /deployments/krausening/ COPY target/dockerbuild/*.jar /deployments/ COPY ./src/main/resources/truststore/aissemble-secure.jks /deployments/ -COPY ./src/main/resources/krausening/base/aissemble-security.properties /deployments/krausening/ +COPY ./src/main/resources/krausening/base/aiops-security.properties /deployments/krausening/ COPY ./src/main/resources/authorization/policies/test-policy.xml /deployments/ COPY ./src/main/resources/authorization/attributes/test-attributes.json /deployments/ COPY ./src/main/resources/authorization/pdp.xml /deployments/ diff --git a/extensions/extensions-docker/aissemble-policy-decision-point/src/main/resources/krausening/base/aissemble-security.properties b/extensions/extensions-docker/aissemble-policy-decision-point/src/main/resources/krausening/base/aiops-security.properties similarity index 100% rename from extensions/extensions-docker/aissemble-policy-decision-point/src/main/resources/krausening/base/aissemble-security.properties rename to extensions/extensions-docker/aissemble-policy-decision-point/src/main/resources/krausening/base/aiops-security.properties diff --git a/extensions/extensions-docker/aissemble-policy-decision-point/src/main/resources/truststore/aissemble-secure.jks b/extensions/extensions-docker/aissemble-policy-decision-point/src/main/resources/truststore/aissemble-secure.jks index b5b978efa..263cbc79b 100644 Binary files a/extensions/extensions-docker/aissemble-policy-decision-point/src/main/resources/truststore/aissemble-secure.jks and b/extensions/extensions-docker/aissemble-policy-decision-point/src/main/resources/truststore/aissemble-secure.jks differ diff --git a/extensions/extensions-security/extensions-authzforce/src/main/java/com/boozallen/aiops/security/authorization/policy/AiopsAttributeProvider.java b/extensions/extensions-security/extensions-authzforce/src/main/java/com/boozallen/aiops/security/authorization/policy/AiopsAttributeProvider.java index 382ff1ee9..fac84da7b 100644 --- a/extensions/extensions-security/extensions-authzforce/src/main/java/com/boozallen/aiops/security/authorization/policy/AiopsAttributeProvider.java +++ b/extensions/extensions-security/extensions-authzforce/src/main/java/com/boozallen/aiops/security/authorization/policy/AiopsAttributeProvider.java @@ -339,9 +339,9 @@ protected AiopsAttributePoint findAttributePointImplementation(AiopsAttribute at } } } catch (ClassNotFoundException e) { - logger.error("Could not find attribute point '{}' in classpath!", attributePointClassName); + logger.error("Could not find attribute point '{}' in classpath!", attributePointClassName, e); } catch (InstantiationException | IllegalAccessException e) { - logger.error("Could not instantiate attribute point '" + attributePointClassName + "'!", e); + logger.error("Could not instantiate attribute point '{}'!", attributePointClassName, e); } return attributePoint; diff --git a/extensions/extensions-security/extensions-policy-decision-point-service/src/main/java/com/boozallen/LocalAttributePoint.java b/extensions/extensions-security/extensions-policy-decision-point-service/src/main/java/com/boozallen/aissemble/security/LocalAttributePoint.java similarity index 97% rename from extensions/extensions-security/extensions-policy-decision-point-service/src/main/java/com/boozallen/LocalAttributePoint.java rename to extensions/extensions-security/extensions-policy-decision-point-service/src/main/java/com/boozallen/aissemble/security/LocalAttributePoint.java index 492ca69d5..54ad22071 100644 --- a/extensions/extensions-security/extensions-policy-decision-point-service/src/main/java/com/boozallen/LocalAttributePoint.java +++ b/extensions/extensions-security/extensions-policy-decision-point-service/src/main/java/com/boozallen/aissemble/security/LocalAttributePoint.java @@ -1,4 +1,4 @@ -package com.boozallen; +package com.boozallen.aissemble.security; /*- * #%L diff --git a/extensions/extensions-security/extensions-policy-decision-point-service/src/main/java/com/boozallen/PDPHelperResource.java b/extensions/extensions-security/extensions-policy-decision-point-service/src/main/java/com/boozallen/aissemble/security/PDPHelperResource.java similarity index 93% rename from extensions/extensions-security/extensions-policy-decision-point-service/src/main/java/com/boozallen/PDPHelperResource.java rename to extensions/extensions-security/extensions-policy-decision-point-service/src/main/java/com/boozallen/aissemble/security/PDPHelperResource.java index 9df2f8b03..05a903b56 100644 --- a/extensions/extensions-security/extensions-policy-decision-point-service/src/main/java/com/boozallen/PDPHelperResource.java +++ b/extensions/extensions-security/extensions-policy-decision-point-service/src/main/java/com/boozallen/aissemble/security/PDPHelperResource.java @@ -21,6 +21,7 @@ import com.boozallen.aiops.security.authorization.policy.PolicyDecisionPoint; import javax.ws.rs.Consumes; +import javax.ws.rs.GET; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.Produces; @@ -65,4 +66,11 @@ public String authenticate(AuthRequest authRequest) { return jwt; } + + @GET + @Path("/healthcheck") + @Produces(MediaType.TEXT_PLAIN) + public String healthCheck() { + return "PDP Service is running...\n"; + } } diff --git a/foundation/foundation-security/foundation-policy-decision-point/LICENSE.txt b/foundation/foundation-security/foundation-policy-decision-point/LICENSE.txt deleted file mode 100644 index a9bd80cda..000000000 --- a/foundation/foundation-security/foundation-policy-decision-point/LICENSE.txt +++ /dev/null @@ -1,49 +0,0 @@ -Booz Allen Public License v1.0 ------------------------------- - -INTRODUCTION -The Booz Allen Public License allows government, non-profit academic, other non-profit, and commercial entities access to distinctive, disruptive, and robust code with the goal of Empowering People to Change the World(SM). Products licensed under the Booz Allen Public License are founded on the basis that collective ingenuity can make the largest impact in the community. - -DEFINITIONS -* **Commercial Entity.** “Commercial Entity” means any individual or entity other than a government, non-profit academic, or other non-profit entity. -* **Derivative.** “Derivative” means any work of authorship in Source Code or Object Code form that results from an addition to, deletion from, or modification of the Source Code of the Product. -* **License.** “License” means this Booz Allen Public License. -* **Object Code.** “Object Code” means the form resulting from transformation or translation of Source Code into machine readable code, including but not limited to, compiled object code. -* **Originator.** “Originator” means each individual or legal entity that creates, contributes to the creation of, or owns the Product. -* **Patent Claims.** “Patent Claims” means any patent claim(s) in any patent to which Originator has a right to grant a license that would be infringed by Your making, using, selling, offering for sale, having made, or importing of the Product, but for the grant of this License. -* **Product.** “Product” means the Source Code of the software which the initial Originator made available under this License, and any Derivative of such Source Code. -* **Source Code.** “Source Code” means software in human-readable form. -* **You.** “You” means either an individual or an entity (if you are taking this license on behalf of an entity) that exercises the rights granted under this License. - -LICENSE -**Government/Non-Profit Academic/Other Non-Profit.** -This Section applies if You are not a Commercial Entity. - -* **License.** Subject to the terms and conditions of this License, each Originator hereby grants You a perpetual, worldwide, non-exclusive, royalty-free license to reproduce, display, perform, modify, distribute and otherwise use the Product and Derivatives, in Source Code and Object Code form, in accordance with the terms and conditions of this License in order to support the general public good and for your internal business purposes. -* **Distribution.** You may distribute to third parties copies of the Product, including any Derivative that You create, in Source Code or Object Code form. If You distribute copies of the Product, including any Derivative that You create, in Source Code form, such distribution must be under the terms of this License and You must inform recipients of the Source Code that the Product is governed under this License and how they can obtain a copy of this License. You may distribute to third parties copies of the Product, including any Derivative that You create, in Object Code form, or allow third parties to access or use the Product, including any Derivative that You create, under a license of Your choice. -* **Commercial Sales.** You may not distribute, or allow third parties to access or use, the Product or any Derivative for a fee, unless You first obtain permission from the Originator. If Booz Allen Hamilton is the Originator, please contact Booz Allen Hamilton at . - -**Commercial Entities**. -This Section applies if You are a Commercial Entity. - -* **License.** Subject to the terms and conditions of this License, each Originator hereby grants You a perpetual, worldwide, non-exclusive, royalty-free license to reproduce, display, perform, modify, distribute and otherwise use the Product and Derivatives, in Source Code and Object Code form, in accordance with the terms and conditions of this License for the sole purpose of Your internal business purposes and the provision of services to government, non-profit academic, and other non-profit entities. -* **Distribution and Derivatives.** You may distribute to third parties copies of the Product, including any Derivative that You create, in Source Code or Object Code form. If You distribute copies of the Product, including any Derivative that You create, in Source Code form, such distribution must be under the terms of this License and You must inform recipients of the Source Code that the Product is governed under this License and how they can obtain a copy of this License. You may distribute to third parties copies of the Product, including any Derivative that You create, in Object Code form, or allow third parties to access or use the Product, including any Derivative that You create, under a license of Your choice, provided that You make available, and inform the recipient of such distribution how they can obtain, a copy of the Source Code thereof, at no charge, and inform the recipient of the Source Code that the Product is governed under this License and how they can obtain a copy of this License. -* **Commercial Sales.** You may not distribute, or allow third parties to access or use, the Product or any Derivative for a fee, unless You first obtain permission from the Originator. If Booz Allen Hamilton, please contact Booz Allen Hamilton at . - - -**Patent Claim(s)**. -This Section applies regardless of whether You are a government, non-profit academic, or other non-profit entity or a Commercial Entity. - -* **Patent License.** Subject to the limitations in the Sections above, each Originator hereby grants You a perpetual, worldwide, non-exclusive, royalty-free license under Patent Claims of such Originator to make, use, sell, offer for sale, have made, and import the Product. The foregoing patent license does not apply (a) to any code that an Originator has removed from the Product, or (b) for infringement caused by Your modifications of the Product or the combination of any Derivative created by You or on Your behalf with other software. - -GENERAL TERMS -This Section applies regardless of whether You are a government, non-profit academic, or other non-profit entity or a Commercial Entity. - -* **Required Notices.** If You distribute the Product or a Derivative, in Object Code or Source Code form, You shall not remove or otherwise modify any proprietary markings or notices contained within or placed upon the Product or any Derivative. Any distribution of the Product or a Derivative, in Object Code or Source Code form, shall contain a clear and conspicuous Originator copyright and license reference in accordance with the below: - * *Unmodified Product Notice*: “This software package is licensed under the Booz Allen Public License. Copyright © 20__ [Copyright Holder Name]. All Rights Reserved.” - * *Derivative Notice*: “This software package is licensed under the Booz Allen Public License. Portions of this code are Copyright © 20__ [Copyright Holder Name]. All Rights Reserved.” -* **Compliance with Laws.** You agree that You shall not reproduce, display, perform, modify, distribute and otherwise use the Product in any way that violates applicable law or regulation or infringes or violates the rights of others, including, but not limited to, third party intellectual property, privacy, and publicity rights. -* **Disclaimer.** You understand that the Product is licensed to You, and not sold. The Product is provided on an “As Is” basis, without any warranties, representations, and guarantees, whether oral or written, express, implied or statutory, with regard to the Product, including without limitation, warranties of merchantability, fitness for a particular purpose, title, non-infringement, non-interference, and warranties arising from course of dealing or usage of trade, to the maximum extent permitted by applicable law. Originator does not warrant that (i) the Product will meet your needs; (ii) the Product will be error-free or accessible at all times; or (iii) the use or the results of the use of the Product will be correct, accurate, timely, or otherwise reliable. You acknowledge that the Product has not been prepared to meet Your individual requirements, whether or not such requirements have been communicated to Originator. You assume all responsibility for use of the Product. -* **Limitation of Liability.** Under no circumstances and under no legal theory, whether tort (including negligence), contract, or otherwise, shall any Originator, or anyone who distributes the Product in accordance with this License, be liable to You for any direct, indirect, special, incidental, or consequential damages of any character including, without limitation, damages for lost profits, loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses, even if informed of the possibility of such damages. -* **Export Control.** The Product is subject to U.S. export control laws and may be subject to export or import regulations in other countries. You agree to strictly comply with all such laws and regulations and acknowledges that You are responsible for obtaining such licenses to export, re-export, or import as may be required. -* **Severability.** If the application of any provision of this License to any particular facts or circumstances shall be held to be invalid or unenforceable, then the validity and enforceability of other provisions of this License shall not in any way be affected or impaired thereby. diff --git a/foundation/foundation-security/foundation-policy-decision-point/README.md b/foundation/foundation-security/foundation-policy-decision-point/README.md deleted file mode 100644 index 0e790f93f..000000000 --- a/foundation/foundation-security/foundation-policy-decision-point/README.md +++ /dev/null @@ -1 +0,0 @@ -This module runs the framework for the Policy Decision Point diff --git a/foundation/foundation-security/foundation-policy-decision-point/pom.xml b/foundation/foundation-security/foundation-policy-decision-point/pom.xml deleted file mode 100644 index ce716127d..000000000 --- a/foundation/foundation-security/foundation-policy-decision-point/pom.xml +++ /dev/null @@ -1,68 +0,0 @@ - - - 4.0.0 - - com.boozallen.aissemble - foundation-security - 1.8.0-SNAPSHOT - - - foundation-policy-decision-point - - aiSSEMBLE::Foundation::Security::Policy Decision Point (PDP) - Security classes needed for attribute base access control (ABAC) - - - - - com.boozallen.aissemble - bom-component - ${project.version} - pom - import - - - com.boozallen.aissemble - bom-instantiation - ${project.version} - pom - import - - - - - - - io.quarkus - quarkus-resteasy-jackson - - - io.quarkus - quarkus-resteasy - - - - ${project.groupId} - extensions-authzforce - ${project.version} - - - io.quarkus - quarkus-smallrye-metrics - - - - - - - io.quarkus - quarkus-maven-plugin - - - org.apache.maven.plugins - maven-source-plugin - - - - - diff --git a/foundation/foundation-security/foundation-policy-decision-point/src/main/java/com/boozallen/aiops/security/LocalAttributePoint.java b/foundation/foundation-security/foundation-policy-decision-point/src/main/java/com/boozallen/aiops/security/LocalAttributePoint.java deleted file mode 100644 index 251eae839..000000000 --- a/foundation/foundation-security/foundation-policy-decision-point/src/main/java/com/boozallen/aiops/security/LocalAttributePoint.java +++ /dev/null @@ -1,53 +0,0 @@ -package com.boozallen.aiops.security; - -/*- - * #%L - * AIOps Foundation::AIOps Core Security::AIOps Policy Decision Point - * %% - * Copyright (C) 2021 Booz Allen - * %% - * This software package is licensed under the Booz Allen Public License. All Rights Reserved. - * #L% - */ - -import com.boozallen.aiops.security.authorization.policy.AiopsAttributePoint; -import com.boozallen.aiops.security.authorization.policy.AttributeValue; - -import java.util.ArrayList; -import java.util.Collection; - -/** - * Place holder attribute point that just does some local logic to support authorization demonstration. - * This can be replaced with an actual attribute provider. - */ -public class LocalAttributePoint implements AiopsAttributePoint { - - @Override - public Collection> getValueForAttribute(String attributeId, String subject) { - Collection> values = null; - if ("urn:aiops:accessData".equals(attributeId)) { - values = sourceDataAccess(attributeId, subject); - } - - return values; - } - - protected Collection> sourceDataAccess(String attributeId, String subject) { - AttributeValue value = null; - - if ("aiops".equals(subject)) { - value = new AttributeValue(attributeId, true); - } else { - value = new AttributeValue(attributeId, false); - } - - return wrapSingleValueInCollection(value); - } - - private Collection> wrapSingleValueInCollection(AttributeValue value) { - Collection> values = new ArrayList<>(); - values.add(value); - return values; - } -} - diff --git a/foundation/foundation-security/foundation-policy-decision-point/src/main/java/com/boozallen/aiops/security/PDPHelperResource.java b/foundation/foundation-security/foundation-policy-decision-point/src/main/java/com/boozallen/aiops/security/PDPHelperResource.java deleted file mode 100644 index ba34c2356..000000000 --- a/foundation/foundation-security/foundation-policy-decision-point/src/main/java/com/boozallen/aiops/security/PDPHelperResource.java +++ /dev/null @@ -1,57 +0,0 @@ -package com.boozallen.aiops.security; - -/*- - * #%L - * AIOps Foundation::AIOps Core Security::AIOps Policy Decision Point - * %% - * Copyright (C) 2021 Booz Allen - * %% - * This software package is licensed under the Booz Allen Public License. All Rights Reserved. - * #L% - */ - -import com.boozallen.aiops.security.authorization.models.AuthRequest; -import com.boozallen.aiops.security.authorization.models.PDPRequest; -import com.boozallen.aiops.security.authorization.policy.PolicyDecision; -import io.jsonwebtoken.Claims; -import io.jsonwebtoken.Jws; - -import com.boozallen.aiops.security.authorization.AiopsSecureTokenServiceClient; -import com.boozallen.aiops.security.authorization.AiopsSimpleSecureTokenServiceClient; -import com.boozallen.aiops.security.authorization.policy.PolicyDecisionPoint; - -import javax.ws.rs.Consumes; -import javax.ws.rs.POST; -import javax.ws.rs.Path; -import javax.ws.rs.Produces; -import javax.ws.rs.core.MediaType; - -@Path("/api") -public class PDPHelperResource { - private AiopsSecureTokenServiceClient tokenClient = new AiopsSimpleSecureTokenServiceClient(); - private PolicyDecisionPoint pdp = PolicyDecisionPoint.getInstance(); - - @POST - @Path("/pdp") - @Consumes(MediaType.APPLICATION_JSON) - @Produces(MediaType.TEXT_PLAIN) - public String gatPdpDecision(PDPRequest pdpRequest) { - Jws jws = tokenClient.parseToken(pdpRequest.getJwt()); - Claims claims = jws.getBody(); - - PolicyDecision policyDecision = pdp.isAuthorized(claims.getSubject(), pdpRequest.getResource(), pdpRequest.getAction()); - - return policyDecision.toString(); - } - - @POST - @Path("/authenticate") - @Consumes(MediaType.APPLICATION_JSON) - @Produces(MediaType.TEXT_PLAIN) - public String authenticate(AuthRequest authRequest) { - AiopsSecureTokenServiceClient aiopsSecureTokenServiceClient = new AiopsSimpleSecureTokenServiceClient(); - String jwt = aiopsSecureTokenServiceClient.authenticate(authRequest.getUsername(), authRequest.getPassword()); - - return jwt; - } -} diff --git a/foundation/foundation-security/foundation-policy-decision-point/src/main/resources/application.properties b/foundation/foundation-security/foundation-policy-decision-point/src/main/resources/application.properties deleted file mode 100644 index ab12c0f26..000000000 --- a/foundation/foundation-security/foundation-policy-decision-point/src/main/resources/application.properties +++ /dev/null @@ -1,9 +0,0 @@ -### -# #%L -# AIOps Foundation::AIOps Core Security::AIOps Policy Decision Point -# %% -# Copyright (C) 2021 Booz Allen -# %% -# This software package is licensed under the Booz Allen Public License. All Rights Reserved. -# #L% -### diff --git a/foundation/foundation-security/pom.xml b/foundation/foundation-security/pom.xml index 170a3a3ca..67eac3956 100644 --- a/foundation/foundation-security/pom.xml +++ b/foundation/foundation-security/pom.xml @@ -15,7 +15,6 @@ Contains the modules used for security - foundation-policy-decision-point aissemble-foundation-pdp-client-python foundation-pdp-client-java