Skip to content

Commit

Permalink
Merge pull request #236 from boozallen/feature-authz-rename
Browse files Browse the repository at this point in the history
#194 & #216 - Refactored extensions-security modules
  • Loading branch information
habibimoiz authored Jul 29, 2024
2 parents d71cfd3 + d6dec38 commit 9af2b56
Show file tree
Hide file tree
Showing 59 changed files with 920 additions and 288 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ FROM ${docker.baseline.repo.id}/boozallen/aissemble-quarkus:${project.version}
LABEL org.opencontainers.image.source="https://github.com/boozallen/aissemble"

COPY --chown=default ./src/main/resources/truststore/aissemble-secure.jks $JAVA_APP_DIR/
COPY --chown=default ./src/main/resources/krausening/base/aiops-security.properties $JAVA_APP_DIR/krausening/base/
COPY --chown=default ./src/main/resources/krausening/base/aissemble-security.properties $JAVA_APP_DIR/krausening/base/
COPY --chown=default ./src/main/resources/authorization/policies/test-policy.xml $JAVA_APP_DIR/
COPY --chown=default ./src/main/resources/authorization/attributes/test-attributes.json $JAVA_APP_DIR/
COPY --chown=default ./src/main/resources/authorization/pdp.xml $JAVA_APP_DIR/
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,10 @@
<xs:import namespace="http://authzforce.github.io/xmlns/pdp/ext/3" />
<xs:annotation>
<xs:documentation xml:lang="en">
Data Model for the Aiops Attribute Extension
Data Model for the Aissemble Attribute Extension
</xs:documentation>
</xs:annotation>
<xs:complexType name="AiopsAttributeExtension">
<xs:complexType name="AissembleAttributeExtension">
<xs:annotation>
<xs:documentation>
aiSSEMBLE Attribute Extensions. This extension provides easier attribute store configuration for aiSSEMBLE.
Expand Down
10 changes: 5 additions & 5 deletions extensions/extensions-security/extensions-authzforce/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,14 @@ The following tasks will help you add authentication to your module.
- ```keytool -import -file cacert.pem -keystore aissemble-secure.jks -storepass password```
1. Add the jks file to your environment and set the following krausening property to point to your keystore location
- ```keystore.file.location=/path/to/my/keystore.jks```
1. Use one of the authentication methods from com.boozallen.aiops.cookbook.authorization or create your own class that
imlements the AiopsSecureTokenServiceClient interface
1. Use one of the authentication methods from com.boozallen.aissemble.cookbook.authorization or create your own class that
imlements the AissembleSecureTokenServiceClient interface
(_currently we have one for Keycloak and one for simple JWT_)
- Add the following to your code
-
```
AiopsSecureTokenServiceClient aiopsSecureTokenServiceClient = new AiopsSimpleSecureTokenServiceClient();
aiopsSecureTokenServiceClient.authenticate("aiops", "password");
String token = aiopsSecureTokenServiceClient.getJWTToken();
AissembleSecureTokenServiceClient aissembleSecureTokenServiceClient = new AissembleSimpleSecureTokenServiceClient();
aissembleSecureTokenServiceClient.authenticate("aissemble", "password");
String token = aissembleSecureTokenServiceClient.getJWTToken();
```
- You can then use the information contained in the JWT token to allow/deny access
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package com.boozallen.aiops.security.authorization;
package com.boozallen.aissemble.security.authorization;

/*-
* #%L
Expand All @@ -10,7 +10,7 @@
* #L%
*/

import com.boozallen.aiops.security.authorization.policy.ClaimType;
import com.boozallen.aissemble.security.authorization.policy.ClaimType;

/**
* Common aspect of a request for authorization information (e.g., a policy decision, attribute).
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package com.boozallen.aiops.security.authorization;
package com.boozallen.aissemble.security.authorization;

/*-
* #%L
Expand All @@ -18,15 +18,14 @@
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;

import com.boozallen.aissemble.security.config.SecurityConfiguration;
import com.boozallen.aissemble.security.exception.AissembleSecurityException;
import org.aeonbits.owner.KrauseningConfigFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.boozallen.aiops.security.config.SecurityConfiguration;
import com.boozallen.aiops.security.exception.AiopsSecurityException;

/**
* Class to load and hold keystore information for AIOps security.
* Class to load and hold keystore information for aissemble security.
*/
public class AissembleKeyStore {

Expand Down Expand Up @@ -63,7 +62,7 @@ private KeyStore loadKeyStore() {
keyStore.load(new FileInputStream(KEYSTORE_LOCATION), KEYSTORE_PASSWORD.toCharArray());
} catch (Exception e) {
logger.error("Error loading keystore", e);
throw new AiopsSecurityException("Unable to load keystore!", e);
throw new AissembleSecurityException("Unable to load keystore!", e);
}

return keyStore;
Expand All @@ -76,7 +75,7 @@ private X509Certificate getCertificateFromKeyStore(KeyStore keyStore) {
cert = (X509Certificate) keyStore.getCertificate(KEY_ALIAS);
} catch (KeyStoreException e) {
logger.error("Error getting certificate from keystore", e);
throw new AiopsSecurityException("Unable to get certificate from keystore!", e);
throw new AissembleSecurityException("Unable to get certificate from keystore!", e);
}

return cert;
Expand All @@ -89,7 +88,7 @@ private Key getKeyFromKeyStore(KeyStore keyStore) {
key = keyStore.getKey(KEY_ALIAS, KEYSTORE_PASSWORD.toCharArray());
} catch (UnrecoverableKeyException | KeyStoreException | NoSuchAlgorithmException e) {
logger.error("Error getting key from keystore", e);
throw new AiopsSecurityException("Unable to get key from keystore!", e);
throw new AissembleSecurityException("Unable to get key from keystore!", e);
}

return key;
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package com.boozallen.aiops.security.authorization;
package com.boozallen.aissemble.security.authorization;

/*-
* #%L
Expand All @@ -10,8 +10,8 @@
* #L%
*/

import com.boozallen.aiops.security.config.SecurityConfiguration;
import com.boozallen.aiops.security.exception.AiopsSecurityException;
import com.boozallen.aissemble.security.config.SecurityConfiguration;
import com.boozallen.aissemble.security.exception.AissembleSecurityException;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
Expand All @@ -27,9 +27,9 @@
/**
* Client for authenticating via KeyCloak.
*/
public class AiopsKeycloakSecureTokenServiceClient implements AiopsSecureTokenServiceClient {
public class AissembleKeycloakSecureTokenServiceClient implements AissembleSecureTokenServiceClient {

private static final Logger logger = LoggerFactory.getLogger(AiopsKeycloakSecureTokenServiceClient.class);
private static final Logger logger = LoggerFactory.getLogger(AissembleKeycloakSecureTokenServiceClient.class);

private static final SecurityConfiguration configuration = KrauseningConfigFactory.create(SecurityConfiguration.class);

Expand All @@ -54,7 +54,7 @@ public String authenticate(String username, String password) {
} else {
String error = "Authentication is enabled, but user is not authenticated!";
logger.error(error);
throw new AiopsSecurityException(error);
throw new AissembleSecurityException(error);
}
} else {
// TODO: Once authentication and authorization are fully implemented we need to decide what to do if
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package com.boozallen.aiops.security.authorization;
package com.boozallen.aissemble.security.authorization;

/*-
* #%L
Expand All @@ -14,9 +14,9 @@
import io.jsonwebtoken.Jws;

/**
* Interface for an AIOps token service client.
* Interface for an aissemble token service client.
*/
public interface AiopsSecureTokenServiceClient {
public interface AissembleSecureTokenServiceClient {

/**
* Authenticates a user.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package com.boozallen.aiops.security.authorization;
package com.boozallen.aissemble.security.authorization;

/*-
* #%L
Expand All @@ -18,9 +18,9 @@
/**
* Client for authenticating via a simple JWT token.
*/
public class AiopsSimpleSecureTokenServiceClient implements AiopsSecureTokenServiceClient {
public class AissembleSimpleSecureTokenServiceClient implements AissembleSecureTokenServiceClient {

static final Logger logger = LoggerFactory.getLogger(AiopsSimpleSecureTokenServiceClient.class);
static final Logger logger = LoggerFactory.getLogger(AissembleSimpleSecureTokenServiceClient.class);

/**
* {@inheritDoc}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package com.boozallen.aiops.security.authorization;
package com.boozallen.aissemble.security.authorization;

/*-
* #%L
Expand All @@ -10,14 +10,14 @@
* #L%
*/

import com.boozallen.aiops.security.authorization.policy.AttributeRequest;
import com.boozallen.aiops.security.authorization.policy.AttributeValue;
import com.boozallen.aiops.security.authorization.policy.ClaimType;
import com.boozallen.aiops.security.authorization.policy.PolicyRequest;
import com.boozallen.aiops.security.config.SecurityConfiguration;
import com.boozallen.aiops.security.authorization.policy.PolicyDecision;
import com.boozallen.aiops.security.authorization.policy.PolicyDecisionPoint;
import com.boozallen.aiops.security.authorization.policy.AiopsAttributeProvider;
import com.boozallen.aissemble.security.authorization.policy.AttributeRequest;
import com.boozallen.aissemble.security.authorization.policy.AttributeValue;
import com.boozallen.aissemble.security.authorization.policy.ClaimType;
import com.boozallen.aissemble.security.authorization.policy.PolicyRequest;
import com.boozallen.aissemble.security.config.SecurityConfiguration;
import com.boozallen.aissemble.security.authorization.policy.PolicyDecision;
import com.boozallen.aissemble.security.authorization.policy.PolicyDecisionPoint;
import com.boozallen.aissemble.security.authorization.policy.AissembleAttributeProvider;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
Expand All @@ -43,7 +43,7 @@ public final class JsonWebTokenUtil {
private static final SecurityConfiguration config = KrauseningConfigFactory.create(SecurityConfiguration.class);
private static final AissembleKeyStore keyStore = new AissembleKeyStore();
private static PolicyDecisionPoint pdp = PolicyDecisionPoint.getInstance();
private static AiopsAttributeProvider attributeProvider = new AiopsAttributeProvider();
private static AissembleAttributeProvider attributeProvider = new AissembleAttributeProvider();

private JsonWebTokenUtil() {
}
Expand All @@ -70,7 +70,7 @@ public static String createToken(String subject, String audience, Collection<? e
} else {
AttributeRequest attributeClaim = (AttributeRequest) ruleClaim;
Collection<AttributeValue<?>> foundAttributes = attributeProvider
.getAiopsAttributeByIdAndSubject(attributeClaim.getRequestedAttributeId(), subject);
.getAissembleAttributeByIdAndSubject(attributeClaim.getRequestedAttributeId(), subject);
String attributeValue = null;
if (foundAttributes != null) {
attributeValue = foundAttributes.stream().map(AttributeValue::getValueAsString)
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package com.boozallen.aiops.security.authorization.models;
package com.boozallen.aissemble.security.authorization.models;

/*-
* #%L
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package com.boozallen.aiops.security.authorization.models;
package com.boozallen.aissemble.security.authorization.models;

/*-
* #%L
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package com.boozallen.aiops.security.authorization.policy;
package com.boozallen.aissemble.security.authorization.policy;

/*-
* #%L
Expand All @@ -15,7 +15,7 @@
/**
* Represents the structure of an attribute for policy decision.
*/
public class AiopsAttribute {
public class AissembleAttribute {

private String id;

Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package com.boozallen.aiops.security.authorization.policy;
package com.boozallen.aissemble.security.authorization.policy;

/*-
* #%L
Expand All @@ -14,16 +14,16 @@

/**
* The interface that defines the contract for looking up attribute values. This can be a local or remote source. It
* should be specified in the aiops attribute definition json file for each attribute so that
* {@link AiopsAttributeProvider} can find the value for a specified attribute.
* should be specified in the aissemble attribute definition json file for each attribute so that
* {@link AissembleAttributeProvider} can find the value for a specified attribute.
*
* While any number of attributes can be used for lookups, almost all scenarios will revolve around look up
* attributes for specific subjects. As such, the interface will focus on that until a demand signal arises for more
* complicated scenarios.
*
* Implementations MUST have a no-argument constructor.
*/
public interface AiopsAttributePoint {
public interface AissembleAttributePoint {

/**
* Returns the valid for a specific attribute id. For our purposes, we will just use id along to determine the value
Expand Down
Loading

0 comments on commit 9af2b56

Please sign in to comment.