policy4j / xacml4j Goto Github PK
View Code? Open in Web Editor NEWImplementation of OASIS XACML 2.0 & 3.0 specification in Java programming language
License: GNU Lesser General Public License v3.0
Implementation of OASIS XACML 2.0 & 3.0 specification in Java programming language
License: GNU Lesser General Public License v3.0
Steps to reproduce overview:
Reproducing test:
import org.junit.Test;
import org.xacml4j.v30.Effect;
import org.xacml4j.v30.marshal.jaxb.Xacml30PolicyMarshaller;
import org.xacml4j.v30.pdp.Apply;
import org.xacml4j.v30.pdp.Policy;
import org.xacml4j.v30.pdp.Rule;
import org.xacml4j.v30.policy.combine.DenyOverridesRuleCombiningAlgorithm;
import org.xacml4j.v30.spi.function.FunctionProvider;
import org.xacml4j.v30.spi.function.FunctionProviderBuilder;
import org.xacml4j.v30.types.IntegerExp;
import org.xacml4j.v30.types.StringExp;
import java.io.IOException;
import java.io.StringWriter;
import java.io.Writer;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.core.IsNull.notNullValue;
public class MarshalAttributeValueTest {
private final static FunctionProvider Funcs = FunctionProviderBuilder.builder()
.defaultFunctions()
.build();
//
// This test fails with error "unable to marshal type "java.lang.Long" as an element because it is missing an @XmlRootElement annotation"
//
@Test
public void marshalIntegerAttributeValue() throws IOException {
// arrange
Rule rule = Rule.builder("rule", Effect.DENY)
.condition(
Apply.builder(Funcs.getFunction("urn:oasis:names:tc:xacml:1.0:function:integer-equal"))
.param(IntegerExp.of(0))
.param(IntegerExp.of(1))
.build()
)
.build();
Policy policy = Policy.builder("policy")
.combiningAlgorithm(new DenyOverridesRuleCombiningAlgorithm())
.rule(rule)
.build();
// act
Writer writer = new StringWriter();
new Xacml30PolicyMarshaller().marshal(policy, writer);
String xml = writer.toString();
// assert
assertThat(xml, notNullValue());
}
//
// ...but this one is ok.
//
@Test
public void marshalStringAttributeValue() throws IOException {
// arrange
Rule rule = Rule.builder("rule", Effect.DENY)
.condition(
Apply.builder(Funcs.getFunction("urn:oasis:names:tc:xacml:1.0:function:string-equal"))
.param(StringExp.of("a"))
.param(StringExp.of("b"))
.build()
)
.build();
Policy policy = Policy.builder("policy")
.combiningAlgorithm(new DenyOverridesRuleCombiningAlgorithm())
.rule(rule)
.build();
// act
Writer writer = new StringWriter();
new Xacml30PolicyMarshaller().marshal(policy, writer);
String xml = writer.toString();
// assert
assertThat(xml, notNullValue());
}
}
Very interesting read which contains some good ideas
https://wiki.oasis-open.org/xacml/Policy%20Administration%20Point%20Architecture
PAP backend API can be used by PAP UI and PDPs
Review current exception handling and implement consistent handling either using XacmlException hierarchy or Java's runtime exceptions.
xacml-core - should contain only common classes shared between PEP and PDP modules
xacml-pdp - should contain only PDP related classes
I was testing the delegated policy rules with xacml4j but I guess there is no testing done for those attributes and their values also MaxDelegationDepth="xs:integer" and is not implemented.
Is there any way to work around to achieve Delegation with xacml4j.
Here I have attached the potential Delegation Policy with 1 PolicySet and 4 Policies and with Request and Response.
I think still reduction of the policies are not performed in this solution
v30-policy-delegation-test.zip
2016-07-31 09:41:48,458-0600 [671a803c1854251e-cb24f32c27c6c482][main] DEBUG [pdp.BaseCompositeDecisionRule] Evaluating composite decision rule with id="Policy1"
2016-07-31 09:41:48,461-0600 [671a803c1854251e-cb24f32c27c6c482][main] DEBUG [pip.DefaultPolicyInformationPoint] Trying to resolve designator="AttributeDesignatorKey{Category=urn:oasis:names:tc:xacml:3.0:attribute-category:delegated:urn:oasis:names:tc:xacml:1.0:subject-category:access-subject, AttributeId=group, DataType=http://www.w3.org/2001/XMLSchema#string, Issuer=null}"
2016-07-31 09:41:48,461-0600 [671a803c1854251e-cb24f32c27c6c482][main] DEBUG [pip.DefaultPolicyInformationPoint] No matching resolver found for designator="AttributeDesignatorKey{Category=urn:oasis:names:tc:xacml:3.0:attribute-category:delegated:urn:oasis:names:tc:xacml:1.0:subject-category:access-subject, AttributeId=group, DataType=http://www.w3.org/2001/XMLSchema#string, Issuer=null}"
2016-07-31 09:41:48,461-0600 [671a803c1854251e-cb24f32c27c6c482][main] DEBUG [pdp.DefaultEvaluationContextHandler] Resolved designator="AttributeDesignatorKey{Category=urn:oasis:names:tc:xacml:3.0:attribute-category:delegated:urn:oasis:names:tc:xacml:1.0:subject-category:access-subject, AttributeId=group, DataType=http://www.w3.org/2001/XMLSchema#string, Issuer=null}" from PIP to value="null"
2016-07-31 09:41:48,462-0600 [671a803c1854251e-cb24f32c27c6c482][main] DEBUG [pdp.RootEvaluationContext] Resolved designator="AttributeDesignatorKey{Category=urn:oasis:names:tc:xacml:3.0:attribute-category:delegated:urn:oasis:names:tc:xacml:1.0:subject-category:access-subject, AttributeId=group, DataType=http://www.w3.org/2001/XMLSchema#string, Issuer=null}" to value="BagOfAttributeExp{DataType=http://www.w3.org/2001/XMLSchema#string, Values=[]}"
When I try to marshall a policy to a file I get a SAXException2 (see below.)
// read
InputStream policyIS;
PolicyUnmarshaller reader =
new XacmlPolicyUnmarshaller( FunctionProviderBuilder.builder().defaultFunctions().build(),
DecisionCombiningAlgorithmProviderBuilder.builder().withDefaultAlgorithms().create() );
CompositeDecisionRule compositeDecisionRule = reader.unmarshal( policyIS );
// write
PolicyMarshaller writer = new Xacml30PolicyMarshaller();
FileOutputStream policyOutstream = new FileOutputStream( new File( "policyout.xml" ) );
writer.marshal( compositeDecisionRule, policyOutstream ); // <=exception thrown here
Caused by: com.sun.istack.internal.SAXException2: Instance of "javax.xml.bind.JAXBElement" is substituting "java.lang.Object", but "javax.xml.bind.JAXBElement" is bound to an anonymous type.
at com.sun.xml.internal.bind.v2.runtime.XMLSerializer.reportError(XMLSerializer.java:237)
at com.sun.xml.internal.bind.v2.runtime.XMLSerializer.childAsXsiType(XMLSerializer.java:652)
at com.sun.xml.internal.bind.v2.runtime.property.ArrayElementProperty.serializeListBody(ArrayElementProperty.java:154)
at com.sun.xml.internal.bind.v2.runtime.property.ArrayERProperty.serializeBody(ArrayERProperty.java:144)
at com.sun.xml.internal.bind.v2.runtime.ClassBeanInfoImpl.serializeBody(ClassBeanInfoImpl.java:343)
at com.sun.xml.internal.bind.v2.runtime.XMLSerializer.childAsXsiType(XMLSerializer.java:685)
at com.sun.xml.internal.bind.v2.runtime.property.SingleElementNodeProperty.serializeBody(SingleElementNodeProperty.java:143)
at com.sun.xml.internal.bind.v2.runtime.ElementBeanInfoImpl$1.serializeBody(ElementBeanInfoImpl.java:145)
at com.sun.xml.internal.bind.v2.runtime.ElementBeanInfoImpl$1.serializeBody(ElementBeanInfoImpl.java:115)
at com.sun.xml.internal.bind.v2.runtime.ElementBeanInfoImpl.serializeBody(ElementBeanInfoImpl.java:317)
at com.sun.xml.internal.bind.v2.runtime.ElementBeanInfoImpl.serializeRoot(ElementBeanInfoImpl.java:324)
at com.sun.xml.internal.bind.v2.runtime.ElementBeanInfoImpl.serializeRoot(ElementBeanInfoImpl.java:60)
at com.sun.xml.internal.bind.v2.runtime.XMLSerializer.childAsRoot(XMLSerializer.java:483)
at com.sun.xml.internal.bind.v2.runtime.MarshallerImpl.write(MarshallerImpl.java:308)
I want to find the documentation about the use of xacml4j, thank you.
Implement quantified expressions - ForAny, ForAll, Map, Select
Obligation AttributeAssignment values are not evaluated when using any attribute designator using XACML 2.0.
Example
<AttributeAssignment
AttributeId="urn:oasis:names:tc:xacml:2.0:requester"
DataType="http://www.w3.org/2001/XMLSchema#string">
<SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string"/>
</AttributeAssignment>
The above example will evaluate to an empty line when getting the obligation attribute value.
OpenAz provider information:
http://www.openliberty.org/wiki/index.php/OpenAz_Main_Page
XacmlPolicyUnmarshallerTest#testPolicy3 and XacmlPolicyUnmarshallerTest#testFeatures001Policy test cases are failing under jdk1.8. Failure happens during policy XML parsing when variable references (e.g. )are used.
Stack trace:
java.lang.IllegalStateException
at com.google.common.base.Preconditions.checkState(Preconditions.java:133)
at org.xacml4j.v30.marshal.jaxb.Xacml30PolicyFromJaxbToObjectModelMapper.parseExpression(Xacml30PolicyFromJaxbToObjectModelMapper.java:663)
at org.xacml4j.v30.marshal.jaxb.Xacml30PolicyFromJaxbToObjectModelMapper.createApply(Xacml30PolicyFromJaxbToObjectModelMapper.java:616)
and
java.lang.IllegalStateException
at com.google.common.base.Preconditions.checkState(Preconditions.java:133)
at org.xacml4j.v30.marshal.jaxb.Xacml20PolicyFromJaxbToObjectModelMapper.parseExpression(Xacml20PolicyFromJaxbToObjectModelMapper.java:408)
at org.xacml4j.v30.marshal.jaxb.Xacml20PolicyFromJaxbToObjectModelMapper.createApply(Xacml20PolicyFromJaxbToObjectModelMapper.java:655)
Policy repository needs to be split to the following components:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.