Skip to Main Content
Forums

Java Programming

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

about sun's xacml implementation

807580Apr 9 2010 — edited Apr 20 2010
Hi,
I have a problem when I 'm using sun's xacml implementation project ,"sunxacml1.2".
I follow the document in
"http://java.sun.com/developer/technicalArticles/Security/xacml/xacml.html"

Xacml_PDP.java
import java.io.FileInputStream;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

import com.sun.xacml.PDP;
import com.sun.xacml.PDPConfig;
import com.sun.xacml.ctx.RequestCtx;
import com.sun.xacml.ctx.ResponseCtx;
import com.sun.xacml.finder.AttributeFinder;
import com.sun.xacml.finder.PolicyFinder;
import com.sun.xacml.finder.impl.CurrentEnvModule;
import com.sun.xacml.finder.impl.FilePolicyModule;

public class Xacml_PDP {
public String GenResponse() throws Exception {
// load the policies
FilePolicyModule policyModule = new FilePolicyModule();
policyModule.addPolicy("policy.xml");

// setup the policy finder
PolicyFinder policyFinder = new PolicyFinder();
Set policyModules = new HashSet();
policyModules.add(policyModule);
policyFinder.setModules(policyModules);

// module to provide the current date & time
CurrentEnvModule envModule = new CurrentEnvModule();

// setup the attribute finder
AttributeFinder attrFinder = new AttributeFinder();
List attrModules = new ArrayList();
attrModules.add(envModule);
attrFinder.setModules(attrModules);

// create the PDP
PDP pdp = new PDP(new PDPConfig(attrFinder, policyFinder, null));
// now work on the request
RequestCtx request = RequestCtx.getInstance(new FileInputStream(
"request.xml"));
ResponseCtx response = pdp.evaluate(request);

return response.encode();
}
}

and cpoy the "policy" and "request" from the example in
"Sun's XACML Implementation Programmer's Guide for Version 1.2"

policy.xml
<Policy PolicyId="ExamplePolicy"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
<Target>
<Subjects>
<AnySubject />
</Subjects>
<Resources>
<Resource>
<ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://server.example.com/code/docs/developer-guide.html</AttributeValue>
<ResourceAttributeDesignator
DataType="http://www.w3.org/2001/XMLSchema#anyURI" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" />
</ResourceMatch>
</Resource>
</Resources>
<Actions>
<AnyAction />
</Actions>
</Target>
<Rule RuleId="ReadRule" Effect="Permit">
<Target>
<Subjects>
<AnySubject />
</Subjects>
<Resources>
<AnyResource />
</Resources>
<Actions>
<Action>
<ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
<ActionAttributeDesignator
DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" />
</ActionMatch>
</Action>
</Actions>
</Target>
<Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
<SubjectAttributeDesignator
DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="group" />
</Apply>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">developers</AttributeValue>
</Condition>
</Rule>
</Policy>

request.xml
<Request>
<Subject>
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">
<AttributeValue>seth@users.example.com</AttributeValue>
</Attribute>
<Attribute AttributeId="group"
DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="admin@users.example.com">
<AttributeValue>developers</AttributeValue>
</Attribute>
</Subject>
<Resource>
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<AttributeValue>http://server.example.com/code/docs/developer-guide.html</AttributeValue>
</Attribute>
</Resource>
<Action>
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>read</AttributeValue>
</Attribute>
</Action>
</Request>

Fortunately, I can get the permit response when I run the program. But, when I use eclipse's function to make the class become webservice (right click the class name and choose create web service). And let the class to return the string "response.encode()". In client, I'll get the strange response like this:

<Response>
<Result ResourceID="http://localhost:8280/services/echo/echoString>"
<Decision>NotApplicable</Decision>
<Status>
<StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
</Status>
</Result>
</Response>

and it's different from the correct response like this:

<Response>
<Result ResourceID="http://server.example.com/code/docs/developer-guide.html>"
<Decision>Permit</Decision>
<Status>
<StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
</Status>
</Result>
</Response>

In my thinking, I just want to get the correct response in client by calling the web service.
But there is something strange I can't understand.
please help me! Thank you
.

Edited by: KuangYu on Apr 8, 2010 10:31 PM
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on May 18 2010
Added on Apr 9 2010
1 comment
385 views