http://www.jboss.org/jbosssecurity/downloads/JBoss%20XACML
====================
Release Notes for JBoss Security and Identity Management
Includes versions: JBossXACML_2.0.3.CR3
** Sub-task
* [ SECURITY-390 ] JBossXACML: ResourceLocator
** Feature Request
* [ SECURITY-388 ] JBossXACML: AttributeLocator
** Bug
* [ SECURITY-391 ] JBossXACML: PDP construction should be one time
** Task
* [ SECURITY-392 ] Release JBossXACML 2.0.3.CR3
=========================================
That is the release notes.
Improvements in 2.0.3.CR3:
* Support for specifying Attribute Locators and Resource Locators.
* Minor performance improvement where the internal pdp is constructed one time rather than at each request evaluation.
What are Attribute Locators?
Attribute Locators are consulted when the Policy specifies certain attributes to be necessary for evaluation and the the request comes without the required attribute. In that case, the PDP is going to ask the attribute locator for a value for the attribute to make an evaluation. Again, remember the attribute locator is driven by the POLICY and not the REQUEST.
Procedure for Attribute Locators:
- Write a subclass of org.jboss.security.xacml.locators.AttributeLocator
- The following methods need to be overridden in your attribute locator
* @see AttributeFinderModule#findAttribute(String, org.w3c.dom.Node, URI, org.jboss.security.xacml.sunxacml.EvaluationCtx, String)
* @see AttributeFinderModule#findAttribute(URI, URI, URI, URI, org.jboss.security.xacml.sunxacml.EvaluationCtx, int) - Then specify the attribute locator in your configuration file as shown in the example below.
These are used in the Hierarchical Profile if you decide to use it.
Configuration File
=================================
<ns:jbosspdp xmlns:ns="urn:jboss:xacml:2.0">
<ns:Policies>
<ns:PolicySet>
<ns:Location>test/policies/interop/xacml-policySet.xml</ns:Location>
<ns:Policy>
<ns:Location>test/policies/interop/xacml-policy2.xml</ns:Location>
</ns:Policy>
<ns:Policy>
<ns:Location>test/policies/interop/xacml-policy3.xml</ns:Location>
</ns:Policy>
<ns:Policy>
<ns:Location>test/policies/interop/xacml-policy4.xml</ns:Location>
</ns:Policy>
<ns:Policy>
<ns:Location>test/policies/interop/xacml-policy5.xml</ns:Location>
</ns:Policy>
</ns:PolicySet>
</ns:Policies>
<ns:Locators>
<ns:Locator Name="org.jboss.security.xacml.locators.JBossPolicySetLocator"/>
<ns:Locator Name="org.jboss.test.security.xacml.locators.TestAttributeLocator">
<ns:Option Name="identifier">test-attrib</ns:Option>
<ns:Option Name="attributeDesignatorSupport">true</ns:Option>
<ns:Option Name="attributeSelectorSupport">true</ns:Option>
<ns:Option Name="attributeDesignatorInt">0</ns:Option>
<ns:Option Name="attributeDesignatorInt">1</ns:Option>
<ns:Option Name="attributeDesignatorInt">2</ns:Option>
<ns:Option Name="attributeSupportedId">urn:oasis:names:tc:xacml:1.0:action:action-id</ns:Option>
<ns:Option Name="attributeSupportedId">http://www.w3.org/2001/XMLSchema#string</ns:Option>
<ns:Option Name="attributeSupportedId">urn:xacml:2.0:interop:example:subject:buy-offer-price</ns:Option>
<ns:Option Name="attributeSupportedId">urn:oasis:names:tc:xacml:1.0:subject:subject-id</ns:Option>
</ns:Locator>
<ns:Locator Name="org.jboss.test.security.xacml.locators.TestResourceLocator">
<ns:Option Name="identifier">test-resource</ns:Option>
<ns:Option Name="resourceChildSupport">true</ns:Option>
<ns:Option Name="resourceDescendantSupport">true</ns:Option>
</ns:Locator>
</ns:Locators>
</ns:jbosspdp>
=================================
The "Option" element tags are got from AbstractLocator interface.
http://anonsvn.jboss.org/repos/jbossas/projects/security/security-xacml/tags/2.0.3.CR3/jboss-xacml/src/main/java/org/jboss/security/xacml/interfaces/AbstractLocator.java
------------------------
String IDENTIFIER_TAG = "identifier";
String ATTRIBUTE_DESIGNATOR_SUPPORT_TAG = "attributeDesignatorSupport";
String ATTRIBUTE_SELECTOR_SUPPORT_TAG = "attributeSelectorSupport";
String ATTRIBUTE_SUPPORTED_ID_TAG = "attributeSupportedId";
String ATTRIBUTE_DESIGNATOR_INTEGER_TAG = "attributeDesignatorInt";
String RESOURCE_CHILD_SUPPORTED_TAG = "resourceChildSupport";
String RESOURCE_DESCENDANT_SUPPORTED_TAG = "resourceDescendantSupport";
================================
User Forum: http://www.jboss.org/index.html?module=bb&op=viewforum&f=49
No comments:
Post a Comment