GettingStarted

All Versions
Error formatting macro: expand: com.atlassian.core.exception.InfrastructureException: Error occurred rendering template content

XACML Core 1.0.0-M1
XACML Core 1.0.0-M2 (Snapshot)

HERASAF XACML Core 1.0.0-M1

On this page:

Required Dependencies

The HERAS-AF XACML Core component needs the following direct dependencies (and their sub-dependencies) to run

  • com.sun.xml.bind:jaxb-xjc:2.1.12
    • com.sun.xml.bind:jaxb-api:2.1
    • com.sun.xml.bind:jaxb-impl:2.1.12
    • javax.xml.stream:stax-api:1.0-2
    • javax.activation:activation:1.1
  • org.slf4j:slf4j-api:1.5.8
  • ch.qos.logback:logback-classic:0.9.17 ==>(ONLY needed if you you use logback as logging implementation. See also http://www.slf4j.org)
    • ch.qos.logback:logback-core:0.9.17

Using Maven2 it is very easy to obtain the HERAS-AF dependencies by adding the following repository to your Maven2 pom.xml:

Creating a simple PDP

For the creation of a simple PDP the SimplePDPFactory is provided. By calling the Method getSimplePDP() the factory returns a simple PDP instance.

The useDefaultInitializers() method effects that the PDP is beeing initialized with the default set of XACML Functions, DataTypes and CombiningAlgorithms that are provided/implemented by HERAS-AF. Additionally a default configuration for the JAXB Marshallers (formatted output, ...) is loaded.

In cases where it is required to use custom implementations of the combining algorithm, policy repository and/or the PIP, different variants of the method getSimplePDP(...) are provided in the SimplePDPFactory. The following code snippet shows how such issues can be solved.

Deployment of policies

The following code snippet shows how policies can be deployed on the policy repository.

When an ordered combining algorithm is used, the policies can be deployed by additionally specifying their position. The following code snippet shows how this can be done.

Undeployment of policies

The following code snippet shows how policies can be undeployed on the policy repository.

Evaluating a request

On the following code snippet a request is evaluated and the response from the PDP is retrieved.

Marshalling policies / requests / responses

A policy can be marshalled to different targets.

In order to be able to parse an XACML Policy or Request it is necessary to initialize the JAXB subsystem first. This is done by initializing a PDP. Please see "Creating a PDP" above. In the future we will decouple the JAXB initialization, so that the Policy and Request marshalling/unmarshalling operations can be used without initializing the PDP. See also: HERASAFXACMLCORE-98

The following list describes the possible marshalling targets:

  • OutputStream (java.io)
  • File (java.io)
  • Result (javax.xml.transform)
  • ContentHandler (org.xml.sax)
  • Writer (java.io)
  • Node (org.w3c.dom)
  • XMLStreamWriter (javax.xml.stream)
  • XMLEventWriter (javax.xml.stream)

The code snippet below shows how a policy is marshalled to an OutputStream.

For the marshalling of requests and responses the same repertoire of targets is available. A response or a request, respectively, can be marshalled to an OutputStrem, a File, Writer, and so on. The code example below shows how a request is marshalled to an OutputStream (the marshalling of a response is equal).
For the unmarshalling of policies, requests and responses the PolicyConverter, RequestCtxFactory and ResponseCtxFactory are provided. The following list describes the possible input types for the unmarshalling:

  • File (java.io)
  • InputStream (java.io)
  • Reader (java.io)
  • URL (java.net)
  • InputSource (org.xml.sax)
  • Node (org.w3c.com)
  • Source (javax.xml.transform)
  • XMLStreamReader (javax.xml.stream)
  • XMLEventReader (javax.xml.stream)

The code example below shows how an InputStream is unmarshalled to a RequestCtx. The usage of the ResponseCtxFactory and the PolicyConverter ist equal to RequestCtxFactory.

Configuration of Logging MDC

MDC (Mapped Diagnostic Context) is an intstrument for distinguishing interleaved log output from different sources. Interleaved log output appears typically in cases where a server handles multiple client requests nearly simultaneous.

The following keys are used in the configuration:

  • org:herasaf:request:xacml:evaluation:requesttime
    Timestamp of the request arrival. Used to identify the incoming request.
  • org:herasaf:xacml:evaluation:evaluatableid
    The id of the Evaluatable.
  • org:herasaf:xacml:evaluation:ruleid
    The id of the Rule

The code below shows an example configuration using LogBack:
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.