OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: FW: AttributeFinderModule is not called and PDP don't work with myattribute designators


Hi all,

My problem with the use of Sun's XACML Implementation is that my DesignatorPDP.java (i think) don't recognize the attributedesignator that i have implementated and the policies cannot be correctly validated.

I explain my development:

1. The request that the PDP is going to receive have as subject:

  <Subject>
    <Attribute AttributeId="userName/subject#user"
               DataType="http://www.w3.org/2001/XMLSchema#string">
     <AttributeValue>Beatriz</AttributeValue>
     
   </Attribute>
 
 <Attribute AttributeId="babyName/subject#baby"
               DataType="http://www.w3.org/2001/XMLSchema#string">
     <AttributeValue>baby 1</AttributeValue>
     
   </Attribute>
  </Subject>

2. The policy that i have created need to use userName/subject#user, babyName/subject#baby and urn:oasis:names:tc:xacml:1.0:resource:resource-id with attribute designators. I think that here, i don't have problem.

3. I have read that if i need to use attribute designators, i have to create a class that implements AttributeFinderModule. i did it. One for the attributeDesignator userName/subject#user and other for babyName/subject#baby (i implemented one class too but don't work). I think that my implementation in this point is correct. (I put supportedIds, designatorsTypes, true for isdesignatorsupported and for findAttribute i check that the call is correct and, later, i look for the subject attribute in the context)

4. my PDP is very similar to the SimplePDP that Sun's implementation includes but I add the attribute modules in the attribute finder and initialize the pdp with pdp = new PDP(new PDPConfig(attributeFinder, policyFinder, null)); I always use the constructor: "public DesignatorPDP(String [] policyFiles) throws Exception" similar to SimplePDP.java.

For evaluate my development, i use the SimplePDP way. It's:

    public ResponseCtx evaluate(String requestFile) throws IOException, ParsingException  {
        // setup the request based on the file
        RequestCtx request =
            RequestCtx.getInstance(new FileInputStream(requestFile));

              
        // evaluate the request
        return pdp.evaluate(request);
             
    }



This is my implementation and changes. I don't know why when i try to use it, this doesn't work. I do the next:
             //Try create PDP with policies
            DesignatorPDP pdp = new DesignatorPDP(policyFilesPaths);
           
             //Evaluate request in pdp
            ResponseCtx response = pdp.evaluate(requestFile);

The response that i obtain is incorrect and the attribute modules that i have created are not called. so i don't know what values use the PDP for validate the policies but i think they are incorrect.

Have i forgotten some step in my development? I'm desperate with my tests. i don't know what more prove.

Thanks,

Sara


¿Tu fondo de escritorio es aburrido? Anímalo con las imágenes más espectaculares

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]