[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Hierarchical resources policy and request file
Hi Seth, Following 4 files are attached.I am using Sun's XACML 1.2 implementation for this. 1).ResourceAttributeFinderModule.java 2).company_policy.xml 3).company_request.xml 4).SimplePDP.java Exception is as follows (I have added to println to some classes): -------------------------------------------------- ----------------------------------------------------- <<FunctionBase checkInputs inputs --- [com.sun.xacml.attr.AttributeDesignator@139b78e, com.sun.xacml.attr.AttributeDesignator@41d05d] <<FunctionBase checkInputs singleType --- false ------FunctionBase.checkInputs --- paramTypes.length 2 ------FunctionBase.checkInputs --- inputs [com.sun.xacml.attr.AttributeDesignator@139b78e, com.sun.xacml.attr.AttributeDesignator@41d05d] ------FunctionBase.checkInputs --- iteration i ====== 0 ------FunctionBase.checkInputs --- eval com.sun.xacml.attr.AttributeDesignator@139b78e ------FunctionBase.checkInputs --- eval.getChildren() [] ------FunctionBase.checkInputs --- eval.getType() http://www.w3.org/2001/XMLSchema#string ------FunctionBase.checkInputs --- paramTypes[i] for i = 0 is :: http://www.w3.org/2001/XMLSchema#string ------FunctionBase.checkInputs --- eval.evaluatesToBag() true ------FunctionBase.checkInputs --- paramsAreBags[i]) for i = 0 is :: false Jul 4, 2006 9:41:49 AM com.sun.xacml.finder.impl.FilePolicyModule loadPolicy WARNING: Error reading policy from file C:\sun xacml\sunxacml-1.2\sample\policy\company_policy.xml java.lang.IllegalArgumentException: illegal parameter at com.sun.xacml.cond.FunctionBase.checkInputs(FunctionBase.java:461) at com.sun.xacml.cond.Apply.<init>(Apply.java:142) at com.sun.xacml.cond.Apply.getInstance(Apply.java:259) at com.sun.xacml.cond.Apply.getConditionInstance(Apply.java:170) at com.sun.xacml.Rule.getInstance(Rule.java:181) at com.sun.xacml.Policy.<init>(Policy.java:215) at com.sun.xacml.Policy.getInstance(Policy.java:237) at com.sun.xacml.finder.impl.FilePolicyModule.loadPolicy(FilePolicyModule.java:321) at com.sun.xacml.finder.impl.FilePolicyModule.init(FilePolicyModule.java:218) at com.sun.xacml.finder.PolicyFinder.init(PolicyFinder.java:141) at com.sun.xacml.PDP.<init>(PDP.java:107) at SimplePDP.<init>(SimplePDP.java:211) at SimplePDP.main(SimplePDP.java:312) resourceFinder --> com.sun.xacml.finder.ResourceFinder@ce2187 Policy load Time ---------> 2047 ms ----------------------------------------------------- ----------------------------------------------------- --- Seth Proctor <Seth.Proctor@sun.com> wrote: > > Hi Dhirendra. > > On Jul 2, 2006, at 10:42 AM, dhirendra sharma wrote: > > I am using Sun's XACML 1.2 implementation. > > I am coding the Context Handler, policy and > request > > files per Anne Anderson's suggestion below. > > > > Can you please review the attached three files: > > I didn't see the files attached. Can you re-send > with the files? > > > It is not working for me.Keeps throing exception > on > > condition element.I tried it in various ways but > still > > doesn't work. > > Could you mail me the specific exception that is > being thrown? Also, > we might want to take this discussion to the > sunxacml-discuss list if > this becomes a question specific to that system. > > > seth > > --------------------------------------------------------------------- > This publicly archived list supports open discussion > on using the > XACML OASIS Standard. To minimize spam in the > archives, you > must subscribe before posting. > > [Un]Subscribe/change address: > http://www.oasis-open.org/mlmanage/ > Alternately, using email: > list-[un]subscribe@lists.oasis-open.org > List archives: > http://lists.oasis-open.org/archives/xacml-users/ > Committee homepage: > http://www.oasis-open.org/committees/xacml/ > List Guidelines: > http://www.oasis-open.org/maillists/guidelines.php > Join OASIS: http://www.oasis-open.org/join/ > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
import com.sun.xacml.EvaluationCtx;
import com.sun.xacml.attr.AnyURIAttribute;
import com.sun.xacml.attr.AttributeDesignator;
import com.sun.xacml.attr.BagAttribute;
import com.sun.xacml.attr.RFC822NameAttribute;
import com.sun.xacml.attr.StringAttribute;
import com.sun.xacml.cond.EvaluationResult;
import com.sun.xacml.ctx.Status;
import com.sun.xacml.finder.AttributeFinderModule;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Set;
/**
*
*
*/
public class ResourceAttributeFinderModule extends AttributeFinderModule
{
// the one and only attribute identifier that this module supports
private static final String SUPPORTED_ATTRIBUTE_ID = "urn:oasis:names:tc:xacml:1.0:resource:parent";
// the identifier and type of the user
private static final String COMPANY = "company";
private static final String COMPANY_TYPE = AnyURIAttribute.identifier;
// URI versions of the subject data
private URI companyId;
private URI companyType;
/**
* Default constructor.
*/
public ResourceAttributeFinderModule() throws URISyntaxException {
// setup the subject identifier information
companyId = new URI(COMPANY);
companyType = new URI(COMPANY_TYPE);
// this code doesn't do it, but this would be a good place to setup a
// cache if you don't want to fetch the group information each time
}
/**
* Sepcifies whether or not this module supports AttributeDesignator
* queries. Since that's what this code does, this method always
* returns true;
*
* @return true
*/
public boolean isDesignatorSupported() {
return true;
}
/**
* Specifies the types of designators this code supports. In this
* case, the module supports only subject attributes.
*
* @return a <code>Set</code> containing the supported types
*/
public Set getSupportedDesignatorTypes() {
Set types = new HashSet();
//types.add(new Integer(AttributeDesignator.SUBJECT_TARGET));
types.add(new Integer(AttributeDesignator.RESOURCE_TARGET));
return types;
}
/**
* Specifies the identifiers that this code supports. This module has
* been written to support exactly one attribute, but in general you
* could write a module that supports any number of attributes.
*
* @return a <code>Set</code> specifying the supported attributes ids
*/
public Set getSupportedIds() {
Set ids = new HashSet();
try {
ids.add(new URI(SUPPORTED_ATTRIBUTE_ID));
} catch (URISyntaxException se) {
// this won't actually happen in this case
return null;
}
return ids;
}
/**
* This is called when the PDP is trying to find a value that wasn't
* included in a Request. The value that the PDP is looking for may or
* may not be supported by this module, so you first have to check
* that you can handle this request.
*/
public EvaluationResult findAttribute(URI attributeType, URI attributeId,
URI issuer, URI subjectCategory,
EvaluationCtx context,
int designatorType) {
System.out.println("<<ENTER>> ResourceAttributeFinderModule here1");
// check that this is a Subject attribute
//if (designatorType != AttributeDesignator.SUBJECT_TARGET)
if (designatorType != AttributeDesignator.RESOURCE_TARGET)
return new EvaluationResult(BagAttribute.
createEmptyBag(attributeType));
System.out.println(" ResourceAttributeFinderModule here2");
// check that this is the type and identifier that this module is
// setup to handle
if ((! attributeType.toString().equals(StringAttribute.identifier)) ||
(! attributeId.toString().equals(SUPPORTED_ATTRIBUTE_ID)))
return new EvaluationResult(BagAttribute.
createEmptyBag(attributeType));
System.out.println(" ResourceAttributeFinderModule here3");
// if we got here then we're looking for the one attribute that this
// module knows how to handle, so get the user's identifier...note
// that we don't consider the issuer here, since it pertains to the
// issuer of the group values (ie, the values that this module is
// supposed to return)
//EvaluationResult result = context.getSubjectAttribute(userIdType, userId, subjectCategory);
EvaluationResult result = context.getResourceAttribute(companyType, companyId, subjectCategory);
System.out.println(" ResourceAttributeFinderModule here4");
// make sure there wasn't an error getting the identifier
if (result.indeterminate()) {
return result;
}
System.out.println(" ResourceAttributeFinderModule here5");
// make sure we found exactly one value for the user's identifier
BagAttribute bag = (BagAttribute)(result.getAttributeValue());
System.out.println(" ResourceAttributeFinderModule here6 -- BagAttribute bag = " + bag);
if (bag.size() != 1) {
ArrayList code = new ArrayList();
code.add(Status.STATUS_PROCESSING_ERROR);
Status status =
new Status(code, "couldn't find user's identifier");
return new EvaluationResult(status);
}
System.out.println(" ResourceAttributeFinderModule here7");
// get the identifier out of the bag and get the group memberships
//RFC822NameAttribute user = (RFC822NameAttribute)(bag.iterator().next());
AnyURIAttribute company = (AnyURIAttribute)(bag.iterator().next());
System.out.println(" ResourceAttributeFinderModule here8");
//return getGroups(user);
return getCompany(company);
}
/**
* This is the app-specific part that you need to fill in to make this
* module work correctly. This method should use the user's identity
* to lookup the groups that the user is in. The groups will probably
* be returned either as multiple items in a bag, or as a single String
* listing all the groups (depending on what your system needs).
*/
private EvaluationResult getGroups(RFC822NameAttribute user) {
// do the group lookup...note that regardless of the form of the
// groups, you must return an EvaluationResult that contains a
// Bag, since that's the form that must be returned from the
// findAttribute method above
BagAttribute groups = null;
// if there is an error at any point in this routine, then return
// an EvaluationResult with status to explain the error
// finally, return the group information
return new EvaluationResult(groups);
}
/**
* This is the app-specific part that you need to fill in to make this
* module work correctly. This method should use the user's identity
* to lookup the groups that the user is in. The groups will probably
* be returned either as multiple items in a bag, or as a single String
* listing all the groups (depending on what your system needs).
*/
private EvaluationResult getCompany(AnyURIAttribute company) {
System.out.println(" ResourceAttributeFinderModule getCompany here1");
// do the group lookup...note that regardless of the form of the
// groups, you must return an EvaluationResult that contains a
// Bag, since that's the form that must be returned from the
// findAttribute method above
BagAttribute companys = null;
Set set = new HashSet();
System.out.println(" ResourceAttributeFinderModule getCompany here2");
try {
System.out.println(" ResourceAttributeFinderModule getCompany here3");
AnyURIAttribute sa = new AnyURIAttribute(new URI("18021"));
AnyURIAttribute sa1 = new AnyURIAttribute(new URI("18022"));
set.add(sa);
set.add(sa1);
System.out.println(" ResourceAttributeFinderModule getCompany here4");
companys = new BagAttribute(sa.getType(), set);
System.out.println(" ResourceAttributeFinderModule getCompany here5");
} catch (URISyntaxException e) {
System.out.println(" ResourceAttributeFinderModule URISyntaxException " + e.toString());
// TODO Auto-generated catch block
e.printStackTrace();
}
// if there is an error at any point in this routine, then return
// an EvaluationResult with status to explain the error
// finally, return the group information
return new EvaluationResult(companys);
}
}
<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
PolicyId="WCM-Release-Car_Policy"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
<Description>
Sample tree :
180820
/ \
180821 180822
/ \
180823 180824
</Description>
<!-- =============================================================================================== -->
<Target>
<Subjects>
<AnySubject/>
</Subjects>
<Resources>
<AnyResource/>
</Resources>
<Actions>
<AnyAction/>
</Actions>
</Target>
<!-- =============================================================================================== -->
<Rule RuleId="WCMReleaseCarRule1" Effect="Permit">
<Target>
<Subjects>
<AnySubject/>
</Subjects>
<Resources>
<AnyResource/>
</Resources>
<Actions>
<AnyAction/>
</Actions>
</Target>
<Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
<!-- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:anyURI-is-in"> -->
<SubjectAttributeDesignator
DataType="http://www.w3.org/2001/XMLSchema#string";
AttributeId="subject-company" />
<ResourceAttributeDesignator
DataType="http://www.w3.org/2001/XMLSchema#string";
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:parent" />
<!-- </Apply> -->
</Condition>
</Rule>
<!-- =============================================================================================== -->
</Policy>
<?xml version="1.0" encoding="UTF-8"?>
<Request
xmlns="urn:oasis:names:tc:xacml:1.0:context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="urn:oasis:names:tc:xacml:1.0:context
cs-xacml-schema-context-01.xsd">
<Subject>
<Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string";>
<AttributeValue>xmic001</AttributeValue>
</Attribute>
<Attribute AttributeId="group"
DataType="http://www.w3.org/2001/XMLSchema#string";>
<AttributeValue>WCM-Release-Car</AttributeValue> <!-- User group from LDAP -->
</Attribute>
<Attribute AttributeId="subject-company"
DataType="http://www.w3.org/2001/XMLSchema#string";>
<AttributeValue>18021</AttributeValue> <!-- Top level company that this belongs to from LDAP -->
</Attribute>
<!-- Get all the tree starting from 18021 and below -->
<!--
<Attribute AttributeId="urn:namespace:subject-company-level"
DataType="http://www.w3.org/2001/XMLSchema#string";>
<AttributeValue>TREE</AttributeValue>
</Attribute>
-->
</Subject>
<Resource>
<Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
DataType="http://www.w3.org/2001/XMLSchema#string";>
<AttributeValue>180822</AttributeValue> <!-- Company to be read -->
</Attribute>
<!--
<Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:scope"
DataType="http://www.w3.org/2001/XMLSchema#string";>
<AttributeValue>Descendants</AttributeValue>
</Attribute>
-->
</Resource>
<Action>
<Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
DataType="http://www.w3.org/2001/XMLSchema#string";>
<AttributeValue>ReleaseCar</AttributeValue>
</Attribute>
</Action>
</Request>
/*
* @(#)SimplePDP.java
*
* Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistribution of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistribution in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* Neither the name of Sun Microsystems, Inc. or the names of contributors may
* be used to endorse or promote products derived from this software without
* specific prior written permission.
*
* This software is provided "AS IS," without a warranty of any kind. ALL
* EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
* ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
* OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
* AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
* AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
* DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
* REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
* INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY
* OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
* EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
*
* You acknowledge that this software is not designed or intended for use in
* the design, construction, operation or maintenance of any nuclear facility.
*/
import com.sun.xacml.ConfigurationStore;
import com.sun.xacml.Indenter;
import com.sun.xacml.ParsingException;
import com.sun.xacml.PDP;
import com.sun.xacml.PDPConfig;
import com.sun.xacml.cond.FunctionFactory;
import com.sun.xacml.cond.FunctionFactoryProxy;
import com.sun.xacml.cond.StandardFunctionFactory;
import com.sun.xacml.ctx.RequestCtx;
import com.sun.xacml.ctx.ResponseCtx;
import com.sun.xacml.finder.AttributeFinder;
import com.sun.xacml.finder.PolicyFinder;
import com.sun.xacml.finder.ResourceFinder;
import com.sun.xacml.finder.impl.CurrentEnvModule;
import com.sun.xacml.finder.impl.FilePolicyModule;
import com.sun.xacml.finder.impl.SelectorModule;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
/**
* This is a simple, command-line driven XACML PDP. It acts both as an example
* of how to write a full-featured PDP and as a sample program that lets you
* evaluate requests against policies. See the comments for the main() method
* for correct usage.
*
* @since 1.1
* @author seth proctor
*/
public class SimplePDP
{
// this is the actual PDP object we'll use for evaluation
private PDP pdp = null;
/**
* Default constructor. This creates a <code>SimplePDP</code> with a
* <code>PDP</code> based on the configuration defined by the runtime
* property com.sun.xcaml.PDPConfigFile.
*/
public SimplePDP() throws Exception {
// load the configuration
System.out.println(" load the sys config");
ConfigurationStore store = new ConfigurationStore();
System.out.println(" loaded sys config");
// use the default factories from the configuration
store.useDefaultFactories();
System.out.println("use the default factories from the configuration");
// get the PDP configuration's and setup the PDP
pdp = new PDP(store.getDefaultPDPConfig());
System.out.println("got the PDP configuration's and setup the PDP");
}
public SimplePDP(String requestFile) throws Exception {
// load the configuration
System.out.println(" load the sys config for requestFile --> " + requestFile);
File configFile = new File(requestFile);
ConfigurationStore store = new ConfigurationStore(configFile);
System.out.println(" loaded sys config");
// use the default factories from the configuration
store.useDefaultFactories();
System.out.println("use the default factories from the configuration");
// get the PDP configuration's and setup the PDP
pdp = new PDP(store.getDefaultPDPConfig());
System.out.println("got the PDP configuration's and setup the PDP");
}
/**
* Constructor that takes an array of filenames, each of which
* contains an XACML policy, and sets up a <code>PDP</code> with access
* to these policies only. The <code>PDP</code> is configured
* programatically to have only a few specific modules.
*
* @param policyFiles an arry of filenames that specify policies
*/
public SimplePDP(String [] policyFiles) throws Exception {
// Create a PolicyFinderModule and initialize it...in this case,
// we're using the sample FilePolicyModule that is pre-configured
// with a set of policies from the filesystem
FilePolicyModule filePolicyModule = new FilePolicyModule();
System.out.println("FilePolicyModule");
for (int i = 0; i < policyFiles.length; i++) {
System.out.println("FilePolicyModule ---> i --> " + i + " -----policyFile--- " + policyFiles[i]);
filePolicyModule.addPolicy(policyFiles[i]);
}
// next, setup the PolicyFinder that this PDP will use
PolicyFinder policyFinder = new PolicyFinder();
Set policyModules = new HashSet();
policyModules.add(filePolicyModule);
policyFinder.setModules(policyModules);
System.out.println("Set policyModules.size() ---> "+ policyModules.size());
// now setup attribute finder modules for the current date/time and
// AttributeSelectors (selectors are optional, but this project does
// support a basic implementation)
CurrentEnvModule envAttributeModule = new CurrentEnvModule();
SelectorModule selectorAttributeModule = new SelectorModule();
SampleAttrFinderModule sampleAttrFinderModule = new SampleAttrFinderModule();
ResourceAttributeFinderModule resourceAttributeFinderModule = new ResourceAttributeFinderModule();
// Setup the AttributeFinder just like we setup the PolicyFinder. Note
// that unlike with the policy finder, the order matters here. See the
// the javadocs for more details.
AttributeFinder attributeFinder = new AttributeFinder();
List attributeModules = new ArrayList();
attributeModules.add(envAttributeModule);
attributeModules.add(selectorAttributeModule);
attributeModules.add(sampleAttrFinderModule);
attributeModules.add(resourceAttributeFinderModule);
attributeFinder.setModules(attributeModules);
System.out.println(" List attributeModules ---> "+ attributeModules);
// Try to load the time-in-range function, which is used by several
// of the examples...see the documentation for this function to
// understand why it's provided here instead of in the standard
// code base.
FunctionFactoryProxy proxy = StandardFunctionFactory.getNewFactoryProxy();
FunctionFactory factory = proxy.getConditionFactory();
factory.addFunction(new TimeInRangeFunction());
FunctionFactory.setDefaultFactory(proxy);
System.out.println(" FunctionFactoryProxy proxy ---> "+ proxy);
System.out.println("<<SimplePDP>> finally, initialize our pdp");
//Resource Finder stuff
System.out.println(" Resource Finder stuff ");
ResourceFinder resourceFinder = new ResourceFinder();
LocationResourceFinderModule locationResourceFinderModule = new LocationResourceFinderModule();
List resourceModules = new ArrayList();
resourceModules.add(locationResourceFinderModule);
resourceFinder.setModules(resourceModules);
// finally, initialize our pdp
//pdp = new PDP(new PDPConfig(attributeFinder, policyFinder, null));
pdp = new PDP(new PDPConfig(attributeFinder, policyFinder, resourceFinder));
}
/**
* Evaluates the given request and returns the Response that the PDP
* will hand back to the PEP.
*
* @param requestFile the name of a file that contains a Request
*
* @return the result of the evaluation
*
* @throws IOException if there is a problem accessing the file
* @throws ParsingException if the Request is invalid
*/
public ResponseCtx evaluate(String requestFile)
throws IOException, ParsingException
{
System.out.println(" evaluate requestFile ---> "+ requestFile);
// setup the request based on the file
RequestCtx request =
RequestCtx.getInstance(new FileInputStream(requestFile));
System.out.println(" evaluate the request ---> "+ request);
// evaluate the request
return pdp.evaluate(request);
}
/**
* Main-line driver for this sample code. This method lets you invoke
* the PDP directly from the command-line.
*
* @param args the input arguments to the class. They are either the
* flag "-config" followed by a request file, or a request
* file followed by one or more policy files. In the case
* that the configuration flag is used, the configuration
* file must be specified in the standard java property,
* com.sun.xacml.PDPConfigFile.
*/
public static void main(String [] args) throws Exception {
System.out.println("<<ENTRY>>SimplePDP.main() ----------- ");
//String file = "C:\\sun xacml\\sunxacml-1.2\\sample\\config\\standard.xml";
// String file1 = "C:\\sun xacml\\sunxacml-1.2\\sample\\request\\generated.xml";
// String file2 = "C:\\sun xacml\\sunxacml-1.2\\sample\\policy\\generated.xml";
// String file1 = "C:\\sun xacml\\sunxacml-1.2\\sample\\request\\door-access.xml";
// String file2 = "C:\\sun xacml\\sunxacml-1.2\\sample\\policy\\time-range.xml";
// String file1 = "C:\\sun xacml\\sunxacml-1.2\\sample\\request\\sensitive.xml";
// String file2 = "C:\\sun xacml\\sunxacml-1.2\\sample\\policy\\obligation.xml";
// String file1 = "C:\\sun xacml\\sunxacml-1.2\\sample\\request\\resource-content.xml";
// String file2 = "C:\\sun xacml\\sunxacml-1.2\\sample\\policy\\selector.xml";
// String file1 = "C:\\sun xacml\\sunxacml-1.2\\sample\\request\\ESA_location_request_1.xml";
// String file2 = "C:\\sun xacml\\sunxacml-1.2\\sample\\policy\\ESA_localtion_policy_1.xml";
// String file1 = "C:\\sun xacml\\sunxacml-1.2\\sample\\request\\ESA_location_request_2.xml";
// String file2 = "C:\\sun xacml\\sunxacml-1.2\\sample\\policy\\ESA_localtion_policy_2.xml";
// String file1 = "C:\\sun xacml\\sunxacml-1.2\\sample\\request\\ESA_location_request_3.xml";
// String file2 = "C:\\sun xacml\\sunxacml-1.2\\sample\\policy\\ESA_localtion_policy_3.xml";
// String file1 = "C:\\sun xacml\\sunxacml-1.2\\sample\\request\\ESA_location_request_4.xml";
// String file2 = "C:\\sun xacml\\sunxacml-1.2\\sample\\policy\\ESA_location_policy_4.xml";
String file1 = "C:\\sun xacml\\sunxacml-1.2\\sample\\request\\company_request.xml";
String file2 = "C:\\sun xacml\\sunxacml-1.2\\sample\\policy\\company_policy.xml";
//args = new String[] { "-config", file1};
args = new String[] { file1 , file2};
if (args.length < 2) {
System.out.println("Usage: -config <request>");
System.out.println(" <request> <policy> [policies]");
System.exit(1);
}
SimplePDP simplePDP = null;
String requestFile = null;
long start0 = System.currentTimeMillis();
if (args[0].equals("-config")) {
requestFile = args[1];
simplePDP = new SimplePDP();
//simplePDP = new SimplePDP(requestFile);
} else {
requestFile = args[0];
String [] policyFiles = new String[args.length - 1];
for (int i = 1; i < args.length; i++)
policyFiles[i-1] = args[i];
simplePDP = new SimplePDP(policyFiles);
}
System.out.println(" Policy load Time ---------> " + (System.currentTimeMillis() - start0) + " ms");
long start = System.currentTimeMillis();
// evaluate the request
ResponseCtx response = simplePDP.evaluate(requestFile);
System.out.println(" Evaluate Time ---------> " + (System.currentTimeMillis() - start) + " ms");
long start1 = System.currentTimeMillis();
// for this sample program, we'll just print out the response
response.encode(System.out, new Indenter());
System.out.println(" Print response Time ---------> " + (System.currentTimeMillis() - start1) + " ms");
}
}
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]