[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Hierarchical resources policy and request file
Hi Seth, Following 4 files are attached.I am using Sun's XACML 1.2 implementation for this. 1).ResourceAttributeFinderModule.java 2).company_policy.xml 3).company_request.xml 4).SimplePDP.java Exception is as follows (I have added to println to some classes): -------------------------------------------------- ----------------------------------------------------- <<FunctionBase checkInputs inputs --- [com.sun.xacml.attr.AttributeDesignator@139b78e, com.sun.xacml.attr.AttributeDesignator@41d05d] <<FunctionBase checkInputs singleType --- false ------FunctionBase.checkInputs --- paramTypes.length 2 ------FunctionBase.checkInputs --- inputs [com.sun.xacml.attr.AttributeDesignator@139b78e, com.sun.xacml.attr.AttributeDesignator@41d05d] ------FunctionBase.checkInputs --- iteration i ====== 0 ------FunctionBase.checkInputs --- eval com.sun.xacml.attr.AttributeDesignator@139b78e ------FunctionBase.checkInputs --- eval.getChildren() [] ------FunctionBase.checkInputs --- eval.getType() http://www.w3.org/2001/XMLSchema#string ------FunctionBase.checkInputs --- paramTypes[i] for i = 0 is :: http://www.w3.org/2001/XMLSchema#string ------FunctionBase.checkInputs --- eval.evaluatesToBag() true ------FunctionBase.checkInputs --- paramsAreBags[i]) for i = 0 is :: false Jul 4, 2006 9:41:49 AM com.sun.xacml.finder.impl.FilePolicyModule loadPolicy WARNING: Error reading policy from file C:\sun xacml\sunxacml-1.2\sample\policy\company_policy.xml java.lang.IllegalArgumentException: illegal parameter at com.sun.xacml.cond.FunctionBase.checkInputs(FunctionBase.java:461) at com.sun.xacml.cond.Apply.<init>(Apply.java:142) at com.sun.xacml.cond.Apply.getInstance(Apply.java:259) at com.sun.xacml.cond.Apply.getConditionInstance(Apply.java:170) at com.sun.xacml.Rule.getInstance(Rule.java:181) at com.sun.xacml.Policy.<init>(Policy.java:215) at com.sun.xacml.Policy.getInstance(Policy.java:237) at com.sun.xacml.finder.impl.FilePolicyModule.loadPolicy(FilePolicyModule.java:321) at com.sun.xacml.finder.impl.FilePolicyModule.init(FilePolicyModule.java:218) at com.sun.xacml.finder.PolicyFinder.init(PolicyFinder.java:141) at com.sun.xacml.PDP.<init>(PDP.java:107) at SimplePDP.<init>(SimplePDP.java:211) at SimplePDP.main(SimplePDP.java:312) resourceFinder --> com.sun.xacml.finder.ResourceFinder@ce2187 Policy load Time ---------> 2047 ms ----------------------------------------------------- ----------------------------------------------------- --- Seth Proctor <Seth.Proctor@sun.com> wrote: > > Hi Dhirendra. > > On Jul 2, 2006, at 10:42 AM, dhirendra sharma wrote: > > I am using Sun's XACML 1.2 implementation. > > I am coding the Context Handler, policy and > request > > files per Anne Anderson's suggestion below. > > > > Can you please review the attached three files: > > I didn't see the files attached. Can you re-send > with the files? > > > It is not working for me.Keeps throing exception > on > > condition element.I tried it in various ways but > still > > doesn't work. > > Could you mail me the specific exception that is > being thrown? Also, > we might want to take this discussion to the > sunxacml-discuss list if > this becomes a question specific to that system. > > > seth > > --------------------------------------------------------------------- > This publicly archived list supports open discussion > on using the > XACML OASIS Standard. To minimize spam in the > archives, you > must subscribe before posting. > > [Un]Subscribe/change address: > http://www.oasis-open.org/mlmanage/ > Alternately, using email: > list-[un]subscribe@lists.oasis-open.org > List archives: > http://lists.oasis-open.org/archives/xacml-users/ > Committee homepage: > http://www.oasis-open.org/committees/xacml/ > List Guidelines: > http://www.oasis-open.org/maillists/guidelines.php > Join OASIS: http://www.oasis-open.org/join/ > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
import com.sun.xacml.EvaluationCtx; import com.sun.xacml.attr.AnyURIAttribute; import com.sun.xacml.attr.AttributeDesignator; import com.sun.xacml.attr.BagAttribute; import com.sun.xacml.attr.RFC822NameAttribute; import com.sun.xacml.attr.StringAttribute; import com.sun.xacml.cond.EvaluationResult; import com.sun.xacml.ctx.Status; import com.sun.xacml.finder.AttributeFinderModule; import java.net.URI; import java.net.URISyntaxException; import java.util.ArrayList; import java.util.HashSet; import java.util.Set; /** * * */ public class ResourceAttributeFinderModule extends AttributeFinderModule { // the one and only attribute identifier that this module supports private static final String SUPPORTED_ATTRIBUTE_ID = "urn:oasis:names:tc:xacml:1.0:resource:parent"; // the identifier and type of the user private static final String COMPANY = "company"; private static final String COMPANY_TYPE = AnyURIAttribute.identifier; // URI versions of the subject data private URI companyId; private URI companyType; /** * Default constructor. */ public ResourceAttributeFinderModule() throws URISyntaxException { // setup the subject identifier information companyId = new URI(COMPANY); companyType = new URI(COMPANY_TYPE); // this code doesn't do it, but this would be a good place to setup a // cache if you don't want to fetch the group information each time } /** * Sepcifies whether or not this module supports AttributeDesignator * queries. Since that's what this code does, this method always * returns true; * * @return true */ public boolean isDesignatorSupported() { return true; } /** * Specifies the types of designators this code supports. In this * case, the module supports only subject attributes. * * @return a <code>Set</code> containing the supported types */ public Set getSupportedDesignatorTypes() { Set types = new HashSet(); //types.add(new Integer(AttributeDesignator.SUBJECT_TARGET)); types.add(new Integer(AttributeDesignator.RESOURCE_TARGET)); return types; } /** * Specifies the identifiers that this code supports. This module has * been written to support exactly one attribute, but in general you * could write a module that supports any number of attributes. * * @return a <code>Set</code> specifying the supported attributes ids */ public Set getSupportedIds() { Set ids = new HashSet(); try { ids.add(new URI(SUPPORTED_ATTRIBUTE_ID)); } catch (URISyntaxException se) { // this won't actually happen in this case return null; } return ids; } /** * This is called when the PDP is trying to find a value that wasn't * included in a Request. The value that the PDP is looking for may or * may not be supported by this module, so you first have to check * that you can handle this request. */ public EvaluationResult findAttribute(URI attributeType, URI attributeId, URI issuer, URI subjectCategory, EvaluationCtx context, int designatorType) { System.out.println("<<ENTER>> ResourceAttributeFinderModule here1"); // check that this is a Subject attribute //if (designatorType != AttributeDesignator.SUBJECT_TARGET) if (designatorType != AttributeDesignator.RESOURCE_TARGET) return new EvaluationResult(BagAttribute. createEmptyBag(attributeType)); System.out.println(" ResourceAttributeFinderModule here2"); // check that this is the type and identifier that this module is // setup to handle if ((! attributeType.toString().equals(StringAttribute.identifier)) || (! attributeId.toString().equals(SUPPORTED_ATTRIBUTE_ID))) return new EvaluationResult(BagAttribute. createEmptyBag(attributeType)); System.out.println(" ResourceAttributeFinderModule here3"); // if we got here then we're looking for the one attribute that this // module knows how to handle, so get the user's identifier...note // that we don't consider the issuer here, since it pertains to the // issuer of the group values (ie, the values that this module is // supposed to return) //EvaluationResult result = context.getSubjectAttribute(userIdType, userId, subjectCategory); EvaluationResult result = context.getResourceAttribute(companyType, companyId, subjectCategory); System.out.println(" ResourceAttributeFinderModule here4"); // make sure there wasn't an error getting the identifier if (result.indeterminate()) { return result; } System.out.println(" ResourceAttributeFinderModule here5"); // make sure we found exactly one value for the user's identifier BagAttribute bag = (BagAttribute)(result.getAttributeValue()); System.out.println(" ResourceAttributeFinderModule here6 -- BagAttribute bag = " + bag); if (bag.size() != 1) { ArrayList code = new ArrayList(); code.add(Status.STATUS_PROCESSING_ERROR); Status status = new Status(code, "couldn't find user's identifier"); return new EvaluationResult(status); } System.out.println(" ResourceAttributeFinderModule here7"); // get the identifier out of the bag and get the group memberships //RFC822NameAttribute user = (RFC822NameAttribute)(bag.iterator().next()); AnyURIAttribute company = (AnyURIAttribute)(bag.iterator().next()); System.out.println(" ResourceAttributeFinderModule here8"); //return getGroups(user); return getCompany(company); } /** * This is the app-specific part that you need to fill in to make this * module work correctly. This method should use the user's identity * to lookup the groups that the user is in. The groups will probably * be returned either as multiple items in a bag, or as a single String * listing all the groups (depending on what your system needs). */ private EvaluationResult getGroups(RFC822NameAttribute user) { // do the group lookup...note that regardless of the form of the // groups, you must return an EvaluationResult that contains a // Bag, since that's the form that must be returned from the // findAttribute method above BagAttribute groups = null; // if there is an error at any point in this routine, then return // an EvaluationResult with status to explain the error // finally, return the group information return new EvaluationResult(groups); } /** * This is the app-specific part that you need to fill in to make this * module work correctly. This method should use the user's identity * to lookup the groups that the user is in. The groups will probably * be returned either as multiple items in a bag, or as a single String * listing all the groups (depending on what your system needs). */ private EvaluationResult getCompany(AnyURIAttribute company) { System.out.println(" ResourceAttributeFinderModule getCompany here1"); // do the group lookup...note that regardless of the form of the // groups, you must return an EvaluationResult that contains a // Bag, since that's the form that must be returned from the // findAttribute method above BagAttribute companys = null; Set set = new HashSet(); System.out.println(" ResourceAttributeFinderModule getCompany here2"); try { System.out.println(" ResourceAttributeFinderModule getCompany here3"); AnyURIAttribute sa = new AnyURIAttribute(new URI("18021")); AnyURIAttribute sa1 = new AnyURIAttribute(new URI("18022")); set.add(sa); set.add(sa1); System.out.println(" ResourceAttributeFinderModule getCompany here4"); companys = new BagAttribute(sa.getType(), set); System.out.println(" ResourceAttributeFinderModule getCompany here5"); } catch (URISyntaxException e) { System.out.println(" ResourceAttributeFinderModule URISyntaxException " + e.toString()); // TODO Auto-generated catch block e.printStackTrace(); } // if there is an error at any point in this routine, then return // an EvaluationResult with status to explain the error // finally, return the group information return new EvaluationResult(companys); } }
<?xml version="1.0" encoding="UTF-8"?> <Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyId="WCM-Release-Car_Policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides"> <Description> Sample tree : 180820 / \ 180821 180822 / \ 180823 180824 </Description> <!-- =============================================================================================== --> <Target> <Subjects> <AnySubject/> </Subjects> <Resources> <AnyResource/> </Resources> <Actions> <AnyAction/> </Actions> </Target> <!-- =============================================================================================== --> <Rule RuleId="WCMReleaseCarRule1" Effect="Permit"> <Target> <Subjects> <AnySubject/> </Subjects> <Resources> <AnyResource/> </Resources> <Actions> <AnyAction/> </Actions> </Target> <Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in"> <!-- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:anyURI-is-in"> --> <SubjectAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="subject-company" /> <ResourceAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:parent" /> <!-- </Apply> --> </Condition> </Rule> <!-- =============================================================================================== --> </Policy>
<?xml version="1.0" encoding="UTF-8"?> <Request xmlns="urn:oasis:names:tc:xacml:1.0:context" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:xacml:1.0:context cs-xacml-schema-context-01.xsd"> <Subject> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>xmic001</AttributeValue> </Attribute> <Attribute AttributeId="group" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>WCM-Release-Car</AttributeValue> <!-- User group from LDAP --> </Attribute> <Attribute AttributeId="subject-company" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>18021</AttributeValue> <!-- Top level company that this belongs to from LDAP --> </Attribute> <!-- Get all the tree starting from 18021 and below --> <!-- <Attribute AttributeId="urn:namespace:subject-company-level" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>TREE</AttributeValue> </Attribute> --> </Subject> <Resource> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>180822</AttributeValue> <!-- Company to be read --> </Attribute> <!-- <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:scope" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>Descendants</AttributeValue> </Attribute> --> </Resource> <Action> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>ReleaseCar</AttributeValue> </Attribute> </Action> </Request>
/* * @(#)SimplePDP.java * * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistribution of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed or intended for use in * the design, construction, operation or maintenance of any nuclear facility. */ import com.sun.xacml.ConfigurationStore; import com.sun.xacml.Indenter; import com.sun.xacml.ParsingException; import com.sun.xacml.PDP; import com.sun.xacml.PDPConfig; import com.sun.xacml.cond.FunctionFactory; import com.sun.xacml.cond.FunctionFactoryProxy; import com.sun.xacml.cond.StandardFunctionFactory; import com.sun.xacml.ctx.RequestCtx; import com.sun.xacml.ctx.ResponseCtx; import com.sun.xacml.finder.AttributeFinder; import com.sun.xacml.finder.PolicyFinder; import com.sun.xacml.finder.ResourceFinder; import com.sun.xacml.finder.impl.CurrentEnvModule; import com.sun.xacml.finder.impl.FilePolicyModule; import com.sun.xacml.finder.impl.SelectorModule; import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.net.URI; import java.net.URISyntaxException; import java.util.ArrayList; import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Set; /** * This is a simple, command-line driven XACML PDP. It acts both as an example * of how to write a full-featured PDP and as a sample program that lets you * evaluate requests against policies. See the comments for the main() method * for correct usage. * * @since 1.1 * @author seth proctor */ public class SimplePDP { // this is the actual PDP object we'll use for evaluation private PDP pdp = null; /** * Default constructor. This creates a <code>SimplePDP</code> with a * <code>PDP</code> based on the configuration defined by the runtime * property com.sun.xcaml.PDPConfigFile. */ public SimplePDP() throws Exception { // load the configuration System.out.println(" load the sys config"); ConfigurationStore store = new ConfigurationStore(); System.out.println(" loaded sys config"); // use the default factories from the configuration store.useDefaultFactories(); System.out.println("use the default factories from the configuration"); // get the PDP configuration's and setup the PDP pdp = new PDP(store.getDefaultPDPConfig()); System.out.println("got the PDP configuration's and setup the PDP"); } public SimplePDP(String requestFile) throws Exception { // load the configuration System.out.println(" load the sys config for requestFile --> " + requestFile); File configFile = new File(requestFile); ConfigurationStore store = new ConfigurationStore(configFile); System.out.println(" loaded sys config"); // use the default factories from the configuration store.useDefaultFactories(); System.out.println("use the default factories from the configuration"); // get the PDP configuration's and setup the PDP pdp = new PDP(store.getDefaultPDPConfig()); System.out.println("got the PDP configuration's and setup the PDP"); } /** * Constructor that takes an array of filenames, each of which * contains an XACML policy, and sets up a <code>PDP</code> with access * to these policies only. The <code>PDP</code> is configured * programatically to have only a few specific modules. * * @param policyFiles an arry of filenames that specify policies */ public SimplePDP(String [] policyFiles) throws Exception { // Create a PolicyFinderModule and initialize it...in this case, // we're using the sample FilePolicyModule that is pre-configured // with a set of policies from the filesystem FilePolicyModule filePolicyModule = new FilePolicyModule(); System.out.println("FilePolicyModule"); for (int i = 0; i < policyFiles.length; i++) { System.out.println("FilePolicyModule ---> i --> " + i + " -----policyFile--- " + policyFiles[i]); filePolicyModule.addPolicy(policyFiles[i]); } // next, setup the PolicyFinder that this PDP will use PolicyFinder policyFinder = new PolicyFinder(); Set policyModules = new HashSet(); policyModules.add(filePolicyModule); policyFinder.setModules(policyModules); System.out.println("Set policyModules.size() ---> "+ policyModules.size()); // now setup attribute finder modules for the current date/time and // AttributeSelectors (selectors are optional, but this project does // support a basic implementation) CurrentEnvModule envAttributeModule = new CurrentEnvModule(); SelectorModule selectorAttributeModule = new SelectorModule(); SampleAttrFinderModule sampleAttrFinderModule = new SampleAttrFinderModule(); ResourceAttributeFinderModule resourceAttributeFinderModule = new ResourceAttributeFinderModule(); // Setup the AttributeFinder just like we setup the PolicyFinder. Note // that unlike with the policy finder, the order matters here. See the // the javadocs for more details. AttributeFinder attributeFinder = new AttributeFinder(); List attributeModules = new ArrayList(); attributeModules.add(envAttributeModule); attributeModules.add(selectorAttributeModule); attributeModules.add(sampleAttrFinderModule); attributeModules.add(resourceAttributeFinderModule); attributeFinder.setModules(attributeModules); System.out.println(" List attributeModules ---> "+ attributeModules); // Try to load the time-in-range function, which is used by several // of the examples...see the documentation for this function to // understand why it's provided here instead of in the standard // code base. FunctionFactoryProxy proxy = StandardFunctionFactory.getNewFactoryProxy(); FunctionFactory factory = proxy.getConditionFactory(); factory.addFunction(new TimeInRangeFunction()); FunctionFactory.setDefaultFactory(proxy); System.out.println(" FunctionFactoryProxy proxy ---> "+ proxy); System.out.println("<<SimplePDP>> finally, initialize our pdp"); //Resource Finder stuff System.out.println(" Resource Finder stuff "); ResourceFinder resourceFinder = new ResourceFinder(); LocationResourceFinderModule locationResourceFinderModule = new LocationResourceFinderModule(); List resourceModules = new ArrayList(); resourceModules.add(locationResourceFinderModule); resourceFinder.setModules(resourceModules); // finally, initialize our pdp //pdp = new PDP(new PDPConfig(attributeFinder, policyFinder, null)); pdp = new PDP(new PDPConfig(attributeFinder, policyFinder, resourceFinder)); } /** * Evaluates the given request and returns the Response that the PDP * will hand back to the PEP. * * @param requestFile the name of a file that contains a Request * * @return the result of the evaluation * * @throws IOException if there is a problem accessing the file * @throws ParsingException if the Request is invalid */ public ResponseCtx evaluate(String requestFile) throws IOException, ParsingException { System.out.println(" evaluate requestFile ---> "+ requestFile); // setup the request based on the file RequestCtx request = RequestCtx.getInstance(new FileInputStream(requestFile)); System.out.println(" evaluate the request ---> "+ request); // evaluate the request return pdp.evaluate(request); } /** * Main-line driver for this sample code. This method lets you invoke * the PDP directly from the command-line. * * @param args the input arguments to the class. They are either the * flag "-config" followed by a request file, or a request * file followed by one or more policy files. In the case * that the configuration flag is used, the configuration * file must be specified in the standard java property, * com.sun.xacml.PDPConfigFile. */ public static void main(String [] args) throws Exception { System.out.println("<<ENTRY>>SimplePDP.main() ----------- "); //String file = "C:\\sun xacml\\sunxacml-1.2\\sample\\config\\standard.xml"; // String file1 = "C:\\sun xacml\\sunxacml-1.2\\sample\\request\\generated.xml"; // String file2 = "C:\\sun xacml\\sunxacml-1.2\\sample\\policy\\generated.xml"; // String file1 = "C:\\sun xacml\\sunxacml-1.2\\sample\\request\\door-access.xml"; // String file2 = "C:\\sun xacml\\sunxacml-1.2\\sample\\policy\\time-range.xml"; // String file1 = "C:\\sun xacml\\sunxacml-1.2\\sample\\request\\sensitive.xml"; // String file2 = "C:\\sun xacml\\sunxacml-1.2\\sample\\policy\\obligation.xml"; // String file1 = "C:\\sun xacml\\sunxacml-1.2\\sample\\request\\resource-content.xml"; // String file2 = "C:\\sun xacml\\sunxacml-1.2\\sample\\policy\\selector.xml"; // String file1 = "C:\\sun xacml\\sunxacml-1.2\\sample\\request\\ESA_location_request_1.xml"; // String file2 = "C:\\sun xacml\\sunxacml-1.2\\sample\\policy\\ESA_localtion_policy_1.xml"; // String file1 = "C:\\sun xacml\\sunxacml-1.2\\sample\\request\\ESA_location_request_2.xml"; // String file2 = "C:\\sun xacml\\sunxacml-1.2\\sample\\policy\\ESA_localtion_policy_2.xml"; // String file1 = "C:\\sun xacml\\sunxacml-1.2\\sample\\request\\ESA_location_request_3.xml"; // String file2 = "C:\\sun xacml\\sunxacml-1.2\\sample\\policy\\ESA_localtion_policy_3.xml"; // String file1 = "C:\\sun xacml\\sunxacml-1.2\\sample\\request\\ESA_location_request_4.xml"; // String file2 = "C:\\sun xacml\\sunxacml-1.2\\sample\\policy\\ESA_location_policy_4.xml"; String file1 = "C:\\sun xacml\\sunxacml-1.2\\sample\\request\\company_request.xml"; String file2 = "C:\\sun xacml\\sunxacml-1.2\\sample\\policy\\company_policy.xml"; //args = new String[] { "-config", file1}; args = new String[] { file1 , file2}; if (args.length < 2) { System.out.println("Usage: -config <request>"); System.out.println(" <request> <policy> [policies]"); System.exit(1); } SimplePDP simplePDP = null; String requestFile = null; long start0 = System.currentTimeMillis(); if (args[0].equals("-config")) { requestFile = args[1]; simplePDP = new SimplePDP(); //simplePDP = new SimplePDP(requestFile); } else { requestFile = args[0]; String [] policyFiles = new String[args.length - 1]; for (int i = 1; i < args.length; i++) policyFiles[i-1] = args[i]; simplePDP = new SimplePDP(policyFiles); } System.out.println(" Policy load Time ---------> " + (System.currentTimeMillis() - start0) + " ms"); long start = System.currentTimeMillis(); // evaluate the request ResponseCtx response = simplePDP.evaluate(requestFile); System.out.println(" Evaluate Time ---------> " + (System.currentTimeMillis() - start) + " ms"); long start1 = System.currentTimeMillis(); // for this sample program, we'll just print out the response response.encode(System.out, new Indenter()); System.out.println(" Print response Time ---------> " + (System.currentTimeMillis() - start1) + " ms"); } }
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]