[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Expressing XACML policy
Hi Giedrius. In the future, please take discussions specific to the SunXACML project to the sunxacml-discuss@lists.sourceforge.net alias. Just to address a few things here quickly.. > Finally I managed to implement it via custom function (function > FN_isPolicyHolder(subjectId, policyId)). Custom function approach in > Condition part of rule looks like better alternative to the Attribute > Designators. But now I have problem with registering custom function: Blair had the right answer. XACML is designed to allow you to fetch attributes from arbitrary sources, and SunXACML is built to do this using the AttributeFinderModule interface. This is specifically why it's there. You should *not* be writing custom functions to retrieve attribute values. > I have tried: FunctionFactory.getConditionInstance().addFunction(new > IsPolicyHolder()) and I get exception: > > java.lang.UnsupportedOperationException: a standard factory cannot support > new functions Please see the javadocs, and the discussion of this on the sunxacml list. The current version of the project is very clear that the default factory is immutable, and if you want to add functions, you need to get a fresh factory instance first. The online programmer's guide is for the 1.2 release, not for the current source tree, which it appears you're using. seth
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]