OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml-users] Expressing XACML policy



Hi Giedrius. In the future, please take discussions specific to the SunXACML
project to the sunxacml-discuss@lists.sourceforge.net alias. Just to
address a few things here quickly..

> Finally I managed to implement it via custom function (function
> FN_isPolicyHolder(subjectId, policyId)). Custom function approach in
> Condition part of rule looks like better alternative to the Attribute
> Designators. But now I have problem with registering custom function:

Blair had the right answer. XACML is designed to allow you to fetch attributes
from arbitrary sources, and SunXACML is built to do this using the
AttributeFinderModule interface. This is specifically why it's there. You
should *not* be writing custom functions to retrieve attribute values.

> I have tried: FunctionFactory.getConditionInstance().addFunction(new
> IsPolicyHolder()) and I get exception:
>
> java.lang.UnsupportedOperationException: a standard factory cannot support
> new functions

Please see the javadocs, and the discussion of this on the sunxacml list. The
current version of the project is very clear that the default factory is
immutable, and if you want to add functions, you need to get a fresh
factory instance first. The online programmer's guide is for the 1.2
release, not for the current source tree, which it appears you're using.


seth


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]