-
1. Re: Info on XACML PDP Locators?
anil.saldhana Jun 6, 2011 12:19 PM (in response to paorocce)sorry for late reply.
the current 2.0.6 v has the policies from directory feature.
For the composition of policies from different source, you can look at the source for the ldap policy locator and write your own.
-
2. Re: Info on XACML PDP Locators?
paorocce Jun 8, 2011 5:35 AM (in response to anil.saldhana)Dear Anil,
thaks for your reply, anyway I'm still not able to set a whole directory as source of policies.
I tried using the following configuration for the PDP:
<ns:jbosspdp xmlns:ns="urn:jboss:xacml:2.0">
<ns:Policies>
<ns:PolicySet>
<ns:Location>policies</ns:Location>
</ns:PolicySet>
</ns:Policies>
<ns:Locators>
<ns:Locator Name="org.jboss.security.xacml.locators.JBossPolicySetLocator">
</ns:Locator>
</ns:Locators>
</ns:jbosspdp>
but I get the following error when evaluating a request:
11:26:27,541 ERROR [STDERR] [Fatal Error] :1:1: Content is not allowed in prolog.
11:26:27,543 ERROR [[/pdp]] StandardWrapper.Throwable
java.lang.RuntimeException: java.lang.reflect.InvocationTargetException
at org.jboss.security.xacml.core.JBossPDP.<init>(JBossPDP.java:114)
at org.picketlink.identity.federation.web.servlets.saml.SOAPSAMLXACMLServlet.getPDP(SOAPSAMLXACMLServlet.java:268)
Using "
policies/mypolicy-policy.xml
"in the policyConfig.xml does the work, but then I'm just able to select one policy file from the directory, and not the directory as a whole.
Am I missing something?
Cheers,
Paolo
-
3. Re: Info on XACML PDP Locators?
anil.saldhana Jun 14, 2011 9:39 AM (in response to paorocce)Look at example: http://anonsvn.jboss.org/repos/jbossas/projects/security/security-xacml/trunk/jboss-xacml/src/test/resources/locators/rbac/rbac-config.xml
When we look in the directory:
-
4. Re: Info on XACML PDP Locators?
joshc1107 Oct 3, 2012 8:05 AM (in response to anil.saldhana)Anil, I noticed that you're using an RBAC policy locator to do this. Does this locator introduce any special stipulations for RBAC? I tried looking for documentation on how the policy locators worked (or even how they differed) but could not find any. Is this available?