Creating a dynamic new RequestCtx

[niro]

Hi,

I was looking to find a way to create a RequestCtx dynamically where I could set the attributes, Resouces, action from a method and not from file or xml or inputstreams.

regards,
Niroj

[Florian Huonder]

Hi Niro,

If I understand you correctly, this is very simple.
All the XACML-XML elements are mapped to Java Classes.

So on your code you could do (I assume you use 1.0.0-M2):

Code:

RequestType reqT = new RequestType();
reqT... // set here all your attributes
RequestCtx req = new RequestCtx(reqT);

From 1.0.0.M3 on, the RequestCtx type will be deprecated (and removed in 1.0.0.RELEASE) (see http://dev.herasaf.org/browse/XACMLCORE-154 and http://dev.herasaf.org/browse/XACMLCORE-155)
New, you should directly use RequestType. The PDP also is able to handle the ResourceType directly.

It is planned (http://dev.herasaf.org/browse/XACMLCORE-158) to create an API for an easier creation of the RequestType.

If you need any further information. Just let me know.

Regards,
Florian

[niro]

Hi Florian,

I wanted to know if I am correct in my understanding that the 1.0.0.M3-SNAPSHOT is still not capable of creating a complete RequestType with SubjectType, ResourceType,ActionType and EnvironmentType, because I do not see any setters for SubjectTypes and ResourceTypes in the RequestType class.

Regards,
Niro

[Florian Huonder]

Hi Niro,

You are right, the latest Snapshot is still not able to do that in a short way.
You are still required to make it the long way, means: Create the complete object structure on your own.

Best regards,
Florian

[niro]

Hi Florian,

Is there a wiki page or something on how to create the complete RequestType, that shows what fields are needed to be set?


Regards,
niro

[Florian Huonder]

Hi Niro,

Sorry, but such a documentation does not exist.
You, unfortunately, must look into the XACML 2.0 specification for details.

But basically it requires in minimum:

Code:

<?xml version="1.0" encoding="UTF-8"?>
<Request xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
<Subject />
<Resource />
<Action />
<Environment/>
</Request>

(There may be multiple <Subject> and multiple <Resource>* elements).

This is required for a valid Request. It is an empty request.

Then under each of those elements you can place your Attributes.

Best regards,
Florian

*) Pay attention with multiple <Resource> elements. This is only allowed when using the multiple resources profile. Our XACML implementation does not support the multiple resources profile.

[René Eggenschwiler]

Hi Niro

Unfortunately we don't have a special documentation for that.

The best documentation you can find is the javadoc inside the classes and the XACML 2.0 specification itself.

With the javadoc, the spec and your knowledge about your specific XACML request structure you should be able to create the RequestType.
Simply imagine how it would look like in XML. You'll find the according classes in the package org.herasaf.xacml.core.context.impl and org.herasaf.xacml.core.dataTypeAttribute.impl.

In example XML Request should look like this:

Code:

<?xml version="1.0" encoding="UTF-8"?>
<Request xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
      http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
<Subject>
<Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>niro</AttributeValue>
</Attribute>
</Subject>
<Resource/>
<Action/>
<Environment/>
</Request>

You would then code like this (PseudoCode):

Code:

// create the Attribute Value
AttributeValueType myValue = new AttributeValueType();
myValue.getContent.add(new String("niro");

// create the DataType
StringDataTypeAttribute stringDataType = new StringDataTypeAttribute();

// create the Attribute
AttributeType myAttribute = new AttributeType();
myAttribute.setAttributeId("urn:oasis:names:tc:xacml:2.0:subject:subject-id");
myAttribute.setDatatype(stringDataType);
stringDataType.getAttributeValues().add(myValue);


// create the subjects part
SubjectType mySubject = new SubjectType();
subject.getAttributes().add(myAttribute);

// create the Request
RequestType myRequest = new RequestType();
myRequest.getSubjects().add(mySubject);

 
Like Florian already posted before. It is a little bit uncomfortable to "hangle" through all the collections with "get().add(...)", but at the moment we don't have a convinience API making it easier.

Maybe if your request mostly use the same structure and IDs, then you could write a small helper class (convinience API) for yourself.

Hope that gives you a better idea.

Regards,
René

[niro]

Hi,

Thanks for the pseudocode. It saved me a lot of time.

Regards,
Niro

[websurfing]

I am working on a XACML-based problem and this pseudocode was really useful. I though I would share my method which builds a simple request.

Code:

public static RequestType requestBuilder(String groupString,
String resourceString, String actionString) {
/*
* Creates a request in the form:
*
* <Request xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
* xmlns:ns2="urn:oasis:names:tc:xacml:2.0:policy:schema:os"> <Subject>
* <Attribute AttributeId="group"
* DataType="http://www.w3.org/2001/XMLSchema#string">
* <AttributeValue>tuser</AttributeValue> </Attribute> </Subject>
* <Resource> <Attribute AttributeId="resource-id"
* DataType="http://www.w3.org/2001/XMLSchema#string">
* <AttributeValue>flights</AttributeValue> </Attribute> </Resource>
* <Action> <Attribute AttributeId="action-id"
* DataType="http://www.w3.org/2001/XMLSchema#string">
* <AttributeValue>view</AttributeValue> </Attribute> </Action>
* </Request>
*/
// create the subjects part
// create the Attribute Value
AttributeValueType subjectValue = new AttributeValueType();
subjectValue.getContent().add(new String(groupString));
// create the DataType
StringDataTypeAttribute stringDataType = new StringDataTypeAttribute();

// create the Attribute
AttributeType subjectAttribute = new AttributeType();
subjectAttribute.setAttributeId("group");
subjectAttribute.setDataType(stringDataType);
subjectAttribute.getAttributeValues().add(subjectValue);
// stringDataType.getAttributeValues().add(subjectValue);
// create the subjects part
SubjectType subject = new SubjectType();
subject.getAttributes().add(subjectAttribute);

// create the DataType
AttributeValueType resValue = new AttributeValueType();
resValue.getContent().add(new String(resourceString));
// create the Attribute
AttributeType resAttribute = new AttributeType();
resAttribute.setAttributeId("resource-id");
resAttribute.setDataType(stringDataType);
resAttribute.getAttributeValues().add(resValue);

// Create the resource part
ResourceType resource = new ResourceType();
resource.getAttributes().add(resAttribute);

// create the DataType
AttributeValueType actionValue = new AttributeValueType();
actionValue.getContent().add(new String(actionString));
// create the Attribute
AttributeType actionAttribute = new AttributeType();
actionAttribute.setAttributeId("action-id");
actionAttribute.setDataType(stringDataType);
actionAttribute.getAttributeValues().add(actionValue);

// Create the actionource part
ActionType action = new ActionType();
action.getAttributes().add(actionAttribute);

RequestType requestType = new RequestType();
requestType.getSubjects().add(subject);
requestType.getResources().add(resource);
requestType.setAction(action);

// RequestMarshaller.marshal(request, System.out);
// make the output XML print to stdout - for debugging

return requestType;

}

[René Eggenschwiler]

Thanks for your input.

Best regards,
René