You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openaz.apache.org by an...@apache.org on 2016/05/30 14:27:08 UTC
[1/3] incubator-openaz git commit: Add support for resource-location
attributes
Repository: incubator-openaz
Updated Branches:
refs/heads/wip-merge-resource-location-changes [created] 43ba4f023
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/test/resources/policies/testdatatypes.xml
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/policies/testdatatypes.xml b/openaz-pep/src/test/resources/policies/testdatatypes.xml
new file mode 100755
index 0000000..7465988
--- /dev/null
+++ b/openaz-pep/src/test/resources/policies/testdatatypes.xml
@@ -0,0 +1,127 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ PolicyId="urn:oasis:names:tc:xacml:2.0:testdatatypes:policy"
+ RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0"
+ xsi:schemaLocation="">
+ <Description></Description>
+ <Target/>
+ <Rule RuleId="urn:oasis:names:tc:xacml:2.0:testdatatypes:rule1" Effect="Permit">
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">John Smith</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">file://repository/classified/abc</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">view</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:oasis:names:tc:xacml:2.0:testdatatypes:rule2" Effect="Permit">
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">John Smith</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">file://repository/classified/xyz</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">view</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:oasis:names:tc:xacml:1.0:conformance-test:IIA3:rule3" Effect="Permit">
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">John Smith</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">101</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">view</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/test/resources/policies/testmapper.xml
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/policies/testmapper.xml b/openaz-pep/src/test/resources/policies/testmapper.xml
new file mode 100755
index 0000000..e964a02
--- /dev/null
+++ b/openaz-pep/src/test/resources/policies/testmapper.xml
@@ -0,0 +1,125 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ PolicyId="urn:oasis:names:tc:xacml:2.0:test004:policy"
+ RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0"
+ xsi:schemaLocation="">
+ <Description></Description>
+ <Target/>
+ <Rule RuleId="urn:oasis:names:tc:xacml:1.0:mapper-test:rule1"
+ Effect="Permit">
+ <Description></Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ROLE_DOCUMENT_WRITER</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:role-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Document</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-type"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
+ AttributeId="jpmc:document:document-owner"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:oasis:names:tc:xacml:1.0:mapper-test:rule2"
+ Effect="Permit">
+ <Description></Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ROLE_DOCUMENT_READER</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:role-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Document</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-type"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <AttributeDesignator AttributeId="jpmc:client:country-of-domicile"
+ Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <AttributeDesignator AttributeId="jpmc:request-context:country"
+ Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/test/resources/properties/testapi.xacml.properties
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/properties/testapi.xacml.properties b/openaz-pep/src/test/resources/properties/testapi.xacml.properties
index 7ba87d7..8b9098a 100755
--- a/openaz-pep/src/test/resources/properties/testapi.xacml.properties
+++ b/openaz-pep/src/test/resources/properties/testapi.xacml.properties
@@ -14,7 +14,7 @@ xacml.openaz.functionDefinitionFactory=org.apache.openaz.xacml.pdp.std.StdFuncti
xacml.openaz.policyFinderFactory=org.apache.openaz.xacml.pdp.std.StdPolicyFinderFactory
xacml.rootPolicies=testPolicy
-testPolicy.file=src/test/resources/policies/TestPolicy001.xml
+testPolicy.file=src/test/resources/policies/testapi.xml
# If there is a standard policy for the engine:
# xacml.att.stdPolicyFinderFactory.rootPolicyFile=/etc/stdpolicyset.xml
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/test/resources/properties/testconfig.xacml.properties
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/properties/testconfig.xacml.properties b/openaz-pep/src/test/resources/properties/testconfig.xacml.properties
new file mode 100755
index 0000000..f4f71d4
--- /dev/null
+++ b/openaz-pep/src/test/resources/properties/testconfig.xacml.properties
@@ -0,0 +1,21 @@
+# Default XACML Properties File
+# Standard API Factories
+#
+xacml.dataTypeFactory=org.apache.openaz.xacml.std.StdDataTypeFactory
+xacml.pdpEngineFactory=org.apache.openaz.xacml.pdp.OpenAZPDPEngineFactory
+xacml.pepEngineFactory=org.apache.openaz.xacml.std.pep.StdEngineFactory
+xacml.pipFinderFactory=org.apache.openaz.xacml.std.pip.StdPIPFinderFactory
+
+# OpenAZ PDP Implementation Factories
+#
+xacml.openaz.evaluationContextFactory=org.apache.openaz.xacml.pdp.std.StdEvaluationContextFactory
+xacml.openaz.combiningAlgorithmFactory=org.apache.openaz.xacml.pdp.std.StdCombiningAlgorithmFactory
+xacml.openaz.functionDefinitionFactory=org.apache.openaz.xacml.pdp.std.StdFunctionDefinitionFactory
+xacml.openaz.policyFinderFactory=org.apache.openaz.xacml.pdp.std.StdPolicyFinderFactory
+
+xacml.rootPolicies=testPolicy
+testPolicy.file=src/test/resources/policies/testconfig.xml
+
+pep.subject.id=default-subject-id
+pep.action.id=default-action-id
+pep.resource.id=default-resource-id
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/test/resources/properties/testdatatypes.xacml.properties
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/properties/testdatatypes.xacml.properties b/openaz-pep/src/test/resources/properties/testdatatypes.xacml.properties
index c4e8ef5..90cc014 100755
--- a/openaz-pep/src/test/resources/properties/testdatatypes.xacml.properties
+++ b/openaz-pep/src/test/resources/properties/testdatatypes.xacml.properties
@@ -14,7 +14,7 @@ xacml.openaz.functionDefinitionFactory=org.apache.openaz.xacml.pdp.std.StdFuncti
xacml.openaz.policyFinderFactory=org.apache.openaz.xacml.pdp.std.StdPolicyFinderFactory
xacml.rootPolicies=testPolicy
-testPolicy.file=src/test/resources/policies/TestPolicy003.xml
+testPolicy.file=src/test/resources/policies/testdatatypes.xml
# If there is a standard policy for the engine:
# xacml.att.stdPolicyFinderFactory.rootPolicyFile=/etc/stdpolicyset.xml
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/test/resources/properties/testmapper.xacml.properties
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/properties/testmapper.xacml.properties b/openaz-pep/src/test/resources/properties/testmapper.xacml.properties
index 22c67a3..10b0f02 100755
--- a/openaz-pep/src/test/resources/properties/testmapper.xacml.properties
+++ b/openaz-pep/src/test/resources/properties/testmapper.xacml.properties
@@ -14,7 +14,7 @@ xacml.openaz.functionDefinitionFactory=org.apache.openaz.xacml.pdp.std.StdFuncti
xacml.openaz.policyFinderFactory=org.apache.openaz.xacml.pdp.std.StdPolicyFinderFactory
xacml.rootPolicies=testPolicy
-testPolicy.file=src/test/resources/policies/TestPolicy004.xml
+testPolicy.file=src/test/resources/policies/testmapper.xml
#pep properties
pep.issuer=test
[3/3] incubator-openaz git commit: Merge remote-tracking branch
'phrinx/master' into wip-merge-resource-location-changes
Posted by an...@apache.org.
Merge remote-tracking branch 'phrinx/master' into wip-merge-resource-location-changes
Project: http://git-wip-us.apache.org/repos/asf/incubator-openaz/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-openaz/commit/43ba4f02
Tree: http://git-wip-us.apache.org/repos/asf/incubator-openaz/tree/43ba4f02
Diff: http://git-wip-us.apache.org/repos/asf/incubator-openaz/diff/43ba4f02
Branch: refs/heads/wip-merge-resource-location-changes
Commit: 43ba4f023264ceb9c0c3de1f16bc1f62e4aeb334
Parents: 843816a b888080
Author: Ajith Nair <aj...@gmail.com>
Authored: Fri May 27 17:14:38 2016 -0400
Committer: Ajith Nair <aj...@gmail.com>
Committed: Fri May 27 17:14:38 2016 -0400
----------------------------------------------------------------------
.../java/org/apache/openaz/pepapi/Action.java | 39 ++--
.../java/org/apache/openaz/pepapi/Resource.java | 93 +++------
.../java/org/apache/openaz/pepapi/Subject.java | 36 ++--
.../apache/openaz/pepapi/std/ActionMapper.java | 21 +-
.../openaz/pepapi/std/ResourceMapper.java | 30 ++-
.../apache/openaz/pepapi/std/StdPepConfig.java | 7 +-
.../apache/openaz/pepapi/std/SubjectMapper.java | 23 ++-
.../apache/openaz/pepapi/std/test/TestAPI.java | 27 +++
.../openaz/pepapi/std/test/TestConfig.java | 79 +++++++
.../openaz/pepapi/std/test/TestDataTypes.java | 13 --
.../test/resources/policies/TestPolicy001.xml | 71 -------
.../test/resources/policies/TestPolicy002.xml | 142 -------------
.../test/resources/policies/TestPolicy003.xml | 137 ------------
.../test/resources/policies/TestPolicy004.xml | 132 ------------
.../test/resources/policies/TestPolicy005.xml | 207 -------------------
.../test/resources/policies/TestPolicy006.xml | 97 ---------
.../src/test/resources/policies/testapi.xml | 114 ++++++++++
.../src/test/resources/policies/testconfig.xml | 59 ++++++
.../test/resources/policies/testdatatypes.xml | 127 ++++++++++++
.../src/test/resources/policies/testmapper.xml | 125 +++++++++++
.../properties/testapi.xacml.properties | 2 +-
.../properties/testconfig.xacml.properties | 21 ++
.../properties/testdatatypes.xacml.properties | 2 +-
.../properties/testmapper.xacml.properties | 2 +-
24 files changed, 678 insertions(+), 928 deletions(-)
----------------------------------------------------------------------
[2/3] incubator-openaz git commit: Add support for resource-location
attributes
Posted by an...@apache.org.
Add support for resource-location attributes
Related changes:
- removed CategoryContainer(Action,Subject,Resource) string ids
- Added support for PEP config defaults for resource, action, subject
- renamed policy files to match test class name
- removed orphoned config files
Project: http://git-wip-us.apache.org/repos/asf/incubator-openaz/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-openaz/commit/b888080e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-openaz/tree/b888080e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-openaz/diff/b888080e
Branch: refs/heads/wip-merge-resource-location-changes
Commit: b888080e89880d2dc3837ec7650966498592f1a7
Parents: 29d029c
Author: Dirk Koehler <di...@lookout.com>
Authored: Tue Mar 22 18:07:12 2016 -0700
Committer: Dirk Koehler <di...@lookout.com>
Committed: Tue Mar 22 18:19:58 2016 -0700
----------------------------------------------------------------------
.../java/org/apache/openaz/pepapi/Action.java | 39 ++--
.../java/org/apache/openaz/pepapi/Resource.java | 93 +++------
.../java/org/apache/openaz/pepapi/Subject.java | 36 ++--
.../apache/openaz/pepapi/std/ActionMapper.java | 21 +-
.../openaz/pepapi/std/ResourceMapper.java | 30 ++-
.../apache/openaz/pepapi/std/StdPepConfig.java | 7 +-
.../apache/openaz/pepapi/std/SubjectMapper.java | 23 ++-
.../apache/openaz/pepapi/std/test/TestAPI.java | 27 +++
.../openaz/pepapi/std/test/TestConfig.java | 79 +++++++
.../openaz/pepapi/std/test/TestDataTypes.java | 13 --
.../test/resources/policies/TestPolicy001.xml | 71 -------
.../test/resources/policies/TestPolicy002.xml | 142 -------------
.../test/resources/policies/TestPolicy003.xml | 137 ------------
.../test/resources/policies/TestPolicy004.xml | 132 ------------
.../test/resources/policies/TestPolicy005.xml | 207 -------------------
.../test/resources/policies/TestPolicy006.xml | 97 ---------
.../src/test/resources/policies/testapi.xml | 114 ++++++++++
.../src/test/resources/policies/testconfig.xml | 59 ++++++
.../test/resources/policies/testdatatypes.xml | 127 ++++++++++++
.../src/test/resources/policies/testmapper.xml | 125 +++++++++++
.../properties/testapi.xacml.properties | 2 +-
.../properties/testconfig.xacml.properties | 21 ++
.../properties/testdatatypes.xacml.properties | 2 +-
.../properties/testmapper.xacml.properties | 2 +-
24 files changed, 678 insertions(+), 928 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/main/java/org/apache/openaz/pepapi/Action.java
----------------------------------------------------------------------
diff --git a/openaz-pep/src/main/java/org/apache/openaz/pepapi/Action.java b/openaz-pep/src/main/java/org/apache/openaz/pepapi/Action.java
index efcf3d4..0477945 100644
--- a/openaz-pep/src/main/java/org/apache/openaz/pepapi/Action.java
+++ b/openaz-pep/src/main/java/org/apache/openaz/pepapi/Action.java
@@ -22,16 +22,12 @@ package org.apache.openaz.pepapi;
import org.apache.openaz.xacml.api.XACML3;
-;
-
/**
* Container class that maps attributes to predefined XACML Action category.
*/
public class Action extends CategoryContainer {
- public static final String ACTION_ID_KEY = "ACTION_ID_KEY";
-
- private String actionIdValue;
+ private String id;
private Action() {
super(XACML3.ID_ATTRIBUTE_CATEGORY_ACTION);
@@ -46,34 +42,35 @@ public class Action extends CategoryContainer {
return new Action();
}
+
/**
- * Create a new Action instance containing a single default attribute with the given value
+ * Creates a new Action instance with id
*
- * @param actionIdValue
+ * @param id
* @return
*/
- public static Action newInstance(String actionIdValue) {
- Action a = new Action();
- a.actionIdValue = actionIdValue;
- a.addAttribute(ACTION_ID_KEY, actionIdValue);
+ public static Action newInstance(String id) {
+ Action a = newInstance().withId(id);
+ a.addAttribute(XACML3.ID_ACTION_ACTION_ID.stringValue(), id);
return a;
}
/**
- * Get the value for default attribute.
*
+ * @param id
* @return
*/
- public String getActionIdValue() {
- return actionIdValue;
+ public Action withId(String id) {
+ this.id = id;
+ return this;
}
- @Override
- public String toString() {
- StringBuilder builder = new StringBuilder();
- builder.append("action-id value: " + actionIdValue);
- builder.append("\n");
- builder.append(super.toString());
- return builder.toString();
+ /**
+ *
+ * @return
+ */
+ public String getId() {
+ return id;
}
+
}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/main/java/org/apache/openaz/pepapi/Resource.java
----------------------------------------------------------------------
diff --git a/openaz-pep/src/main/java/org/apache/openaz/pepapi/Resource.java b/openaz-pep/src/main/java/org/apache/openaz/pepapi/Resource.java
index 8d7e1a4..7e374e3 100644
--- a/openaz-pep/src/main/java/org/apache/openaz/pepapi/Resource.java
+++ b/openaz-pep/src/main/java/org/apache/openaz/pepapi/Resource.java
@@ -20,19 +20,18 @@
package org.apache.openaz.pepapi;
-import java.net.URI;
-import java.util.Date;
-
import org.apache.openaz.xacml.api.XACML3;
+import java.net.URI;
+
/**
* Container class that maps attributes to predefined XACML Resource category.
*/
public final class Resource extends CategoryContainer {
- public static final String RESOURCE_ID_KEY = "RESOURCE_ID_KEY";
-
- private Object resourceIdValue;
+ // only java.lang.String or java.net.URI
+ private Object id;
+ private URI location;
private Resource() {
super(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
@@ -50,97 +49,73 @@ public final class Resource extends CategoryContainer {
/**
* Creates a new Resource instance containing a single default attribute with the given String value.
*
- * @param resourceIdValue
+ * @param id
* @return
*/
- public static Resource newInstance(String resourceIdValue) {
- Resource r = new Resource();
- r.resourceIdValue = resourceIdValue;
- r.addAttribute(RESOURCE_ID_KEY, resourceIdValue);
+ public static Resource newInstance(String id) {
+ Resource r = newInstance().withId(id);
+ r.addAttribute(XACML3.ID_RESOURCE_RESOURCE_ID.stringValue(), id);
return r;
}
/**
* Creates a new Resource instance containing a single default attribute with the given URI value.
*
- * @param resourceIdValue
+ * @param id
* @return
*/
- public static Resource newInstance(URI resourceIdValue) {
- Resource r = new Resource();
- r.resourceIdValue = resourceIdValue;
- r.addAttribute(RESOURCE_ID_KEY, resourceIdValue);
+ public static Resource newInstance(URI id) {
+ Resource r = newInstance().withId(id);
+ r.addAttribute(XACML3.ID_RESOURCE_RESOURCE_ID.stringValue(), id);
return r;
}
/**
- * Creates a new Resource instance containing a single default attribute with the given Long value.
+ * Sets resource id value
*
- * @param resourceIdValue
- * @return
+ * @return this
*/
- public static Resource newInstance(Long resourceIdValue) {
- Resource r = new Resource();
- r.resourceIdValue = resourceIdValue;
- r.addAttribute(RESOURCE_ID_KEY, resourceIdValue);
- return r;
+ public Resource withId(URI id) {
+ this.id = id;
+ return this;
}
/**
- * Creates a new Resource instance containing a single default attribute with the given Double value.
+ * Sets resource id value
*
- * @param resourceIdValue
- * @return
+ * @return this
*/
- public static Resource newInstance(Double resourceIdValue) {
- Resource r = new Resource();
- r.resourceIdValue = resourceIdValue;
- r.addAttribute(RESOURCE_ID_KEY, resourceIdValue);
- return r;
+ public Resource withId(String id) {
+ this.id = id;
+ return this;
}
/**
- * Creates a new Resource instance containing a single default attribute with the given Boolean value.
+ * Sets resource location
*
- * @param resourceIdValue
- * @return
+ * @return this
*/
- public static Resource newInstance(Boolean resourceIdValue) {
- Resource r = new Resource();
- r.resourceIdValue = resourceIdValue;
- r.addAttribute(RESOURCE_ID_KEY, resourceIdValue);
- return r;
+ public Resource withLocation(URI location) {
+ addAttribute(XACML3.ID_RESOURCE_RESOURCE_LOCATION.stringValue(), location);
+ return this;
}
/**
- * Creates a new Resource instance containing a single default attribute with the given
- * <code>java.util.Date</code> value.
+ * Returns the value of the default id attribute
*
- * @param resourceIdValue
* @return
*/
- public static Resource newInstance(Date resourceIdValue) {
- Resource r = new Resource();
- r.resourceIdValue = resourceIdValue;
- r.addAttribute(RESOURCE_ID_KEY, resourceIdValue);
- return r;
+ public Object getId() {
+ return this.id;
}
/**
- * Returns the value of the default resourceIdValue attribute
+ * Returns the value of the location attribute
*
* @return
*/
- public Object getResourceIdValue() {
- return resourceIdValue;
+ public URI getLocation() {
+ return location;
}
- @Override
- public String toString() {
- StringBuilder builder = new StringBuilder();
- builder.append("resource-id value : " + resourceIdValue);
- builder.append("\n");
- builder.append(super.toString());
- return builder.toString();
- }
}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/main/java/org/apache/openaz/pepapi/Subject.java
----------------------------------------------------------------------
diff --git a/openaz-pep/src/main/java/org/apache/openaz/pepapi/Subject.java b/openaz-pep/src/main/java/org/apache/openaz/pepapi/Subject.java
index 1fedb4f..1059bce 100644
--- a/openaz-pep/src/main/java/org/apache/openaz/pepapi/Subject.java
+++ b/openaz-pep/src/main/java/org/apache/openaz/pepapi/Subject.java
@@ -27,9 +27,7 @@ import org.apache.openaz.xacml.api.XACML3;
*/
public class Subject extends CategoryContainer {
- public static final String SUBJECT_ID_KEY = "SUBJECT_ID_KEY";
-
- private String subjectIdValue;
+ private String id;
private Subject() {
super(XACML3.ID_SUBJECT_CATEGORY_ACCESS_SUBJECT);
@@ -47,31 +45,33 @@ public class Subject extends CategoryContainer {
/**
* Creates a new Subject instance containing a single default attribute with the given String value.
*
- * @param subjectIdValue
+ * @param id
* @return
*/
- public static Subject newInstance(String subjectIdValue) {
- Subject s = new Subject();
- s.subjectIdValue = subjectIdValue;
- s.addAttribute(SUBJECT_ID_KEY, subjectIdValue);
+ public static Subject newInstance(String id) {
+ Subject s = newInstance().withId(id);
+ s.addAttribute(XACML3.ID_SUBJECT_SUBJECT_ID.stringValue(), id);
return s;
}
+
+ /**
+ * Sets resource id value
+ *
+ * @return this
+ */
+ public Subject withId(String id) {
+ this.id = id;
+ return this;
+ }
+
/**
* Returns the value of the default subjectIdValue attribute
*
* @return
*/
- public String getSubjectIdValue() {
- return subjectIdValue;
+ public String getId() {
+ return id;
}
- @Override
- public String toString() {
- StringBuilder builder = new StringBuilder();
- builder.append("subject-id value : " + subjectIdValue);
- builder.append("\n");
- builder.append(super.toString());
- return builder.toString();
- }
}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/ActionMapper.java
----------------------------------------------------------------------
diff --git a/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/ActionMapper.java b/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/ActionMapper.java
index 347710a..a18ccb7 100644
--- a/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/ActionMapper.java
+++ b/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/ActionMapper.java
@@ -21,10 +21,10 @@
package org.apache.openaz.pepapi.std;
import org.apache.openaz.pepapi.Action;
+import org.apache.openaz.pepapi.PepRequest;
+import org.apache.openaz.pepapi.PepRequestAttributes;
+import org.apache.openaz.xacml.api.XACML3;
-/**
- * Created by ajith on 12/11/14.
- */
public class ActionMapper extends CategoryContainerMapper {
public ActionMapper() {
@@ -32,10 +32,17 @@ public class ActionMapper extends CategoryContainerMapper {
}
@Override
- protected String resolveAttributeId(String attributeId) {
- if (attributeId.equals(Action.ACTION_ID_KEY)) {
- return getPepConfig().getDefaultActionId();
+ public void map(Object o, PepRequest pepRequest) {
+ Action a = (Action) o;
+ String id = a.getId();
+ if (id == null) {
+ id = getPepConfig().getDefaultActionId();
+ if (id != null) {
+ PepRequestAttributes resourceAttributes = pepRequest
+ .getPepRequestAttributes(XACML3.ID_ATTRIBUTE_CATEGORY_ACTION);
+ resourceAttributes.addAttribute(XACML3.ID_ACTION_ACTION_ID.stringValue(), (String) id);
+ }
}
- return attributeId;
+ super.map(o, pepRequest);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/ResourceMapper.java
----------------------------------------------------------------------
diff --git a/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/ResourceMapper.java b/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/ResourceMapper.java
index 09efe01..3298b8f 100644
--- a/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/ResourceMapper.java
+++ b/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/ResourceMapper.java
@@ -20,11 +20,13 @@
package org.apache.openaz.pepapi.std;
+import org.apache.openaz.pepapi.PepRequest;
+import org.apache.openaz.pepapi.PepRequestAttributes;
import org.apache.openaz.pepapi.Resource;
+import org.apache.openaz.xacml.api.XACML3;
+
+import java.net.URI;
-/**
- * Created by ajith on 12/11/14.
- */
public class ResourceMapper extends CategoryContainerMapper {
public ResourceMapper() {
@@ -32,10 +34,24 @@ public class ResourceMapper extends CategoryContainerMapper {
}
@Override
- protected String resolveAttributeId(String attributeId) {
- if (attributeId.equals(Resource.RESOURCE_ID_KEY)) {
- return getPepConfig().getDefaultResourceId();
+ public void map(Object o, PepRequest pepRequest) {
+ Resource r = (Resource) o;
+ Object id = r.getId();
+ if (id == null) {
+ id = getPepConfig().getDefaultResourceId();
+
+ if (id != null) {
+ PepRequestAttributes resourceAttributes = pepRequest
+ .getPepRequestAttributes(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
+ if (id instanceof String)
+ resourceAttributes.addAttribute(XACML3.ID_RESOURCE_RESOURCE_ID.stringValue(), (String) id);
+ else if (id instanceof URI)
+ resourceAttributes.addAttribute(XACML3.ID_RESOURCE_RESOURCE_ID.stringValue(), (URI) id);
+ else
+ throw new IllegalStateException("resource id is not an instance of String nor java.net.URI but " +
+ r.getClass().getName());
+ }
}
- return attributeId;
+ super.map(o, pepRequest);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/StdPepConfig.java
----------------------------------------------------------------------
diff --git a/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/StdPepConfig.java b/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/StdPepConfig.java
index 94928d6..2c79e95 100644
--- a/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/StdPepConfig.java
+++ b/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/StdPepConfig.java
@@ -21,13 +21,11 @@
package org.apache.openaz.pepapi.std;
import com.google.common.base.Splitter;
-
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.openaz.pepapi.PepConfig;
import org.apache.openaz.pepapi.PepResponseBehavior;
-import org.apache.openaz.xacml.api.XACML3;
import java.util.ArrayList;
import java.util.Collections;
@@ -68,9 +66,6 @@ public final class StdPepConfig implements PepConfig {
public StdPepConfig() {
// Defaults
- subjectIdURI = XACML3.ID_SUBJECT_SUBJECT_ID.stringValue();
- actionIdURI = XACML3.ID_ACTION_ACTION_ID.stringValue();
- resourceIdURI = XACML3.ID_RESOURCE_RESOURCE_ID.stringValue();
indeterminateBehavior = PepResponseBehavior.THROW_EXCEPTION;
notApplicableBehavior = PepResponseBehavior.RETURN_NO;
mapperClassNames = Collections.emptyList();
@@ -119,7 +114,7 @@ public final class StdPepConfig implements PepConfig {
if (!StringUtils.isEmpty(mapperClassNameString)) {
List<String> mapperClassNames = new ArrayList<String>();
for (String className : Splitter.on(",").omitEmptyStrings().trimResults()
- .split(mapperClassNameString)) {
+ .split(mapperClassNameString)) {
mapperClassNames.add(className);
}
this.mapperClassNames = Collections.unmodifiableList(mapperClassNames);
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/SubjectMapper.java
----------------------------------------------------------------------
diff --git a/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/SubjectMapper.java b/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/SubjectMapper.java
index b2ace5f..ffb2be0 100644
--- a/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/SubjectMapper.java
+++ b/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/SubjectMapper.java
@@ -20,11 +20,11 @@
package org.apache.openaz.pepapi.std;
+import org.apache.openaz.pepapi.PepRequest;
+import org.apache.openaz.pepapi.PepRequestAttributes;
import org.apache.openaz.pepapi.Subject;
+import org.apache.openaz.xacml.api.XACML3;
-/**
- * Created by ajith on 12/11/14.
- */
public class SubjectMapper extends CategoryContainerMapper {
public SubjectMapper() {
@@ -32,10 +32,17 @@ public class SubjectMapper extends CategoryContainerMapper {
}
@Override
- protected String resolveAttributeId(String attributeId) {
- if (attributeId.equals(Subject.SUBJECT_ID_KEY)) {
- return getPepConfig().getDefaultSubjectId();
+ public void map(Object o, PepRequest pepRequest) {
+ Subject s = (Subject) o;
+ String id = s.getId();
+ if (id == null) {
+ id = getPepConfig().getDefaultSubjectId();
+ if (id != null) {
+ PepRequestAttributes resourceAttributes = pepRequest
+ .getPepRequestAttributes(XACML3.ID_SUBJECT_CATEGORY_ACCESS_SUBJECT);
+ resourceAttributes.addAttribute(XACML3.ID_SUBJECT_SUBJECT_ID.stringValue(), (String) id);
+ }
}
- return attributeId;
+ super.map(o, pepRequest);
}
-}
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/test/java/org/apache/openaz/pepapi/std/test/TestAPI.java
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/java/org/apache/openaz/pepapi/std/test/TestAPI.java b/openaz-pep/src/test/java/org/apache/openaz/pepapi/std/test/TestAPI.java
index d6c96b4..85ce0c1 100644
--- a/openaz-pep/src/test/java/org/apache/openaz/pepapi/std/test/TestAPI.java
+++ b/openaz-pep/src/test/java/org/apache/openaz/pepapi/std/test/TestAPI.java
@@ -26,6 +26,7 @@ import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
+import java.net.URI;
import java.util.ArrayList;
import java.util.List;
@@ -61,6 +62,32 @@ public class TestAPI {
*
*/
@Test
+ public void testPermitWithLocationMatch() {
+ Subject subject = Subject.newInstance("Bob");
+ Action action = Action.newInstance("read");
+ Resource resource = Resource.newInstance(URI.create("/record/patient/Alice")).withLocation(URI.create("http://medical-records.com/"));
+ PepResponse response = getPepAgent().decide(subject, action, resource);
+ Assert.assertNotNull(response);
+ Assert.assertEquals(true, response.allowed());
+ }
+
+ /**
+ *
+ */
+ @Test
+ public void testPermitWithLocationMismatch() {
+ Subject subject = Subject.newInstance("Bob");
+ Action action = Action.newInstance("read");
+ Resource resource = Resource.newInstance(URI.create("/record/patient/Alice")).withLocation(URI.create("http://restricted-records.com/"));
+ PepResponse response = getPepAgent().decide(subject, action, resource);
+ Assert.assertNotNull(response);
+ Assert.assertEquals(false, response.allowed());
+ }
+
+ /**
+ *
+ */
+ @Test
public void testNotApplicable() {
PepResponse response = getPepAgent().simpleDecide("Julius Hibbert", "read",
"http://medico.com/record/patient/JohnSmith");
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/test/java/org/apache/openaz/pepapi/std/test/TestConfig.java
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/java/org/apache/openaz/pepapi/std/test/TestConfig.java b/openaz-pep/src/test/java/org/apache/openaz/pepapi/std/test/TestConfig.java
new file mode 100644
index 0000000..5d8a68b
--- /dev/null
+++ b/openaz-pep/src/test/java/org/apache/openaz/pepapi/std/test/TestConfig.java
@@ -0,0 +1,79 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.openaz.pepapi.std.test;
+
+import org.apache.openaz.pepapi.*;
+import org.apache.openaz.pepapi.std.StdPepAgentFactory;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.List;
+
+public class TestConfig {
+
+ private PepAgentFactory pepAgentFactory;
+
+ @Before
+ public void setup() {
+ pepAgentFactory = new StdPepAgentFactory("properties/testconfig.xacml.properties");
+ }
+
+ /**
+ *
+ */
+ @Test
+ public void testPepAgent() {
+ Assert.assertNotNull(getPepAgent());
+ }
+
+ /**
+ *
+ */
+ @Test
+ public void testPermitWithDefaultsMatch() {
+ Subject subject = Subject.newInstance();
+ Action action = Action.newInstance();
+ Resource resource = Resource.newInstance();
+ PepResponse response = getPepAgent().decide(subject, action, resource);
+ Assert.assertNotNull(response);
+ Assert.assertEquals(true, response.allowed());
+ }
+
+ /**
+ *
+ */
+ @Test
+ public void testPermitWithDefaultsMismatch() {
+ Subject subject = Subject.newInstance("non-default-subject-id");
+ Action action = Action.newInstance("non-default-action-id");
+ Resource resource = Resource.newInstance("non-default-resource-id");
+ PepResponse response = getPepAgent().decide(subject, action, resource);
+ Assert.assertNotNull(response);
+ Assert.assertEquals(false, response.allowed());
+ }
+
+ public PepAgent getPepAgent() {
+ return pepAgentFactory.getPepAgent();
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/test/java/org/apache/openaz/pepapi/std/test/TestDataTypes.java
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/java/org/apache/openaz/pepapi/std/test/TestDataTypes.java b/openaz-pep/src/test/java/org/apache/openaz/pepapi/std/test/TestDataTypes.java
index 4276ea6..8b92958 100644
--- a/openaz-pep/src/test/java/org/apache/openaz/pepapi/std/test/TestDataTypes.java
+++ b/openaz-pep/src/test/java/org/apache/openaz/pepapi/std/test/TestDataTypes.java
@@ -68,19 +68,6 @@ public class TestDataTypes {
*
*/
@Test
- public void testPermitWithIntegerResource() {
- Subject subject = Subject.newInstance("John Smith");
- Action action = Action.newInstance("view");
- Resource resource = Resource.newInstance(101L);
- PepResponse response = getPepAgent().decide(subject, action, resource);
- Assert.assertNotNull(response);
- Assert.assertEquals(true, response.allowed());
- }
-
- /**
- *
- */
- @Test
public void testMultiRequestWithURI() {
List<Resource> resources = new ArrayList<Resource>();
resources.add(Resource.newInstance(URI.create("file://repository/classified/abc")));
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/test/resources/policies/TestPolicy001.xml
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/policies/TestPolicy001.xml b/openaz-pep/src/test/resources/policies/TestPolicy001.xml
deleted file mode 100755
index fff89f6..0000000
--- a/openaz-pep/src/test/resources/policies/TestPolicy001.xml
+++ /dev/null
@@ -1,71 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyId="urn:oasis:names:tc:xacml:2.0:test001:policy"
- RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
- <Description></Description>
- <Target/>
- <Rule RuleId="urn:oasis:names:tc:xacml:1.0:test001:rule-1" Effect="Permit">
- <Description>
- Julius Hibbert can read or write Bart Simpson's medical record.
- </Description>
- <Target>
- <AnyOf>
- <AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- <AnyOf>
- <AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">http://medico.com/record/patient/BartSimpson</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
- AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- <AnyOf>
- <AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
- AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- </AllOf>
- <AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
- AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- </Target>
- </Rule>
-</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/test/resources/policies/TestPolicy002.xml
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/policies/TestPolicy002.xml b/openaz-pep/src/test/resources/policies/TestPolicy002.xml
deleted file mode 100755
index 3867f77..0000000
--- a/openaz-pep/src/test/resources/policies/TestPolicy002.xml
+++ /dev/null
@@ -1,142 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-
-<Policy
- xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- PolicyId="urn:oasis:names:tc:xacml:1.0:conformance-test:IIA2:policy"
- RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
- <Description>
- Policy for Conformance Test IIA001.
- </Description>
- <Target/>
- <Rule
- RuleId="urn:oasis:names:tc:xacml:1.0:test-2:rule-1"
- Effect="Permit">
- <Description>
- Physicians can read or write Bart Simpson's medical record.
- </Description>
- <Target>
- <Subjects>
- <Subject>
- <SubjectMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">Physician</AttributeValue>
- <SubjectAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:role-id"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </SubjectMatch>
- </Subject>
- </Subjects>
- <Resources>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">http://medico.com/record/patient/BartSimpson</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- </Resources>
- <Actions>
- <Action>
- <ActionMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
- <ActionAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ActionMatch>
- </Action>
- <Action>
- <ActionMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
- <ActionAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ActionMatch>
- </Action>
- </Actions>
- </Target>
- </Rule>
- <Rule
- RuleId="urn:oasis:names:tc:xacml:1.0:test-2:rule-2"
- Effect="Permit">
- <Description>
- Patient is allowed to read his/her medical record.
- </Description>
- <Target>
- <Subjects>
- <Subject>
- <SubjectMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">Patient</AttributeValue>
- <SubjectAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:role-id"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </SubjectMatch>
- </Subject>
- </Subjects>
- <Resources>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">http://medico.com/record/patient/BartSimpson</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- </Resources>
- <Actions>
- <Action>
- <ActionMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
- <ActionAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ActionMatch>
- </Action>
- </Actions>
- </Target>
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
- <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-owner"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
- </Apply>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
- <SubjectAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"
- SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" />
- </Apply>
- </Apply>
- </Condition>
- </Rule>
-</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/test/resources/policies/TestPolicy003.xml
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/policies/TestPolicy003.xml b/openaz-pep/src/test/resources/policies/TestPolicy003.xml
deleted file mode 100755
index edb75a4..0000000
--- a/openaz-pep/src/test/resources/policies/TestPolicy003.xml
+++ /dev/null
@@ -1,137 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-
-<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyId="urn:oasis:names:tc:xacml:2.0:test003:policy"
- RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
- <Description></Description>
- <Target/>
- <Rule RuleId="urn:oasis:names:tc:xacml:2.0:test003:rule1" Effect="Permit">
- <Target>
- <AnyOf>
- <AllOf>
- <Match
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">John Smith</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- <AnyOf>
- <AllOf>
- <Match
- MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#anyURI">file://repository/classified/abc</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
- AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
- DataType="http://www.w3.org/2001/XMLSchema#anyURI" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- <AnyOf>
- <AllOf>
- <Match
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">view</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
- AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- </Target>
- </Rule>
- <Rule RuleId="urn:oasis:names:tc:xacml:2.0:test003:rule2" Effect="Permit">
- <Target>
- <AnyOf>
- <AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">John Smith</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- <AnyOf>
- <AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#anyURI">file://repository/classified/xyz</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
- AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
- DataType="http://www.w3.org/2001/XMLSchema#anyURI" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- <AnyOf>
- <AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">view</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
- AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- </Target>
- </Rule>
- <Rule RuleId="urn:oasis:names:tc:xacml:1.0:conformance-test:IIA3:rule3" Effect="Permit">
- <Target>
- <AnyOf>
- <AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">John Smith</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- <AnyOf>
- <AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#integer">101</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
- AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
- DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- <AnyOf>
- <AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">view</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
- AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- </Target>
- </Rule>
-</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/test/resources/policies/TestPolicy004.xml
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/policies/TestPolicy004.xml b/openaz-pep/src/test/resources/policies/TestPolicy004.xml
deleted file mode 100755
index b861425..0000000
--- a/openaz-pep/src/test/resources/policies/TestPolicy004.xml
+++ /dev/null
@@ -1,132 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyId="urn:oasis:names:tc:xacml:2.0:test004:policy"
- RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
- <Description></Description>
- <Target/>
- <Rule
- RuleId="urn:oasis:names:tc:xacml:1.0:mapper-test:rule1"
- Effect="Permit">
- <Description></Description>
- <Target>
- <AnyOf>
- <AllOf>
- <Match
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">ROLE_DOCUMENT_WRITER</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:role-id"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- <AnyOf>
- <AllOf>
- <Match
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">Document</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
- AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-type"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- <AnyOf>
- <AllOf>
- <Match
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
- AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- </Target>
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
- AttributeId="jpmc:document:document-owner"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
- </Apply>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
- </Apply>
- </Apply>
- </Condition>
- </Rule>
- <Rule
- RuleId="urn:oasis:names:tc:xacml:1.0:mapper-test:rule2"
- Effect="Permit">
- <Description></Description>
- <Target>
- <AnyOf>
- <AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">ROLE_DOCUMENT_READER</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:role-id"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- <AnyOf>
- <AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Document</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
- AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-type"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- <AnyOf>
- <AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
- AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- </Target>
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
- <AttributeDesignator AttributeId="jpmc:client:country-of-domicile"
- Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
- </Apply>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
- <AttributeDesignator AttributeId="jpmc:request-context:country"
- Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
- </Apply>
- </Apply>
- </Condition>
- </Rule>
-</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/test/resources/policies/TestPolicy005.xml
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/policies/TestPolicy005.xml b/openaz-pep/src/test/resources/policies/TestPolicy005.xml
deleted file mode 100755
index 88c51f0..0000000
--- a/openaz-pep/src/test/resources/policies/TestPolicy005.xml
+++ /dev/null
@@ -1,207 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-
-<PolicySet
- xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
- access_control-xacml-2.0-policy-schema-os.xsd"
- PolicySetId="urn:oasis:names:tc:xacml:2.0:test005:policyset"
- PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:first-applicable">
- <Description>
- PolicySet for Test 005.
- </Description>
- <Target/>
- <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:test005:policy1"
- RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
- <Description>
- Policy for Test 005.
- </Description>
- <Target/>
- <Rule RuleId="urn:oasis:names:tc:xacml:2.0:test005:rule1"
- Effect="Permit">
- <Target>
- <Subjects>
- <Subject>
- <SubjectMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">Physician</AttributeValue>
- <SubjectAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:role-id"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </SubjectMatch>
- </Subject>
- </Subjects>
- <Resources>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">PatientMedicalRecord</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-type"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- </Resources>
- <Actions>
- <Action>
- <ActionMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
- <ActionAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ActionMatch>
- </Action>
- </Actions>
- </Target>
- </Rule>
- <Obligations>
- <Obligation
- ObligationId="urn:oasis:names:tc:xacml:2.0:obligation:simpletest"
- FulfillOn="Permit">
- <AttributeAssignment
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
- DataType="http://www.w3.org/2001/XMLSchema#string">EVAL_SUBJECT_ATTRIBUTE</AttributeAssignment>
- </Obligation>
- </Obligations>
- </Policy>
- <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:test005:policy2"
- RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
- <Description>
- Policy for Test 005.
- </Description>
- <Target/>
- <Rule RuleId="urn:oasis:names:tc:xacml:2.0:test005:rule2"
- Effect="Permit">
- <Target>
- <Subjects>
- <Subject>
- <SubjectMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">Patient</AttributeValue>
- <SubjectAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:role-id"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </SubjectMatch>
- </Subject>
- </Subjects>
- <Resources>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">PatientMedicalRecord</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-type"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- </Resources>
- <Actions>
- <Action>
- <ActionMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
- <ActionAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ActionMatch>
- </Action>
- </Actions>
- </Target>
- </Rule>
- <Obligations>
- <Obligation
- ObligationId="urn:oasis:names:tc:xacml:2.0:obligation:age-restriction"
- FulfillOn="Permit">
- <AttributeAssignment
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:age"
- DataType="http://www.w3.org/2001/XMLSchema#string">EVAL_SUBJECT_ATTRIBUTE</AttributeAssignment>
- </Obligation>
- <Obligation
- ObligationId="urn:oasis:names:tc:xacml:2.0:obligation:audit"
- FulfillOn="Permit"/>
- </Obligations>
- </Policy>
- <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:test005:policy3"
- RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
- <Description>
- Policy for Test 005.
- </Description>
- <Target/>
- <Rule RuleId="urn:oasis:names:tc:xacml:2.0:test005:rule3"
- Effect="Permit">
- <Target>
- <Subjects>
- <Subject>
- <SubjectMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">InsuranceAgent</AttributeValue>
- <SubjectAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:role-id"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </SubjectMatch>
- </Subject>
- </Subjects>
- <Resources>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">PatientMedicalRecord</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-type"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- </Resources>
- <Actions>
- <Action>
- <ActionMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
- <ActionAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ActionMatch>
- </Action>
- </Actions>
- </Target>
- </Rule>
- <Obligations>
- <Obligation
- ObligationId="urn:oasis:names:tc:xacml:2.0:obligation:access-restriction"
- FulfillOn="Permit">
- <AttributeAssignment
- AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-access-group"
- DataType="http://www.w3.org/2001/XMLSchema#string">EVAL_RESOURCE_ATTRIBUTE</AttributeAssignment>
- <AttributeAssignment
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
- DataType="http://www.w3.org/2001/XMLSchema#string">EVAL_SUBJECT_ATTRIBUTE</AttributeAssignment>
- </Obligation>
- </Obligations>
- </Policy>
-</PolicySet>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/test/resources/policies/TestPolicy006.xml
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/policies/TestPolicy006.xml b/openaz-pep/src/test/resources/policies/TestPolicy006.xml
deleted file mode 100755
index f739f2d..0000000
--- a/openaz-pep/src/test/resources/policies/TestPolicy006.xml
+++ /dev/null
@@ -1,97 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-
-<PolicySet
- xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
- access_control-xacml-2.0-policy-schema-os.xsd"
- PolicySetId="urn:oasis:names:tc:xacml:2.0:test005:policyset"
- PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:first-applicable">
- <Description>
- PolicySet for Test 005.
- </Description>
- <Target/>
- <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:test005:policy1"
- RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
- <Description>
- Policy for Test 005.
- </Description>
- <Target/>
- <Rule RuleId="urn:oasis:names:tc:xacml:2.0:test005:rule1"
- Effect="Permit">
- <Target>
- <Subjects>
- <Subject>
- <SubjectMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">John Smith</AttributeValue>
- <SubjectAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </SubjectMatch>
- </Subject>
- </Subjects>
- <Resources>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">resource1</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- </Resources>
- <Actions>
- <Action>
- <ActionMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string">view</AttributeValue>
- <ActionAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ActionMatch>
- </Action>
- </Actions>
- </Target>
- </Rule>
- <Obligations>
- <Obligation
- ObligationId="urn:oasis:names:tc:xacml:2.0:obligation:obligation-1"
- FulfillOn="Permit">
- <AttributeAssignment
- AttributeId="jpmc:obligation:obligation-type"
- DataType="http://www.w3.org/2001/XMLSchema#string">Filtering</AttributeAssignment>
- <AttributeAssignment
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
- DataType="http://www.w3.org/2001/XMLSchema#string">EVAL_SUBJECT_ATTRIBUTE</AttributeAssignment>
- </Obligation>
- <Obligation
- ObligationId="urn:oasis:names:tc:xacml:2.0:obligation:obligation-2"
- FulfillOn="Permit">
- <AttributeAssignment
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:age"
- DataType="http://www.w3.org/2001/XMLSchema#string">EVAL_SUBJECT_ATTRIBUTE</AttributeAssignment>
- </Obligation>
- </Obligations>
- </Policy>
-</PolicySet>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/test/resources/policies/testapi.xml
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/policies/testapi.xml b/openaz-pep/src/test/resources/policies/testapi.xml
new file mode 100755
index 0000000..1aa5ce7
--- /dev/null
+++ b/openaz-pep/src/test/resources/policies/testapi.xml
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ PolicyId="urn:oasis:names:tc:xacml:2.0:testapi:policy"
+ RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0"
+ xsi:schemaLocation="">
+ <Description></Description>
+ <Target/>
+ <Rule RuleId="urn:oasis:names:tc:xacml:1.0:testapi:rule-1" Effect="Permit">
+ <Description>
+ Julius Hibbert can read or write Bart Simpson's medical record.
+ </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">http://medico.com/record/patient/BartSimpson</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:oasis:names:tc:xacml:1.0:testapi:rule-2" Effect="Permit">
+ <Description />
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Bob</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">/record/patient/Alice</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medical-records.com/</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-location"
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/b888080e/openaz-pep/src/test/resources/policies/testconfig.xml
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/policies/testconfig.xml b/openaz-pep/src/test/resources/policies/testconfig.xml
new file mode 100755
index 0000000..23a8bdc
--- /dev/null
+++ b/openaz-pep/src/test/resources/policies/testconfig.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ PolicyId="urn:oasis:names:tc:xacml:2.0:testconfig:policy"
+ RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0"
+ xsi:schemaLocation="">
+ <Description></Description>
+ <Target/>
+ <Rule RuleId="urn:oasis:names:tc:xacml:1.0:testconfig:rule-1" Effect="Permit">
+ <Description />
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">default-subject-id</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">default-resource-id</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">default-action-id</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+</Policy>