NOTE: JBossXACML v2.0.3.CR1 <==========
Official Blog Entry is here:
JBoss Blog Notice
It gives me pleasure to inform the community about the release of JBoss XACML v2.0.1-BETA. The license is LGPL.
You can download it from
http://labs.jboss.com/jbosssecurity/download/index.html
The Javadoc link is here:
Javadoc
The User Guide is here:
JBoss XACML User Guide
Why is XACML Important?
- Unlike Authentication, AccessControl/Authorization is a complex area where Role Based Access Control (RBAC) is inadequate in many enterprise situations. XACML is a specification that tries to mitigate this with complex policies that can be woven around a combination of subjects (users/user-agents etc), resources (on which the access control is desired) and Environment (IPAddress, Date, Time etc). You should be able to declaratively (via XML or construct policies) to say things like "Allow this portion of the web site to 18 year olds when the time is between 9am and 5pm", "You should update your own payroll information and can do it when you are employed and on Fridays only" etc.
- Enterprises have been doing this via ACLs and other proprietary mechanisms. Now they can use a standard way.
Dependencies:
JDK 5 and later (Need JAXBv2)
Sun JAXB v2.0 and later ( I used v2.1.4).
You can use the one from here:
Sun JAXB
Sun XACML v2.0
Use the one from here:
SunXACML V2.0
JBoss v5.0 JavaEE Jar (javax.xml.stream support. You can get this from JDK6 or any EE distibution).
JBoss JavaEE
Acknowledgements
Hal Lockhart, Bill Parducci, Anne Anderson (of the Oasis XACML TC for the specification), Rich Levinson, Dennis Pilipchuck (Oasis XACML Interoperability) and Seth Proctor (SunXACML Implementation)
We use the SunXACML implementation for the business logic, policy evaluation etc. It is an implementation detail. The users of JBossXACML will have to concern themselves with its interfaces and object model.
UPDATE:
Please also refer to JBossXACML v2.0.1.GA release.
Also,
http://anil-identity.blogspot.com/2008/04/jbossxacml-v202ga-ready.html