Google Site Search

Google
 

Wednesday, March 25, 2009

JBossXACML 2.0.3.CR4 released

Please pick up the CR4 release of JBossXACML in the 2.0.3 cycle at:
http://www.jboss.org/jbosssecurity/downloads/JBoss%20XACML/

(NOTE: Ignore the download counter which is showing 0. It is broken).

Release Notes for JBoss Security and Identity Management
Includes versions: JBossXACML_2.0.3.CR4

** Sub-task
* [ SECURITY-396 ] Rule:: NPE if description of a rule is empty
* [ SECURITY-400 ] XACML Conformance Tests: Mandatory - attribute references, functions, combination algos
* [ SECURITY-401 ] XACML Conformance Tests: Mandatory - schema components

** Bug
* [ SECURITY-394 ] FunctionBase: bag-size throws an IllegalArgumentException
* [ SECURITY-395 ] AbstractPolicy: Empty Description element throws NPE
* [ SECURITY-397 ] XACML: HigherOrderFunction checkInputs needs to relax type checking on evaluations
* [ SECURITY-399 ] XACML: Apply->evaluate method tries to encode an attributeValue that can be a bag

** Task
* [ SECURITY-337 ] Validate the Oasis XACMLv2 conformance tests
* [ SECURITY-402 ] Release JBossXACML 2.0.3.CR4

References:
JBossXACML Announcements: http://www.jboss.org/index.html?module=bb&op=viewtopic&t=152989

Additional Note: JBossXACML Debugging:
If you are looking at getting debug information for the rule evaluation:

Try to create a logging.properties file
============================
# Specify the handlers to create in the root logger
# (all loggers are children of the root logger)
# The following creates two handlers
handlers = java.util.logging.ConsoleHandler, java.util.logging.FileHandler

# Set the default logging level for the root logger
.level = ALL

# Set the default logging level for new ConsoleHandler instances
java.util.logging.ConsoleHandler.level = ALL

# Set the default logging level for new FileHandler instances
java.util.logging.FileHandler.level = ALL

# Set the default formatter for new ConsoleHandler instances
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
java.util.logging.FileHandler.formatter=java.util.logging.SimpleFormatter

# Set the default logging level for the logger named org.jboss
org.jboss.security.xacml.sunxacml.level = FINEST
com.sun.xml.bind.level = OFF
=====================================================

Now pass the system property with the location of this file such as:
-Djava.util.logging.config.file=src/test/resources/logging.properties

Then you should see something like:
=========================================
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.combine.StandardCombiningAlgFactory initAlgorithms
CONFIG: Initializing standard combining algorithms
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.StandardFunctionFactory initGeneralFunctions
CONFIG: Initializing standard General functions
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.StandardFunctionFactory initConditionFunctions
CONFIG: Initializing standard Condition functions
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.StandardFunctionFactory initTargetFunctions
CONFIG: Initializing standard Target functions
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.PDP <init>
FINE: creating a PDP
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.finder.PolicyFinder init
FINER: Initializing PolicyFinder
Resource must contain resource-id attr
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:string-bag-size:<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:allowed-organizations" DataType="http://www.w3.org/2001/XMLSchema#string"/>
:::result=2
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:integer-equal:<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:allowed-organizations" DataType="http://www.w3.org/2001/XMLSchema#string"/>
</Apply>
::org.jboss.security.xacml.sunxacml.attr.IntegerAttribute@0:::result=false
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:not:<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:allowed-organizations" DataType="http://www.w3.org/2001/XMLSchema#string"/>
</Apply>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">0</AttributeValue>
</Apply>
:::result=true
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:string-subset:<SubjectAttributeDesignator SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:2.0:subject:locality" DataType="http://www.w3.org/2001/XMLSchema#string"/>
::<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:allowed-organizations" DataType="http://www.w3.org/2001/XMLSchema#string"/>
:::result=true
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:not:<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
<SubjectAttributeDesignator SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:2.0:subject:locality" DataType="http://www.w3.org/2001/XMLSchema#string"/>
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:allowed-organizations" DataType="http://www.w3.org/2001/XMLSchema#string"/>
</Apply>
:::result=false
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:and:<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:allowed-organizations" DataType="http://www.w3.org/2001/XMLSchema#string"/>
</Apply>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">0</AttributeValue>
</Apply>
</Apply>
::<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
<SubjectAttributeDesignator SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:2.0:subject:locality" DataType="http://www.w3.org/2001/XMLSchema#string"/>
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:allowed-organizations" DataType="http://www.w3.org/2001/XMLSchema#string"/>
</Apply>
</Apply>
:::result=false
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.combine.DenyOverridesRuleAlg combine
FINE: Rule id:urn:oasis:names:tc:xspa:1.0:org:allowed:organizations:deny:result=3
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:time-one-and-only:<EnvironmentAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time"/>
:::result=15:38:25.553000000-05:00
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:time-one-and-only:<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:hoursofoperation:start" DataType="http://www.w3.org/2001/XMLSchema#time"/>
:::result=00:00:00-08:00
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:time-greater-than-or-equal:<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
<EnvironmentAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time"/>
</Apply>
::<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:hoursofoperation:start" DataType="http://www.w3.org/2001/XMLSchema#time"/>
</Apply>
:::result=true
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:not:<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-greater-than-or-equal">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
<EnvironmentAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time"/>
</Apply>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:hoursofoperation:start" DataType="http://www.w3.org/2001/XMLSchema#time"/>
</Apply>
</Apply>
:::result=false
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:time-one-and-only:<EnvironmentAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time"/>
:::result=15:38:25.553000000-05:00
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:time-one-and-only:<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:hoursofoperation:end" DataType="http://www.w3.org/2001/XMLSchema#time"/>
:::result=23:59:00-08:00
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:time-less-than-or-equal:<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
<EnvironmentAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time"/>
</Apply>
::<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:hoursofoperation:end" DataType="http://www.w3.org/2001/XMLSchema#time"/>
</Apply>
:::result=false
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:not:<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-less-than-or-equal">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
<EnvironmentAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time"/>
</Apply>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:hoursofoperation:end" DataType="http://www.w3.org/2001/XMLSchema#time"/>
</Apply>
</Apply>
:::result=true
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:or:<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-greater-than-or-equal">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
<EnvironmentAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time"/>
</Apply>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:hoursofoperation:start" DataType="http://www.w3.org/2001/XMLSchema#time"/>
</Apply>
</Apply>
</Apply>
::<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-less-than-or-equal">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
<EnvironmentAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time"/>
</Apply>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:hoursofoperation:end" DataType="http://www.w3.org/2001/XMLSchema#time"/>
</Apply>
</Apply>
</Apply>
:::result=true
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.combine.DenyOverridesRuleAlg combine
FINE: Rule id:urn:oasis:names:tc:xspa:1.0:org:hoursofoperation:deny:result=1
=============================

This is very good debug information.


User Guide: http://www.jboss.org/auth/jbosssecurity/docs/jbossxacml/html/jbossxacml.html

No comments: