Skip to content

XACML Result Postprocessors

Jump to bottom Edit New page
Cyril Dangerville edited this page Sep 28, 2021 · 4 revisions

With AuthzForce Result Postprocessors extensions, you can support new ways of processing XACML Results after evaluation by the PDP engine (e.g. used for implementing XACML v3.0 Multiple Decision Profile Version 1.0 - Requests for a combined decision ).

Before you can use such extensions in AuthzForce API, you must implement one or get it from a third party as such. The AuthzForce project also provides a separate Result Postprocessor extension example for documentation and testing purposes. If you wish to make your own Result Postprocessor extension, read on the next section. If you wish to test the example provided by AuthzForce or if you have another one ready for use, you may jump to the section Enabling a Result Postprocessor extension on the PDP.

Making a Result Postprocessors extension

The steps to make your own Result Postprocessors extension go as follows:

  1. Create a Maven project with jar packaging type and following Maven dependency (make sure the version here is the version of authzforce-ce-core-pdp-api dependency used by your AuthzForce Core version):

    ...
<dependencies>
 <dependency>
  <groupId>org.ow2.authzforce</groupId>
  <artifactId>authzforce-ce-core-pdp-api</artifactId>
  <version>${version}</version>
 </dependency>
 ...
</dependencies>
...

  2. Create your ResultPostprocessor factory and concrete implementation class (as in the Factory design pattern). The factory class must be public, and implement interface org.ow2.authzforce.core.pdp.api.DecisionResultPostprocessor.Factory. This class must have a public no-argument constructor or no constructor. You may use AuthzForce TestCombinedDecisionXacmlJaxbResultPostprocessor class (used for AuthzForce unit tests) as an example. This example provides a test implementation of feature urn:oasis:names:tc:xacml:3.0:profile:multiple:combined-decision from XACML v3.0 Multiple Decision Profile Version 1.0. If you are processing XACML/XML Response, you may extend the more convenient class org.ow2.authzforce.core.pdp.api.io.BaseXacmlJaxbResultPostprocessor.Factory.

  3. When your implementation class is ready, create a text file org.ow2.authzforce.core.pdp.api.PdpExtension in folder src/main/resources/META-INF/services (you have to create the folder first) and put the fully qualified name of your implementation class on the first line of this file, like in the example from AuthzForce source code.

  4. Run Maven package to produce a JAR from the Maven project.

Now you have a Result Postprocessor extension ready for integration into AuthzForce, as explained in the next section.

Enabling a Result Postprocessor extension on the PDP

Set the resultPostproc element value (inside the ioProcChain element) in the PDP configuration file (XML) to the ID corresponding to your implementation.

Add a custom footer
Add a custom sidebar
Clone this wiki locally