-
Notifications
You must be signed in to change notification settings - Fork 24
XACML Result Postprocessors
With AuthzForce Result Postprocessors extensions, you can support new ways of processing XACML Results after evaluation by the PDP engine (e.g. used for implementing XACML v3.0 Multiple Decision Profile Version 1.0 - Requests for a combined decision ).
Before you can use such extensions in AuthzForce API, you must implement one or get it from a third party as such. The AuthzForce project also provides a separate Result Postprocessor extension example for documentation and testing purposes. If you wish to make your own Result Postprocessor extension, read on the next section. If you wish to test the example provided by AuthzForce or if you have another one ready for use, you may jump to the section Enabling a Result Postprocessor extension on the PDP.
The steps to make your own Result Postprocessors extension go as follows:
-
Create a Maven project with
jar
packaging type and following Maven dependency (make sure the version here is the version of authzforce-ce-core-pdp-api dependency used by your AuthzForce Core version):... <dependencies> <dependency> <groupId>org.ow2.authzforce</groupId> <artifactId>authzforce-ce-core-pdp-api</artifactId> <version>${version}</version> </dependency> ... </dependencies> ...
-
Create your ResultPostprocessor factory and concrete implementation class (as in the Factory design pattern). The factory class must be public, and implement interface org.ow2.authzforce.core.pdp.api.DecisionResultPostprocessor.Factory. This class must have a public no-argument constructor or no constructor. You may use AuthzForce TestCombinedDecisionXacmlJaxbResultPostprocessor class (used for AuthzForce unit tests) as an example. This example provides a test implementation of feature
urn:oasis:names:tc:xacml:3.0:profile:multiple:combined-decision
from XACML v3.0 Multiple Decision Profile Version 1.0. If you are processing XACML/XML Response, you may extend the more convenient class org.ow2.authzforce.core.pdp.api.io.BaseXacmlJaxbResultPostprocessor.Factory. -
When your implementation class is ready, create a text file
org.ow2.authzforce.core.pdp.api.PdpExtension
in foldersrc/main/resources/META-INF/services
(you have to create the folder first) and put the fully qualified name of your implementation class on the first line of this file, like in the example from AuthzForce source code. -
Run Maven
package
to produce a JAR from the Maven project.
Now you have a Result Postprocessor extension ready for integration into AuthzForce, as explained in the next section.
Set the resultPostproc
element value (inside the ioProcChain
element) in the PDP configuration file (XML) to the ID corresponding to your implementation.