[jboss-identity-commits] JBoss Identity SVN: r259 - in identity-federation/trunk: identity-bindings/src/main/java/org/jboss/identity/federation/bindings and 9 other directories.
jboss-identity-commits at lists.jboss.org
jboss-identity-commits at lists.jboss.org
Wed Jan 28 17:31:17 EST 2009
Author: anil.saldhana at jboss.com
Date: 2009-01-28 17:31:17 -0500 (Wed, 28 Jan 2009)
New Revision: 259
Added:
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java
identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/
identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java
identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletConfig.java
identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletContext.java
identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletRequest.java
identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletResponse.java
identity-federation/trunk/identity-bindings/src/test/resources/logging.properties
identity-federation/trunk/identity-bindings/src/test/resources/xacml/
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-01-top-level.xml
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02a-CDA.xml
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02b-N.xml
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02c-N-PermCollections.xml
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02d-prog-note.xml
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02e-MA.xml
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02f-emergency.xml
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-04-N-PPS-PRD-004.xml
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/config/
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/config/rsaConfPolicyConfig.xml
identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/
identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/XacmlRequest-01-01.xml
identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/XacmlRequest-01-02.xml
Modified:
identity-federation/trunk/identity-bindings/.classpath
identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
Log:
add a soap/saml/xacml processing servlet
Modified: identity-federation/trunk/identity-bindings/.classpath
===================================================================
--- identity-federation/trunk/identity-bindings/.classpath 2009-01-28 22:30:38 UTC (rev 258)
+++ identity-federation/trunk/identity-bindings/.classpath 2009-01-28 22:31:17 UTC (rev 259)
@@ -21,5 +21,7 @@
<classpathentry combineaccessrules="false" kind="src" path="/identity-fed-model"/>
<classpathentry kind="var" path="M2_REPO/org/apache/xmlsec/1.4.1/xmlsec-1.4.1.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/identity/jboss-identity-xmlsec-model/1.0.0-SNAPSHOT/jboss-identity-xmlsec-model-1.0.0-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/xml/stream/stax-api/1.0-2/stax-api-1.0-2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-xacml/2.0.2.SP1/jboss-xacml-2.0.2.SP1.jar" sourcepath="/M2_REPO/org/jboss/security/jboss-xacml/2.0.2.SP1/jboss-xacml-2.0.2.SP1-sources.jar"/>
<classpathentry kind="output" path="target-eclipse/"/>
</classpath>
Added: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java (rev 0)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,211 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.servlets;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
+import org.jboss.identity.federation.core.saml.v2.factories.SOAPFactory;
+import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.util.JAXBElementMappingUtil;
+import org.jboss.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil;
+import org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope.Body;
+import org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope.Envelope;
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.jboss.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
+import org.jboss.identity.federation.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
+import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
+import org.jboss.security.xacml.core.JBossPDP;
+import org.jboss.security.xacml.core.JBossRequestContext;
+import org.jboss.security.xacml.core.model.context.RequestType;
+import org.jboss.security.xacml.core.model.context.ResponseType;
+import org.jboss.security.xacml.core.model.context.ResultType;
+import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
+import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.ResponseContext;
+
+/**
+ * Servlet that can read SOAP 1.1 messages that contain
+ * an XACML query in saml payload
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 27, 2009
+ */
+public class SOAPSAMLXACMLServlet extends HttpServlet
+{
+ private static Logger log = Logger.getLogger(SOAPSAMLXACMLServlet.class);
+
+ private static final long serialVersionUID = 1L;
+
+ String policyConfigFileName = null;
+
+ String issuerId = null;
+ String issuer = null;
+
+ public void init() throws ServletException
+ {
+ issuerId = getServletContext().getInitParameter("issuerID");
+ if(issuerId == null)
+ issuerId = "issue-id:1";
+
+ issuer = getServletContext().getInitParameter("issuer");
+ if(issuer == null)
+ issuer = "urn:jboss-identity";
+
+ policyConfigFileName = getServletContext().getInitParameter("policyConfigFileName");
+ if(policyConfigFileName == null)
+ policyConfigFileName = "policyConfig.xml";
+
+ super.init();
+ }
+
+ public void init(ServletConfig config) throws ServletException
+ {
+ super.init(config);
+ }
+
+
+ @SuppressWarnings("unchecked")
+ @Override
+ protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
+ {
+ JAXBElement<RequestAbstractType> jaxbRequestType = null;
+
+ Envelope envelope = null;
+
+ try
+ {
+ Unmarshaller un = SOAPSAMLXACMLUtil.getUnmarshaller();
+ Object unmarshalledObject = un.unmarshal(req.getInputStream());
+ if(unmarshalledObject instanceof Envelope)
+ {
+ envelope = (Envelope)unmarshalledObject;
+ Body soapBody = envelope.getBody();
+ jaxbRequestType = (JAXBElement<RequestAbstractType>)soapBody.getAny().get(0);
+ }
+ else
+ if(unmarshalledObject instanceof JAXBElement)
+ {
+ jaxbRequestType = (JAXBElement<RequestAbstractType>) unmarshalledObject;
+ }
+ else
+ throw new IOException("Unknown unmarshalledObject:"+ unmarshalledObject);
+ if(jaxbRequestType == null)
+ throw new IOException("XACML Request not parsed");
+
+ XACMLAuthzDecisionQueryType xacmlRequest = (XACMLAuthzDecisionQueryType) jaxbRequestType.getValue();
+ RequestType requestType = xacmlRequest.getRequest();
+
+ RequestContext requestContext = new JBossRequestContext();
+ requestContext.setRequest(requestType);
+
+ ResponseContext responseContext = getPDP().evaluate(requestContext);
+
+ ResponseType responseType = new ResponseType();
+ ResultType resultType = responseContext.getResult();
+ responseType.getResult().add(resultType);
+
+ XACMLAuthzDecisionStatementType xacmlStatement = SOAPSAMLXACMLUtil.createXACMLAuthzDecisionStatementType();
+ xacmlStatement.setRequest(requestType);
+ xacmlStatement.setResponse(responseType);
+
+ //Place the xacml statement in an assertion
+ //Then the assertion goes inside a SAML Response
+
+ SAML2Response saml2Response = new SAML2Response();
+ IssuerInfoHolder issuerInfo = new IssuerInfoHolder(this.issuer);
+
+ AssertionType assertion = SAMLAssertionFactory.getObjectFactory().createAssertionType();
+ assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(xacmlStatement);
+
+ JAXBElement<?> jaxbResponse = JAXBElementMappingUtil.get(saml2Response.createResponseType(IDGenerator.create("ID_"), issuerInfo, assertion));
+
+ //Create a SOAP Envelope to hold the SAML response
+ envelope = SOAPFactory.getObjectFactory().createEnvelope();
+ Body body = SOAPFactory.getObjectFactory().createBody();
+ body.getAny().add(jaxbResponse);
+ envelope.setBody(body);
+ }
+ catch (JAXBException e)
+ {
+ log.error("Exception parsing SOAP:", e);
+ }
+ catch (PrivilegedActionException e)
+ {
+ log.error("Exception getting PDP:", e);
+ }
+ catch (Exception e)
+ {
+ e.printStackTrace();
+ log.error("Exception:", e);
+ }
+ finally
+ {
+ resp.setContentType("text/xml;charset=utf-8");;
+ OutputStream os = resp.getOutputStream();
+ try
+ {
+ if(envelope == null)
+ throw new IllegalStateException("SOAPEnvelope is null");
+ JAXBElement<?> jaxbEnvelope = JAXBElementMappingUtil.get(envelope);
+ Marshaller marshaller = SOAPSAMLXACMLUtil.getMarshaller();
+ marshaller.marshal(jaxbEnvelope, os);
+ }
+ catch (JAXBException e)
+ {
+ log("marshalling exception",e);
+ }
+ }
+ }
+
+ private PolicyDecisionPoint getPDP() throws PrivilegedActionException
+ {
+ ClassLoader tcl = AccessController.doPrivileged(new PrivilegedExceptionAction<ClassLoader>()
+ {
+ public ClassLoader run() throws Exception
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ InputStream is = tcl.getResourceAsStream(this.policyConfigFileName);
+ if(is == null)
+ throw new IllegalStateException(policyConfigFileName + " could not be located");
+ return new JBossPDP(is);
+ }
+}
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,108 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.bindings.servlets;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.util.HashMap;
+
+import javax.servlet.ServletContext;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.Unmarshaller;
+
+import junit.framework.TestCase;
+
+import org.jboss.identity.federation.bindings.servlets.SOAPSAMLXACMLServlet;
+import org.jboss.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil;
+import org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope.Envelope;
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.jboss.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.jboss.security.xacml.core.model.context.DecisionType;
+import org.jboss.security.xacml.core.model.context.ResultType;
+
+/**
+ * Unit Test the SOAP SAML XACML Servlet
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 28, 2009
+ */
+public class SOAPSAMLXACMLServletUnitTestCase extends TestCase
+{
+ public void testPermit() throws Exception
+ {
+ validate("xacml/requests/XacmlRequest-01-01.xml", DecisionType.PERMIT.value());
+ }
+
+ public void testDeny() throws Exception
+ {
+ validate("xacml/requests/XacmlRequest-01-02.xml", DecisionType.DENY.value());
+ }
+
+ @SuppressWarnings("unchecked")
+ private void validate(String requestFile, String value) throws Exception
+ {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+ SOAPSAMLXACMLServlet servlet = new SOAPSAMLXACMLServlet();
+ servlet.init(new TestServletConfig(getServletContext()));
+ ServletRequest sreq = new TestServletRequest(getInputStream(requestFile));
+ ServletResponse sresp = new TestServletResponse(baos);
+ servlet.service(sreq, sresp);
+
+ sresp.flushBuffer(); //Flush the servlet response ServletOutputStream to our baos
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
+ Unmarshaller un = SOAPSAMLXACMLUtil.getUnmarshaller();
+ JAXBElement<Envelope> jax = (JAXBElement<Envelope>) un.unmarshal(bis);
+ Envelope envelope = jax.getValue();
+ assertNotNull("Envelope is not null", envelope);
+
+ JAXBElement<ResponseType> jaxbResponseType = (JAXBElement<ResponseType>) envelope.getBody().getAny().get(0);
+ ResponseType responseType = jaxbResponseType.getValue();
+
+ assertNotNull("ResponseType is not null", responseType);
+ AssertionType assertion = (AssertionType) responseType.getAssertionOrEncryptedAssertion().get(0);
+ XACMLAuthzDecisionStatementType xacmlStatement = (XACMLAuthzDecisionStatementType) assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().get(0);
+ assertNotNull("XACML Authorization Statement is not null", xacmlStatement);
+ org.jboss.security.xacml.core.model.context.ResponseType xacmlResponse = xacmlStatement.getResponse();
+ ResultType resultType = xacmlResponse.getResult().get(0);
+ DecisionType decision = resultType.getDecision();
+ assertNotNull("Decision is not null", decision);
+ assertEquals(value, decision.value());
+ }
+
+ private ServletContext getServletContext()
+ {
+ HashMap<String,String> map = new HashMap<String, String>();
+ map.put("policyConfigFileName", "xacml/policies/config/rsaConfPolicyConfig.xml");
+ return new TestServletContext(map);
+ }
+
+ private InputStream getInputStream(String requestFileLoc)
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ return tcl.getResourceAsStream(requestFileLoc);
+ }
+}
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletConfig.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletConfig.java (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletConfig.java 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,61 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.bindings.servlets;
+
+import java.util.Enumeration;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
+
+/**
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 28, 2009
+ */
+public class TestServletConfig implements ServletConfig
+{
+ private ServletContext sc;
+
+ public TestServletConfig(ServletContext sc)
+ {
+ this.sc = sc;
+ }
+
+ public String getInitParameter(String name)
+ {
+ return null;
+ }
+
+ public Enumeration getInitParameterNames()
+ {
+ return null;
+ }
+
+ public ServletContext getServletContext()
+ {
+ return sc;
+ }
+
+ public String getServletName()
+ {
+ return null;
+ }
+}
Added: identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletContext.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletContext.java (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletContext.java 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,198 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.bindings.servlets;
+
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Set;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.Servlet;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+
+/**
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 28, 2009
+ */
+public class TestServletContext implements ServletContext
+{
+ private HashMap<String,String> params = new HashMap<String,String>();
+
+ public TestServletContext(HashMap<String,String> map)
+ {
+ this.params = map;
+ }
+
+ public Object getAttribute(String name)
+ {
+
+ return null;
+ }
+
+ public Enumeration getAttributeNames()
+ {
+
+ return null;
+ }
+
+ public ServletContext getContext(String uripath)
+ {
+
+ return null;
+ }
+
+ public String getContextPath()
+ {
+
+ return null;
+ }
+
+ public String getInitParameter(String name)
+ {
+ return this.params.get(name);
+ }
+
+ public Enumeration getInitParameterNames()
+ {
+
+ return null;
+ }
+
+ public int getMajorVersion()
+ {
+
+ return 0;
+ }
+
+ public String getMimeType(String file)
+ {
+
+ return null;
+ }
+
+ public int getMinorVersion()
+ {
+
+ return 0;
+ }
+
+ public RequestDispatcher getNamedDispatcher(String name)
+ {
+
+ return null;
+ }
+
+ public String getRealPath(String path)
+ {
+
+ return null;
+ }
+
+ public RequestDispatcher getRequestDispatcher(String path)
+ {
+
+ return null;
+ }
+
+ public URL getResource(String path) throws MalformedURLException
+ {
+
+ return null;
+ }
+
+ public InputStream getResourceAsStream(String path)
+ {
+
+ return null;
+ }
+
+ public Set getResourcePaths(String path)
+ {
+
+ return null;
+ }
+
+ public String getServerInfo()
+ {
+
+ return null;
+ }
+
+ public Servlet getServlet(String name) throws ServletException
+ {
+
+ return null;
+ }
+
+ public String getServletContextName()
+ {
+
+ return null;
+ }
+
+ public Enumeration getServletNames()
+ {
+
+ return null;
+ }
+
+ public Enumeration getServlets()
+ {
+
+ return null;
+ }
+
+ public void log(String msg)
+ {
+
+
+ }
+
+ public void log(Exception exception, String msg)
+ {
+
+
+ }
+
+ public void log(String message, Throwable throwable)
+ {
+
+
+ }
+
+ public void removeAttribute(String name)
+ {
+
+
+ }
+
+ public void setAttribute(String name, Object object)
+ {
+
+
+ }
+
+}
Added: identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletRequest.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletRequest.java (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletRequest.java 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,377 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.bindings.servlets;
+
+import java.io.BufferedInputStream;
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
+import java.security.Principal;
+import java.util.Enumeration;
+import java.util.Locale;
+import java.util.Map;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+/**
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 28, 2009
+ */
+public class TestServletRequest implements HttpServletRequest
+{
+ private BufferedInputStream is = null;
+
+ public TestServletRequest(InputStream is)
+ {
+ super();
+ this.is = new BufferedInputStream(is);
+ }
+
+ public String getAuthType()
+ {
+ return null;
+ }
+
+ public String getContextPath()
+ {
+ return null;
+ }
+
+ public Cookie[] getCookies()
+ {
+ return null;
+ }
+
+ public long getDateHeader(String name)
+ {
+ return 0;
+ }
+
+ public String getHeader(String name)
+ {
+
+ return null;
+ }
+
+ public Enumeration getHeaderNames()
+ {
+
+ return null;
+ }
+
+ public Enumeration getHeaders(String name)
+ {
+
+ return null;
+ }
+
+ public int getIntHeader(String name)
+ {
+
+ return 0;
+ }
+
+ public String getMethod()
+ {
+
+ return null;
+ }
+
+ public String getPathInfo()
+ {
+
+ return null;
+ }
+
+ public String getPathTranslated()
+ {
+
+ return null;
+ }
+
+ public String getQueryString()
+ {
+
+ return null;
+ }
+
+ public String getRemoteUser()
+ {
+
+ return null;
+ }
+
+ public String getRequestURI()
+ {
+
+ return null;
+ }
+
+ public StringBuffer getRequestURL()
+ {
+
+ return null;
+ }
+
+ public String getRequestedSessionId()
+ {
+
+ return null;
+ }
+
+ public String getServletPath()
+ {
+
+ return null;
+ }
+
+ public HttpSession getSession()
+ {
+
+ return null;
+ }
+
+ public HttpSession getSession(boolean create)
+ {
+
+ return null;
+ }
+
+ public Principal getUserPrincipal()
+ {
+
+ return null;
+ }
+
+ public boolean isRequestedSessionIdFromCookie()
+ {
+
+ return false;
+ }
+
+ public boolean isRequestedSessionIdFromURL()
+ {
+
+ return false;
+ }
+
+ public boolean isRequestedSessionIdFromUrl()
+ {
+
+ return false;
+ }
+
+ public boolean isRequestedSessionIdValid()
+ {
+
+ return false;
+ }
+
+ public boolean isUserInRole(String role)
+ {
+
+ return false;
+ }
+
+ public Object getAttribute(String name)
+ {
+
+ return null;
+ }
+
+ public Enumeration getAttributeNames()
+ {
+
+ return null;
+ }
+
+ public String getCharacterEncoding()
+ {
+
+ return null;
+ }
+
+ public int getContentLength()
+ {
+
+ return 0;
+ }
+
+ public String getContentType()
+ {
+
+ return null;
+ }
+
+ public ServletInputStream getInputStream() throws IOException
+ {
+ return new ServletInputStream()
+ {
+ @Override
+ public int read() throws IOException
+ {
+ return is.read();
+ }
+ };
+ }
+
+ public String getLocalAddr()
+ {
+
+ return null;
+ }
+
+ public String getLocalName()
+ {
+
+ return null;
+ }
+
+ public int getLocalPort()
+ {
+
+ return 0;
+ }
+
+ public Locale getLocale()
+ {
+
+ return null;
+ }
+
+ public Enumeration getLocales()
+ {
+
+ return null;
+ }
+
+ public String getParameter(String name)
+ {
+
+ return null;
+ }
+
+ public Map getParameterMap()
+ {
+
+ return null;
+ }
+
+ public Enumeration getParameterNames()
+ {
+
+ return null;
+ }
+
+ public String[] getParameterValues(String name)
+ {
+
+ return null;
+ }
+
+ public String getProtocol()
+ {
+
+ return null;
+ }
+
+ public BufferedReader getReader() throws IOException
+ {
+
+ return null;
+ }
+
+ public String getRealPath(String path)
+ {
+
+ return null;
+ }
+
+ public String getRemoteAddr()
+ {
+
+ return null;
+ }
+
+ public String getRemoteHost()
+ {
+
+ return null;
+ }
+
+ public int getRemotePort()
+ {
+
+ return 0;
+ }
+
+ public RequestDispatcher getRequestDispatcher(String path)
+ {
+
+ return null;
+ }
+
+ public String getScheme()
+ {
+
+ return null;
+ }
+
+ public String getServerName()
+ {
+
+ return null;
+ }
+
+ public int getServerPort()
+ {
+
+ return 0;
+ }
+
+ public boolean isSecure()
+ {
+
+ return false;
+ }
+
+ public void removeAttribute(String name)
+ {
+
+
+ }
+
+ public void setAttribute(String name, Object o)
+ {
+
+
+ }
+
+ public void setCharacterEncoding(String env) throws UnsupportedEncodingException
+ {
+ }
+}
Added: identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletResponse.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletResponse.java (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletResponse.java 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,196 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.bindings.servlets;
+
+import java.io.BufferedOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.PrintWriter;
+import java.util.Locale;
+
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 28, 2009
+ */
+public class TestServletResponse implements HttpServletResponse
+{
+ private BufferedOutputStream bos = null;
+
+ public TestServletResponse(OutputStream os)
+ {
+ super();
+ bos = new BufferedOutputStream(os);
+ }
+
+ public void addCookie(Cookie cookie)
+ {
+ }
+
+ public void addDateHeader(String name, long date)
+ {
+ }
+
+ public void addHeader(String name, String value)
+ {
+ }
+
+ public void addIntHeader(String name, int value)
+ {
+ }
+
+ public boolean containsHeader(String name)
+ {
+ return false;
+ }
+
+ public String encodeRedirectURL(String url)
+ {
+ return null;
+ }
+
+ public String encodeRedirectUrl(String url)
+ {
+ return null;
+ }
+
+ public String encodeURL(String url)
+ {
+ return null;
+ }
+
+ public String encodeUrl(String url)
+ {
+ return null;
+ }
+
+ public void sendError(int sc) throws IOException
+ {
+ }
+
+ public void sendError(int sc, String msg) throws IOException
+ {
+ }
+
+ public void sendRedirect(String location) throws IOException
+ {
+ }
+
+ public void setDateHeader(String name, long date)
+ {
+ }
+
+ public void setHeader(String name, String value)
+ {
+ }
+
+ public void setIntHeader(String name, int value)
+ {
+ }
+
+ public void setStatus(int sc)
+ {
+ }
+
+ public void setStatus(int sc, String sm)
+ {
+ }
+
+ public void flushBuffer() throws IOException
+ {
+ this.bos.flush();
+ }
+
+ public int getBufferSize()
+ {
+ return 0;
+ }
+
+ public String getCharacterEncoding()
+ {
+ return null;
+ }
+
+ public String getContentType()
+ {
+ return null;
+ }
+
+ public Locale getLocale()
+ {
+ return null;
+ }
+
+ public ServletOutputStream getOutputStream() throws IOException
+ {
+ bos.flush();
+ return new ServletOutputStream()
+ {
+ @Override
+ public void write(int b) throws IOException
+ {
+ bos.write(b);
+ }
+ };
+ }
+
+ public PrintWriter getWriter() throws IOException
+ {
+ return null;
+ }
+
+ public boolean isCommitted()
+ {
+ return false;
+ }
+
+ public void reset()
+ {
+ }
+
+ public void resetBuffer()
+ {
+ }
+
+ public void setBufferSize(int size)
+ {
+ }
+
+ public void setCharacterEncoding(String charset)
+ {
+ }
+
+ public void setContentLength(int len)
+ {
+ }
+
+ public void setContentType(String type)
+ {
+ }
+
+ public void setLocale(Locale loc)
+ {
+ }
+}
Added: identity-federation/trunk/identity-bindings/src/test/resources/logging.properties
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/logging.properties (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/logging.properties 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,21 @@
+# Specify the handlers to create in the root logger
+# (all loggers are children of the root logger)
+# The following creates two handlers
+handlers = java.util.logging.ConsoleHandler, java.util.logging.FileHandler
+
+# Set the default logging level for the root logger
+.level = ALL
+
+# Set the default logging level for new ConsoleHandler instances
+java.util.logging.ConsoleHandler.level = ALL
+
+# Set the default logging level for new FileHandler instances
+java.util.logging.FileHandler.level = ALL
+
+# Set the default formatter for new ConsoleHandler instances
+java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
+java.util.logging.FileHandler.formatter=java.util.logging.SimpleFormatter
+
+# Set the default logging level for the logger named org.jboss
+org.jboss.security.xacml.sunxacml = FINEST
+com.sun.xml.bind = OFF
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-01-top-level.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-01-top-level.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-01-top-level.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Top level policy set which combines the CDA and N confidentiality codes.
+ </Description>
+ <Target/>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:emergency"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target/>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:emergency</PolicySetIdReference>
+ </PolicySet>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:CDA"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >UBA</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:CDA</PolicySetIdReference>
+ </PolicySet>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:MA"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides">
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >MA</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:MA</PolicySetIdReference>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:MA:default-to-permit"
+ RuleCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
+ <Target/>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:MA"
+ Effect="Permit">
+ <Description>
+ If a Deny was obtained for object above then set Permit by default.
+ </Description>
+ </Rule>
+ </Policy>
+ </PolicySet>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:bus-rule"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:progress-note</PolicySetIdReference>
+ </PolicySet>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:N"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides">
+ <Target/>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:N</PolicySetIdReference>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:N:PermCollections</PolicySetIdReference>
+ </PolicySet>
+</PolicySet>
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02a-CDA.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02a-CDA.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02a-CDA.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:CDA"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for the UBA confidentiality code.
+ </Description>
+ <Target/>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:CDA"
+ RuleCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
+ <Target/>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:CDA:1"
+ Effect="Permit">
+ <Description>
+ If the access subject is NOT one of those users which consent has
+ been removed, then permit.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if hl7:dissented-subject-id NOT EQUAL TO subject:subject-id -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <!-- True if hl7:dissented-subject-id EQUAL TO subject:subject-id -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:CDA:2"
+ Effect="Deny">
+ <Description>
+ If a Permit was not obtained above then set Deny by default.
+ </Description>
+ </Rule>
+ <Obligations>
+ <!-- These obligations provide specific instructions to PEP in the response -->
+ <!-- This obligation instructs the PEP to apply privacy constraints to -->
+ <!-- user's responsibility for the data. -->
+ <Obligation
+ ObligationId="urn:va:xacml:2.0:interop:rsa8:obligation:privacy:constraint"
+ FulfillOn="Deny"/>
+ </Obligations>
+ </Policy>
+</PolicySet>
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02b-N.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02b-N.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02b-N.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for evaluating the subject:role attributes.
+ This implements an RBAC policy. This policy set matches
+ subject roles and refers to permission policy sets.
+ </Description>
+ <Target/>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:physician"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target>
+ <Subjects>
+ <Subject>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:role:hl7:physician</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ </Subject>
+ </Subjects>
+ </Target>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:med-rec-vrole</PolicySetIdReference>
+ </PolicySet>
+</PolicySet>
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02c-N-PermCollections.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02c-N-PermCollections.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02c-N-PermCollections.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:PermCollections"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for evaluating the subject:hl7:permission attributes.
+ This implements an RBAC policy. This policy set matches
+ subject roles and refers to permission policy sets.
+ </Description>
+ <Target/>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:med-rec-perm-set"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides">
+ <Target/>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:med-rec-perm-set-0"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target/>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:med-rec-vrole</PolicySetIdReference>
+ </PolicySet>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:med-rec-perm-set-1"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target>
+ <Subjects>
+ <Subject>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ </Subject>
+ </Subjects>
+ </Target>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:med-rec-vrole</PolicySetIdReference>
+ </PolicySet>
+ </PolicySet>
+</PolicySet>
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02d-prog-note.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02d-prog-note.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02d-prog-note.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:progress-note"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for the business rule for unsigned progress notes.
+ </Description>
+ <Target/>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:progress-note"
+ RuleCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
+ <Target/>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:progress-note:sig"
+ Effect="Permit">
+ <Description>
+ If the progress-note is signed allow any user to see it. If not signed
+ then only author may see it.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if resource:hl7:progress-note:signed EQUAL TO True -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >True</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note:signed"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:progress-note:author"
+ Effect="Permit">
+ <Description>
+ If a Permit was not obtained then subject must be author.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if hl7:dissented-subject-id EQUAL TO subject:subject-id -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note:author-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:progress-note:deny-sig"
+ Effect="Deny">
+ <Description>
+ If a Permit was not obtained above then set Deny by default.
+ </Description>
+ </Rule>
+ <Obligations>
+ <!-- These obligations provide specific instructions to PEP in the response -->
+ <!-- This obligation informs the PEP access denied unsigned non-author -->
+ <Obligation
+ ObligationId="urn:va:xacml:2.0:interop:rsa8:obligation:deny:unsigned:non-author"
+ FulfillOn="Deny"/>
+ </Obligations>
+ </Policy>
+</PolicySet>
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02e-MA.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02e-MA.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02e-MA.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:MA"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for the MA confidentiality code.
+ </Description>
+ <Target/>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:MA"
+ RuleCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Target/>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:MA:1"
+ Effect="Deny">
+ <Description>
+ If the access subject is NOT one of those users which consent has
+ been removed, then deny.
+ Note: there is reverse logic here because the Obligation that denies
+ access to the user for this object must be issued when the user has
+ obtained a Permit. So, the caller of this policy must know to reverse
+ sense as well.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if hl7:radiology:dissented-subject-id NOTEQUALTO subject:subject-id -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <!-- True if hl7:radiology:dissented-subject-id EQUALTO subject:subject-id -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:radiology:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:MA:2"
+ Effect="Permit">
+ <Description>
+ If a Deny was not obtained above then set Permit by default.
+ </Description>
+ </Rule>
+ <Obligations>
+ <!-- These obligations provide specific instructions to PEP in the response -->
+ <!-- This obligation instructs the PEP to apply privacy constraints to -->
+ <!-- user's responsibility for the data. -->
+ <Obligation
+ ObligationId=
+ "urn:va:xacml:2.0:interop:rsa8:obligation:ma:privacy:constraint:radiology"
+ FulfillOn="Permit"/>
+ </Obligations>
+ </Policy>
+</PolicySet>
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02f-emergency.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02f-emergency.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02f-emergency.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:emergency"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set to allow emergency access for non-facility subjects.
+ Returns Deny if user not from supported facility AND does not have emergency perm
+ Returns Permit if not from supported facility AND not denied access
+ Returns NotApplicable if plain old user from supported facility
+ </Description>
+ <Target/>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:emergency"
+ RuleCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Target/>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:emergency:deny"
+ Effect="Deny">
+ <Description>
+ If the subject is not from a supported facility AND
+. if the subject does not have emergency permission THEN Deny access.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if subject:locality NOT EQUAL TO ANYOF environment:locality -->
+ <!-- AND if hl7:pea-001 NOT EQUAL TO ANYOF subject:hl7:permission -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <!-- True if subject:locality NOT EQUAL TO ANYOF environment:locality -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId=
+ "urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ <EnvironmentAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Apply>
+ <!-- True if hl7:pea-001 NOT EQUAL TO ANYOF subject:hl7:permission -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:pea-001</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:emergency:permit"
+ Effect="Permit">
+ <Description>
+ If a Deny was not obtained above AND subject not part of a supported
+ facility then subject must have emergency permission.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if subject:locality NOT EQUAL TO ANYOF environment:locality -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId=
+ "urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ <EnvironmentAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Obligations>
+ <!-- These obligations provide specific instructions to PEP in the response -->
+ <!-- This obligation informs the PEP user granted emergency access -->
+ <Obligation
+ ObligationId="urn:va:xacml:2.0:interop:rsa8:obligation:emergency:permit"
+ FulfillOn="Permit"/>
+ </Obligations>
+ </Policy>
+</PolicySet>
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
+ PolicySetId=
+ "urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:med-rec-vrole"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set that points to the Permission PolicySet for medical record
+ resources and actions.
+ </Description>
+ <Target/>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:N:PPS:PRD-004</PolicySetIdReference>
+</PolicySet>
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-04-N-PPS-PRD-004.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-04-N-PPS-PRD-004.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-04-N-PPS-PRD-004.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,180 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:PPS:PRD-004"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for the PRD-004 permission. This permission allows
+ access to all medical records.
+ </Description>
+ <Target/>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:N:PPS:PRD-004:1"
+ RuleCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:demographics</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:chart</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:problemlist</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:procedures</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:laboratory</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:radiology</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medications</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:vitals</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:patientsearch</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:policy:N:PPS:PRD-004:1:rule:1"
+ Effect="Permit">
+ <Condition>
+
+ <!-- Returns true iff the first argument is a subset of the second argument -->
+ <!-- i.e. the permissions required by the resource must be a -->
+ <!-- subset of the permissions supplied by the subject -->
+
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
+
+ <!-- 1st argument: returns the values of all Attributes with -->
+ <!-- DataType="http://www.w3.org/2001/XMLSchema#string" and -->
+ <!-- AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission" -->
+ <ResourceAttributeDesignator
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"/>
+
+ <!-- 2nd argument: returns the values of all Attributes with -->
+ <!-- DataType="http://www.w3.org/2001/XMLSchema#string" and -->
+ <!-- AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission" -->
+ <SubjectAttributeDesignator
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"/>
+
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:N:PPS:PRD-004:1:rule:2"
+ Effect="Deny">
+ <Description>
+ If a Permit was not obtained above then set Deny by default.
+ </Description>
+ </Rule>
+ </Policy>
+</PolicySet>
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/config/rsaConfPolicyConfig.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/config/rsaConfPolicyConfig.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/config/rsaConfPolicyConfig.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,35 @@
+<ns:jbosspdp xmlns:ns="urn:jboss:xacml:2.0">
+ <ns:Policies>
+ <ns:PolicySet>
+ <ns:Location>xacml/policies/XacmlPolicySet-01-top-level.xml</ns:Location>
+ <ns:PolicySet>
+ <ns:Location>xacml/policies/XacmlPolicySet-02a-CDA.xml</ns:Location>
+ </ns:PolicySet>
+ <ns:PolicySet>
+ <ns:Location>xacml/policies/XacmlPolicySet-02b-N.xml</ns:Location>
+ <ns:PolicySet>
+ <ns:Location>xacml/policies/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml</ns:Location>
+ <ns:PolicySet>
+ <ns:Location>xacml/policies/XacmlPolicySet-04-N-PPS-PRD-004.xml</ns:Location>
+ </ns:PolicySet>
+ </ns:PolicySet>
+ </ns:PolicySet>
+ <ns:PolicySet>
+ <ns:Location>xacml/policies/XacmlPolicySet-02c-N-PermCollections.xml</ns:Location>
+ </ns:PolicySet>
+ <ns:PolicySet>
+ <ns:Location>xacml/policies/XacmlPolicySet-02d-prog-note.xml</ns:Location>
+ </ns:PolicySet>
+ <ns:PolicySet>
+ <ns:Location>xacml/policies/XacmlPolicySet-02e-MA.xml</ns:Location>
+ </ns:PolicySet>
+ <ns:PolicySet>
+ <ns:Location>xacml/policies/XacmlPolicySet-02f-emergency.xml</ns:Location>
+ </ns:PolicySet>
+ </ns:PolicySet>
+ </ns:Policies>
+ <ns:Locators>
+ <ns:Locator Name="org.jboss.security.xacml.locators.JBossPolicySetLocator">
+ </ns:Locator>
+ </ns:Locators>
+</ns:jbosspdp>
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/XacmlRequest-01-01.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/XacmlRequest-01-01.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/XacmlRequest-01-01.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<samlp:RequestAbstract xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+xsi:type="xacml-samlp:XACMLAuthzDecisionQueryType"
+xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+xmlns:xacml-samlp="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+xacml-samlp:InputContextOnly="true"
+xacml-samlp:ReturnContext="true"
+ID="s2846efb514a944cc3dc5b65ed8a76dde449787617" Version="2.0"
+IssueInstant="2008-03-19T22:18:42Z" Destination="destination-uri">
+<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">vaPepEntity</saml:Issuer>
+<xacml-context:Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+ <!-- **************************************************************** -->
+ <!-- Test case 1-01: Should be Perm: Dr A has all reqd perms -->
+ <!-- **************************************************************** -->
+
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and N confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <xacml-context:Subject>
+ <xacml-context:Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>Dr. Alice</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <xacml-context:AttributeValue>Facility A</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ </xacml-context:Subject>
+ <xacml-context:Resource>
+ <xacml-context:Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>Anthony Gurrola</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>xxx-DummyConfCode</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>Dr. Alice</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ </xacml-context:Resource>
+ <xacml-context:Action/>
+ <xacml-context:Environment>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <xacml-context:AttributeValue>Facility A</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ </xacml-context:Environment>
+</xacml-context:Request>
+</samlp:RequestAbstract>
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/XacmlRequest-01-02.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/XacmlRequest-01-02.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/XacmlRequest-01-02.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<samlp:RequestAbstract xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+xsi:type="xacml-samlp:XACMLAuthzDecisionQueryType"
+xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+xmlns:xacml-samlp="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+xacml-samlp:InputContextOnly="true"
+xacml-samlp:ReturnContext="true"
+ID="s2846efb514a944cc3dc5b65ed8a76dde449787617" Version="2.0"
+IssueInstant="2008-03-19T22:18:42Z" Destination="destination-uri">
+<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">vaPepEntity</saml:Issuer>
+<xacml-context:Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+
+ <!-- **************************************************************** -->
+ <!-- Test case 1-02: Should be Deny: Dr A missing 2 reqd perms -->
+ <!-- **************************************************************** -->
+
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and N confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <xacml-context:Subject>
+ <xacml-context:Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>Dr. Alice</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <xacml-context:AttributeValue>Facility A</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ </xacml-context:Subject>
+ <xacml-context:Resource>
+ <xacml-context:Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>Anthony Gurrola</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>xxx-DummyConfCode</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>Dr. Alice</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ </xacml-context:Resource>
+ <xacml-context:Action/>
+ <xacml-context:Environment>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <xacml-context:AttributeValue>Facility A</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ </xacml-context:Environment>
+</xacml-context:Request>
+</samlp:RequestAbstract>
\ No newline at end of file
Modified: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
===================================================================
--- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-01-28 22:30:38 UTC (rev 258)
+++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-01-28 22:31:17 UTC (rev 259)
@@ -33,6 +33,7 @@
import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory;
import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory;
+import org.jboss.identity.federation.core.saml.v2.factories.SAMLProtocolFactory;
import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
@@ -41,6 +42,7 @@
import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeType;
import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
+import org.jboss.identity.federation.saml.v2.assertion.StatementAbstractType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
/**
@@ -80,6 +82,11 @@
return JBossSAMLAuthnResponseFactory.createResponseType(ID, sp, idp, issuerInfo);
}
+ public ResponseType createResponseType(String ID, IssuerInfoHolder issuerInfo, AssertionType assertion) throws Exception
+ {
+ return JBossSAMLAuthnResponseFactory.createResponseType(ID, issuerInfo, assertion);
+ }
+
/**
* Add validity conditions to the SAML2 Assertion
* @param assertion
@@ -127,7 +134,7 @@
public void marshall(ResponseType responseType, OutputStream os) throws Exception
{
Marshaller marshaller = JBossSAMLAuthnResponseFactory.getValidatingMarshaller();
- JAXBElement<ResponseType> jaxb = JBossSAMLAuthnResponseFactory.getObjectFactory().createResponse(responseType);
+ JAXBElement<ResponseType> jaxb = SAMLProtocolFactory.getObjectFactory().createResponse(responseType);
marshaller.marshal(jaxb, os);
}
@@ -140,7 +147,7 @@
public void marshall(ResponseType responseType, Writer writer) throws Exception
{
Marshaller marshaller = JBossSAMLAuthnResponseFactory.getValidatingMarshaller();
- JAXBElement<ResponseType> jaxb = JBossSAMLAuthnResponseFactory.getObjectFactory().createResponse(responseType);
+ JAXBElement<ResponseType> jaxb = SAMLProtocolFactory.getObjectFactory().createResponse(responseType);
marshaller.marshal(jaxb, writer);
}
}
\ No newline at end of file
More information about the jboss-identity-commits
mailing list