[jboss-cvs] JBossAS SVN: r70949 - in projects/security/security-xacml/trunk/jboss-xacml/src: resources/test/policies and 7 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Mar 18 11:57:39 EDT 2008
Author: mmoyses
Date: 2008-03-18 11:57:38 -0400 (Tue, 18 Mar 2008)
New Revision: 70949
Added:
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-01-top-level.xml
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02a-CDA.xml
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02b-N.xml
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02c-N-PermCollections.xml
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/requests/rsaconf/
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/requests/rsaconf/XacmlRequest-01-01.xml
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/requests/rsaconf/XacmlRequest-02-01.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/interop/
projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/interop/rsaconf/
projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/interop/rsaconf/RSAConferenceTestCase.java
projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/interop/rsaconf/Util.java
Modified:
projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/interfaces/XACMLConstants.java
projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/WebLayerDynamicPolicyUnitTestCase.java
projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/WebPEP.java
Log:
Util for the RSA conference
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/interfaces/XACMLConstants.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/interfaces/XACMLConstants.java 2008-03-18 14:50:14 UTC (rev 70948)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/interfaces/XACMLConstants.java 2008-03-18 15:57:38 UTC (rev 70949)
@@ -58,7 +58,7 @@
//Subject Attribute IDs
String ATTRIBUTEID_SUBJECT_ID = "urn:oasis:names:tc:xacml:1.0:subject:subject-id";
- String ATTRIBUTEID_SUBJECT_ROLE = "urn:oasis:names:tc:xacml:2.0:subject:role";
+ String ATTRIBUTEID_ROLE = "urn:oasis:names:tc:xacml:2.0:subject:role";
String ATTRIBUTEID_DNS_NAME = "urn:oasis:names:tc:xacml:1.0:subject:authn-locality:dns-name";
String ATTRIBUTEID_IP_ADDRESS = "urn:oasis:names:tc:xacml:1.0:subject:authn-locality:ip-address";
String ATTRIBUTEID_AUTHENTICATION_METHOD = "urn:oasis:names:tc:xacml:1.0:subject:authentication-method";
@@ -73,6 +73,7 @@
String ATTRIBUTEID_INTERMEDIARY_SUBJECT = "urn:oasis:names:tc:xacml:1.0:subject-category:intermediary-subject";
String ATTRIBUTEID_RECIPIENT_SUBJECT = "urn:oasis:names:tc:xacml:1.0:subject-category:recipient-subject";
String ATTRIBUTEID_REQUESTING_MACHINE = "urn:oasis:names:tc:xacml:1.0:subject-category:requesting-machine";
+ String ATTRIBUTEID_HL7_PERMISSION = "urn:oasis:names:tc:xacml:2.0:subject:hl7:permission";
//Begin Functions
//Equal
Added: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-01-top-level.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-01-top-level.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-01-top-level.xml 2008-03-18 15:57:38 UTC (rev 70949)
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
+ PolicySetId="urn:oasis:names:tc:xacml:interop:policysetid:toplevel"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Top level policy set which combines the CDA and N confidentiality codes.
+ </Description>
+ <Target/>
+ <PolicySet
+ PolicySetId="urn:oasis:names:tc:xacml:interop:policysetid:toplevel:CDA"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >CDA</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:oasis:names:tc:xacml:interop:resource:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <PolicySetIdReference
+ >urn:oasis:names:tc:xacml:interop:policysetid:CDA</PolicySetIdReference>
+ </PolicySet>
+ <PolicySet
+ PolicySetId="urn:oasis:names:tc:xacml:interop:policysetid:toplevel:N"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides">
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >N</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:oasis:names:tc:xacml:interop:resource:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <PolicySetIdReference
+ >urn:oasis:names:tc:xacml:interop:policysetid:N</PolicySetIdReference>
+ <PolicySetIdReference
+ >urn:oasis:names:tc:xacml:interop:policysetid:N:PermCollections</PolicySetIdReference>
+ </PolicySet>
+</PolicySet>
Added: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02a-CDA.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02a-CDA.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02a-CDA.xml 2008-03-18 15:57:38 UTC (rev 70949)
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
+ PolicySetId="urn:oasis:names:tc:xacml:interop:policysetid:CDA"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for the CDA confidentiality code.
+ </Description>
+ <Target/>
+ <Policy
+ PolicyId="urn:oasis:names:tc:xacml:interop:policyid:CDA:"
+ RuleCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
+ <Target/>
+ <Rule
+ RuleId="urn:oasis:names:tc:xacml:interop:rule::CDA:1"
+ Effect="Permit">
+ <Description>
+ If the access subject is one of those users which have been
+ given consent to, then permit.
+ </Description>
+ <Target/>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:oasis:names:tc:xacml:interop:resource:consented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:oasis:names:tc:xacml:interop:rule:CDA:2"
+ Effect="Deny">
+ <Description>
+ Deny by default.
+ </Description>
+ </Rule>
+ </Policy>
+</PolicySet>
Added: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02b-N.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02b-N.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02b-N.xml 2008-03-18 15:57:38 UTC (rev 70949)
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
+ PolicySetId="urn:oasis:names:tc:xacml:interop:policysetid:N"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for the N confidentiality code.
+ This implements an RBAC policy. This policy set matches
+ subject roles and refers to permission policy sets.
+ </Description>
+ <Target/>
+ <PolicySet
+ PolicySetId="urn:oasis:names:tc:xacml:interop:policysetid:N:RPS:physician"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target>
+ <Subjects>
+ <Subject>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI"
+ >urn:oasis:names:tc:xacml:interop:role:physician</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
+ </SubjectMatch>
+ </Subject>
+ </Subjects>
+ </Target>
+ <PolicySetIdReference
+ >urn:oasis:names:tc:xacml:interop:policysetid:N:RPS:virt-med-rec-role</PolicySetIdReference>
+ </PolicySet>
+</PolicySet>
Added: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02c-N-PermCollections.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02c-N-PermCollections.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02c-N-PermCollections.xml 2008-03-18 15:57:38 UTC (rev 70949)
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
+ PolicySetId="urn:oasis:names:tc:xacml:interop:policysetid:N:PermCollections"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for the N confidentiality code.
+ This implements an RBAC policy. This policy set matches
+ subject roles and refers to permission policy sets.
+ </Description>
+ <Target/>
+ <PolicySet
+ PolicySetId="urn:oasis:names:tc:xacml:interop:policysetid:N:med-rec-perm-set"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target>
+ <Subjects>
+ <Subject>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI"
+ >urn:oasis:names:tc:xacml:interop:hl7:prd-003</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI"
+ >urn:oasis:names:tc:xacml:interop:hl7:prd-005</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI"
+ >urn:oasis:names:tc:xacml:interop:hl7:prd-006</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI"
+ >urn:oasis:names:tc:xacml:interop:hl7:prd-009</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI"
+ >urn:oasis:names:tc:xacml:interop:hl7:prd-010</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI"
+ >urn:oasis:names:tc:xacml:interop:hl7:prd-012</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI"
+ >urn:oasis:names:tc:xacml:interop:hl7:prd-017</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
+ </SubjectMatch>
+ </Subject>
+ </Subjects>
+ </Target>
+ <PolicySetIdReference
+ >urn:oasis:names:tc:xacml:interop:policysetid:N:RPS:virt-med-rec-role</PolicySetIdReference>
+ </PolicySet>
+</PolicySet>
Added: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml 2008-03-18 15:57:38 UTC (rev 70949)
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
+ PolicySetId=
+ "urn:oasis:names:tc:xacml:interop:policysetid:N:RPS:virt-med-rec-role"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set that points to the Permission PolicySet for medical record
+ resources and actions.
+ </Description>
+ <Target/>
+ <PolicySetIdReference
+ >urn:oasis:names:tc:xacml:interop:policysetid:N:PPS:PRD-004</PolicySetIdReference>
+</PolicySet>
Added: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml 2008-03-18 15:57:38 UTC (rev 70949)
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
+ PolicySetId="urn:oasis:names:tc:xacml:interop:policysetid:N:PPS:PRD-004"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for the PRD-004 permission. This permission allows
+ access to all medical records.
+ </Description>
+ <Target/>
+ <Policy
+ PolicyId="urn:oasis:names:tc:xacml:interop:policyid:N:PPS:PRD-004:1"
+ RuleCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI"
+ >urn:oasis:names:tc:xacml:interop:resource:medical-record</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:interop:resource:type"
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <Rule
+ RuleId="urn:oasis:names:tc:xacml:interop:policy:N:PPS:PRD-004:1:rule:1"
+ Effect="Permit">
+ </Rule>
+ </Policy>
+</PolicySet>
Added: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/requests/rsaconf/XacmlRequest-01-01.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/requests/rsaconf/XacmlRequest-01-01.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/requests/rsaconf/XacmlRequest-01-01.xml 2008-03-18 15:57:38 UTC (rev 70949)
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation=" urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and N confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <Subject>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:oasis:names:tc:xacml:interop:hl7:prd-003</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:oasis:names:tc:xacml:interop:hl7:prd-005</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:oasis:names:tc:xacml:interop:hl7:prd-006</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:oasis:names:tc:xacml:interop:hl7:prd-009</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:oasis:names:tc:xacml:interop:hl7:prd-010</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:oasis:names:tc:xacml:interop:hl7:prd-012</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:oasis:names:tc:xacml:interop:hl7:prd-017</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >Anthony Gurrola</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:interop:resource:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>CDA</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:interop:resource:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>N</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:interop:resource:consented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:interop:resource:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:oasis:names:tc:xacml:interop:resource:hl7-medical-record</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action/>
+ <Environment/>
+</Request>
Added: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/requests/rsaconf/XacmlRequest-02-01.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/requests/rsaconf/XacmlRequest-02-01.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/requests/rsaconf/XacmlRequest-02-01.xml 2008-03-18 15:57:38 UTC (rev 70949)
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation=" urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and N confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <Subject>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:oasis:names:tc:xacml:interop:role:physician</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >Anthony Gurrola</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:interop:resource:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>CDA</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:interop:resource:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>U</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:interop:resource:consented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:interop:resource:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:oasis:names:tc:xacml:interop:resource:hl7-medical-record</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action/>
+ <Environment/>
+</Request>
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/WebLayerDynamicPolicyUnitTestCase.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/WebLayerDynamicPolicyUnitTestCase.java 2008-03-18 14:50:14 UTC (rev 70948)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/WebLayerDynamicPolicyUnitTestCase.java 2008-03-18 15:57:38 UTC (rev 70949)
@@ -218,7 +218,7 @@
permitRuleApplyType.setFunctionId(XACMLConstants.FUNCTION_STRING_IS_IN);
SubjectAttributeDesignatorType sadt = PolicyAttributeFactory.createSubjectAttributeDesignatorType(
- XACMLConstants.ATTRIBUTEID_SUBJECT_ROLE, XMLSchemaConstants.DATATYPE_STRING);
+ XACMLConstants.ATTRIBUTEID_ROLE, XMLSchemaConstants.DATATYPE_STRING);
JAXBElement<SubjectAttributeDesignatorType> sadtElement = objectFactory.createSubjectAttributeDesignator(sadt);
AttributeValueType avt = PolicyAttributeFactory.createStringAttributeType("developer");
JAXBElement<AttributeValueType> jaxbAVT = objectFactory.createAttributeValue(avt);
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/WebPEP.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/WebPEP.java 2008-03-18 14:50:14 UTC (rev 70948)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/bindings/web/WebPEP.java 2008-03-18 15:57:38 UTC (rev 70949)
@@ -37,6 +37,7 @@
import org.jboss.security.xacml.factories.RequestAttributeFactory;
import org.jboss.security.xacml.factories.RequestResponseContextFactory;
import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
//$Id$
@@ -48,11 +49,6 @@
*/
public class WebPEP
{
- String ACTION_IDENTIFIER = "urn:oasis:names:tc:xacml:1.0:action:action-id";
- String CURRENT_TIME_IDENTIFIER = "urn:oasis:names:tc:xacml:1.0:environment:current-time";
- String RESOURCE_IDENTIFIER = "urn:oasis:names:tc:xacml:1.0:resource:resource-id";
- String SUBJECT_IDENTIFIER = "urn:oasis:names:tc:xacml:1.0:subject:subject-id";
- String SUBJECT_ROLE_IDENTIFIER = "urn:oasis:names:tc:xacml:2.0:subject:role";
public RequestContext createXACMLRequest(HttpServletRequest request,
Principal principal, Group roleGroup) throws Exception
@@ -62,30 +58,30 @@
//Create a subject type
SubjectType subject = new SubjectType();
subject.getAttribute().add(RequestAttributeFactory.createStringAttributeType(
- SUBJECT_IDENTIFIER, "jboss.org", principal.getName()));
+ XACMLConstants.ATTRIBUTEID_SUBJECT_ID, "jboss.org", principal.getName()));
Enumeration<Principal> roles = (Enumeration<Principal>) roleGroup.members();
while(roles.hasMoreElements())
{
Principal rolePrincipal = roles.nextElement();
AttributeType attSubjectID = RequestAttributeFactory.createStringAttributeType(
- SUBJECT_ROLE_IDENTIFIER, "jboss.org", rolePrincipal.getName());
+ XACMLConstants.ATTRIBUTEID_ROLE, "jboss.org", rolePrincipal.getName());
subject.getAttribute().add(attSubjectID);
}
//Create a resource type
ResourceType resourceType = new ResourceType();
resourceType.getAttribute().add(RequestAttributeFactory.createAnyURIAttributeType(
- RESOURCE_IDENTIFIER, null, new URI(request.getRequestURI())));
+ XACMLConstants.ATTRIBUTEID_RESOURCE_ID, null, new URI(request.getRequestURI())));
//Create an action type
ActionType actionType = new ActionType();
actionType.getAttribute().add(RequestAttributeFactory.createStringAttributeType(
- ACTION_IDENTIFIER, "jboss.org", "read"));
+ XACMLConstants.ATTRIBUTEID_ACTION_ID, "jboss.org", "read"));
//Create an Environment Type (Optional)
EnvironmentType environmentType = new EnvironmentType();
environmentType.getAttribute().add(RequestAttributeFactory.createDateTimeAttributeType(
- CURRENT_TIME_IDENTIFIER, null));
+ XACMLConstants.ATTRIBUTEID_CURRENT_TIME, null));
//Create a Request Type
RequestType requestType = new RequestType();
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/interop/rsaconf/RSAConferenceTestCase.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/interop/rsaconf/RSAConferenceTestCase.java (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/interop/rsaconf/RSAConferenceTestCase.java 2008-03-18 15:57:38 UTC (rev 70949)
@@ -0,0 +1,106 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.xacml.interop.rsaconf;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.xacml.interfaces.RequestContext;
+
+/**
+ * A RSAConferenceTestCase.
+ *
+ * @author Marcus Moyses
+ * @since Mar 18, 2008
+ */
+public class RSAConferenceTestCase extends TestCase
+{
+
+ public void testRequest1() throws Exception
+ {
+ Principal doctor = new Principal()
+ {
+ public String getName()
+ {
+ return "Dr. Alice";
+ }
+ };
+
+ List<String> permissions = new ArrayList<String>();
+ permissions.add("urn:oasis:names:tc:xacml:interop:hl7:prd-003");
+ permissions.add("urn:oasis:names:tc:xacml:interop:hl7:prd-005");
+ permissions.add("urn:oasis:names:tc:xacml:interop:hl7:prd-006");
+ permissions.add("urn:oasis:names:tc:xacml:interop:hl7:prd-009");
+ permissions.add("urn:oasis:names:tc:xacml:interop:hl7:prd-010");
+ permissions.add("urn:oasis:names:tc:xacml:interop:hl7:prd-012");
+ permissions.add("urn:oasis:names:tc:xacml:interop:hl7:prd-017");
+
+ String patient = "Anthony Gurrola";
+
+ List<String> confidentialityCodes = new ArrayList<String>();
+ confidentialityCodes.add("CDA");
+ confidentialityCodes.add("N");
+
+ List<String> consentedIds = new ArrayList<String>();
+ consentedIds.add("Dr. Alice");
+
+ String resourceType = "urn:oasis:names:tc:xacml:interop:resource:hl7-medical-record";
+
+ RequestContext request = Util.createRequestWithHL7Permissions(doctor, permissions, patient, confidentialityCodes,
+ consentedIds, resourceType);
+
+ request.marshall(System.out);
+ }
+
+ public void testRequest2() throws Exception
+ {
+ Principal doctor = new Principal()
+ {
+ public String getName()
+ {
+ return "Dr. Alice";
+ }
+ };
+
+ List<String> roles = new ArrayList<String>();
+ roles.add("urn:oasis:names:tc:xacml:interop:role:physician");
+
+ String patient = "Anthony Gurrola";
+
+ List<String> confidentialityCodes = new ArrayList<String>();
+ confidentialityCodes.add("CDA");
+ confidentialityCodes.add("U");
+
+ List<String> consentedIds = new ArrayList<String>();
+ consentedIds.add("Dr. Alice");
+
+ String resourceType = "urn:oasis:names:tc:xacml:interop:resource:hl7-medical-record";
+
+ RequestContext request = Util.createRequestWithNormalRoles(doctor, roles, patient, confidentialityCodes,
+ consentedIds, resourceType);
+
+ request.marshall(System.out);
+ }
+}
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/interop/rsaconf/Util.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/interop/rsaconf/Util.java (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/interop/rsaconf/Util.java 2008-03-18 15:57:38 UTC (rev 70949)
@@ -0,0 +1,210 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.xacml.interop.rsaconf;
+
+import java.io.IOException;
+import java.security.Principal;
+import java.util.List;
+
+import org.jboss.security.xacml.core.model.context.ActionType;
+import org.jboss.security.xacml.core.model.context.RequestType;
+import org.jboss.security.xacml.core.model.context.ResourceType;
+import org.jboss.security.xacml.core.model.context.SubjectType;
+import org.jboss.security.xacml.factories.RequestAttributeFactory;
+import org.jboss.security.xacml.factories.RequestResponseContextFactory;
+import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+
+/**
+ * Utility for creating requests for the RSA conference.
+ *
+ * @author Marcus Moyses
+ * @since Mar 17, 2008
+ */
+public class Util
+{
+
+ private static final String CONFIDENTIALITY_CODE = "urn:oasis:names:tc:xacml:interop:resource:confidentiality-code";
+
+ private static final String CONSENTED_SUBJECT_ID = "urn:oasis:names:tc:xacml:interop:resource:consented-subject-id";
+
+ private static final String RESOURCE_TYPE = "urn:oasis:names:tc:xacml:interop:resource:type";
+
+ /**
+ *
+ * Creates a request with the normal XACML concept of roles.
+ *
+ * @param principal <code>Principal</code> of the request. Will be the subject-id of the request.
+ * @param roles <code>List</code> of roles the subject has.
+ * @param resourceId Patient name. Will be the resource-id of the request.
+ * @param confidentialityCodes <code>List</code> of confidentiality codes set for the resource.
+ * @param consentedIds <code>List</code> of consented subject ids.
+ * @param resourceType The resource type.
+ *
+ * @return a <code>RequestContext</code> with the <code>RequestType</code> set.
+ */
+ public static RequestContext createRequestWithNormalRoles(Principal principal, List<String> roles,
+ String resourceId, List<String> confidentialityCodes, List<String> consentedIds, String resourceType)
+ {
+ RequestContext request = RequestResponseContextFactory.createRequestCtx();
+
+ RequestType requestType = createRequestType(principal, resourceId, confidentialityCodes, consentedIds,
+ resourceType);
+ addNormalRoles(roles, requestType);
+
+ try
+ {
+ request.setRequest(requestType);
+ }
+ catch (IOException e)
+ {
+ }
+
+ return request;
+ }
+
+ /**
+ *
+ * Creates a request with the HL7 permission concept of roles..
+ *
+ * @param principal <code>Principal</code> of the request. Will be the subject-id of the request.
+ * @param permissions <code>List</code> of permissions the subject has.
+ * @param resourceId Patient name. Will be the resource-id of the request.
+ * @param confidentialityCodes <code>List</code> of confidentiality codes set for the resource.
+ * @param consentedIds <code>List</code> of consented subject ids.
+ * @param resourceType The resource type.
+ *
+ * @return a <code>RequestContext</code> with the <code>RequestType</code> set.
+ */
+ public static RequestContext createRequestWithHL7Permissions(Principal principal, List<String> permissions,
+ String resourceId, List<String> confidentialityCodes, List<String> consentedIds, String resourceType)
+ {
+ RequestContext request = RequestResponseContextFactory.createRequestCtx();
+
+ RequestType requestType = createRequestType(principal, resourceId, confidentialityCodes, consentedIds,
+ resourceType);
+ addHL7Permissions(permissions, requestType);
+
+ try
+ {
+ request.setRequest(requestType);
+ }
+ catch (IOException e)
+ {
+ }
+
+ return request;
+ }
+
+ /**
+ *
+ * Creates the XACML representation of a request.
+ *
+ * @param principal <code>Principal</code> of the request. Will be the subject-id of the request.
+ * @param resourceId Patient name. Will be the resource-id of the request.
+ * @param confidentialityCodes <code>List</code> of confidentiality codes set for the resource.
+ * @param consentedIds <code>List</code> of consented subject ids.
+ * @param resourceType The resource type.
+ *
+ * @return a <code>RequestType</code> representing the XACML request.
+ */
+ public static RequestType createRequestType(Principal principal, String resourceId,
+ List<String> confidentialityCodes, List<String> consentedIds, String resourceType)
+ {
+ RequestType requestType = new RequestType();
+
+ //create the Subject of the request
+ SubjectType subject = new SubjectType();
+ subject.getAttribute().add(
+ RequestAttributeFactory.createStringAttributeType(XACMLConstants.ATTRIBUTEID_SUBJECT_ID, null, principal
+ .getName()));
+ requestType.getSubject().add(subject);
+
+ //create the Resource of the request
+ ResourceType resource = new ResourceType();
+ resource.getAttribute()
+ .add(
+ RequestAttributeFactory.createStringAttributeType(XACMLConstants.ATTRIBUTEID_RESOURCE_ID, null,
+ resourceId));
+ for (String confidentialityCode : confidentialityCodes)
+ {
+ resource.getAttribute().add(
+ RequestAttributeFactory.createStringAttributeType(CONFIDENTIALITY_CODE, null, confidentialityCode));
+ }
+ for (String consentedId : consentedIds)
+ {
+ resource.getAttribute().add(
+ RequestAttributeFactory.createStringAttributeType(CONSENTED_SUBJECT_ID, null, consentedId));
+ }
+ resource.getAttribute().add(RequestAttributeFactory.createStringAttributeType(RESOURCE_TYPE, null, resourceType));
+ requestType.getResource().add(resource);
+
+ //create the Action of the request - avoid NPE
+ requestType.setAction(new ActionType());
+
+ // requestType.setEnvironment(new EnvironmentType());
+
+ return requestType;
+ }
+
+ /**
+ *
+ * Adds normal XACML roles to the request's subject.
+ *
+ * @param roles <code>List</code> of roles the subject has.
+ * @param request a XACML request.
+ */
+ public static void addNormalRoles(List<String> roles, RequestType request)
+ {
+ SubjectType subject = request.getSubject().iterator().next();
+ if (subject != null)
+ {
+ for (String role : roles)
+ {
+ subject.getAttribute().add(
+ RequestAttributeFactory.createStringAttributeType(XACMLConstants.ATTRIBUTEID_ROLE, null, role));
+ }
+ }
+ }
+
+ /**
+ *
+ * Adds HL7 permissions to the request's subject.
+ *
+ * @param permissions <code>List</code> of permissions the subject has.
+ * @param request a XACML request.
+ */
+ public static void addHL7Permissions(List<String> permissions, RequestType request)
+ {
+ SubjectType subject = request.getSubject().iterator().next();
+ if (subject != null)
+ {
+ for (String permission : permissions)
+ {
+ subject.getAttribute().add(
+ RequestAttributeFactory.createStringAttributeType(XACMLConstants.ATTRIBUTEID_HL7_PERMISSION, null,
+ permission));
+ }
+ }
+ }
+
+}
More information about the jboss-cvs-commits
mailing list