[jboss-cvs] JBossAS SVN: r71282 - in projects/security/security-xacml/trunk/jboss-xacml/src: resources/test/policies/rsaconf and 2 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Mar 25 22:32:15 EDT 2008
Author: mmoyses
Date: 2008-03-25 22:32:15 -0400 (Tue, 25 Mar 2008)
New Revision: 71282
Modified:
projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/interfaces/XACMLConstants.java
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-01-top-level.xml
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02a-CDA.xml
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02b-N.xml
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02c-N-PermCollections.xml
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/requests/rsaconf/XacmlRequest-01-01.xml
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/requests/rsaconf/XacmlRequest-02-01.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/interop/rsaconf/RSAConferenceTestCase.java
projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/interop/rsaconf/Util.java
Log:
fixes for the new doc draft
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/interfaces/XACMLConstants.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/interfaces/XACMLConstants.java 2008-03-26 01:35:19 UTC (rev 71281)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/main/org/jboss/security/xacml/interfaces/XACMLConstants.java 2008-03-26 02:32:15 UTC (rev 71282)
@@ -73,7 +73,6 @@
String ATTRIBUTEID_INTERMEDIARY_SUBJECT = "urn:oasis:names:tc:xacml:1.0:subject-category:intermediary-subject";
String ATTRIBUTEID_RECIPIENT_SUBJECT = "urn:oasis:names:tc:xacml:1.0:subject-category:recipient-subject";
String ATTRIBUTEID_REQUESTING_MACHINE = "urn:oasis:names:tc:xacml:1.0:subject-category:requesting-machine";
- String ATTRIBUTEID_HL7_PERMISSION = "urn:oasis:names:tc:xacml:2.0:subject:hl7:permission";
//Begin Functions
//Equal
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-01-top-level.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-01-top-level.xml 2008-03-26 01:35:19 UTC (rev 71281)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-01-top-level.xml 2008-03-26 02:32:15 UTC (rev 71282)
@@ -25,7 +25,7 @@
>UBA</AttributeValue>
<ResourceAttributeDesignator
AttributeId=
- "urn:xacml:2.0:interop:example:resource:confidentiality-code"
+ "urn:xacml:2.0:interop:example:resource:hl7:confidentiality-code"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</ResourceMatch>
</Resource>
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02a-CDA.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02a-CDA.xml 2008-03-26 01:35:19 UTC (rev 71281)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02a-CDA.xml 2008-03-26 02:32:15 UTC (rev 71282)
@@ -4,7 +4,7 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
- PolicySetId="urn:oasis:names:tc:xacml:interop:policysetid:CDA"
+ PolicySetId="urn:xacml:2.0:interop:example:policysetid:CDA"
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
<Description>
@@ -12,12 +12,12 @@
</Description>
<Target/>
<Policy
- PolicyId="urn:oasis:names:tc:xacml:interop:policyid:CDA:"
+ PolicyId="urn:oasis:names:tc:xacml:interop:policyid:CDA"
RuleCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
<Target/>
<Rule
- RuleId="urn:oasis:names:tc:xacml:interop:rule::CDA:1"
+ RuleId="urn:oasis:names:tc:xacml:interop:rule:CDA:1"
Effect="Permit">
<Description>
If the access subject is one of those users which have been
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02b-N.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02b-N.xml 2008-03-26 01:35:19 UTC (rev 71281)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02b-N.xml 2008-03-26 02:32:15 UTC (rev 71282)
@@ -21,13 +21,13 @@
<Subjects>
<Subject>
<SubjectMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#anyURI"
+ DataType="http://www.w3.org/2001/XMLSchema#string"
>urn:xacml:2.0:interop:example:role:hl7:physician</AttributeValue>
<SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
- DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch>
</Subject>
</Subjects>
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02c-N-PermCollections.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02c-N-PermCollections.xml 2008-03-26 01:35:19 UTC (rev 71281)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02c-N-PermCollections.xml 2008-03-26 02:32:15 UTC (rev 71282)
@@ -21,67 +21,67 @@
<Subjects>
<Subject>
<SubjectMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#anyURI"
+ DataType="http://www.w3.org/2001/XMLSchema#string"
>urn:xacml:2.0:interop:example:hl7:prd-003</AttributeValue>
<SubjectAttributeDesignator
AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"
- DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch>
<SubjectMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#anyURI"
+ DataType="http://www.w3.org/2001/XMLSchema#string"
>urn:xacml:2.0:interop:example:hl7:prd-005</AttributeValue>
<SubjectAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
- DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
+ AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch>
<SubjectMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#anyURI"
+ DataType="http://www.w3.org/2001/XMLSchema#string"
>urn:xacml:2.0:interop:example:hl7:prd-006</AttributeValue>
<SubjectAttributeDesignator
AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"
- DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch>
<SubjectMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#anyURI"
+ DataType="http://www.w3.org/2001/XMLSchema#string"
>urn:xacml:2.0:interop:example:hl7:prd-009</AttributeValue>
<SubjectAttributeDesignator
AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"
- DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch>
<SubjectMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#anyURI"
+ DataType="http://www.w3.org/2001/XMLSchema#string"
>urn:xacml:2.0:interop:example:hl7:prd-010</AttributeValue>
<SubjectAttributeDesignator
AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"
- DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch>
<SubjectMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#anyURI"
+ DataType="http://www.w3.org/2001/XMLSchema#string"
>urn:xacml:2.0:interop:example:hl7:prd-012</AttributeValue>
<SubjectAttributeDesignator
AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"
- DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch>
<SubjectMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#anyURI"
+ DataType="http://www.w3.org/2001/XMLSchema#string"
>urn:xacml:2.0:interop:example:hl7:prd-017</AttributeValue>
<SubjectAttributeDesignator
AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"
- DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch>
</Subject>
</Subjects>
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml 2008-03-26 01:35:19 UTC (rev 71281)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml 2008-03-26 02:32:15 UTC (rev 71282)
@@ -20,13 +20,13 @@
<Resources>
<Resource>
<ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#anyURI"
+ DataType="http://www.w3.org/2001/XMLSchema#string"
>urn:xacml:2.0:interop:example:resource:hl7:medical-record</AttributeValue>
<ResourceAttributeDesignator
AttributeId="urn:xacml:2.0:interop:example:resource:type"
- DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
</ResourceMatch>
</Resource>
</Resources>
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/requests/rsaconf/XacmlRequest-01-01.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/requests/rsaconf/XacmlRequest-01-01.xml 2008-03-26 01:35:19 UTC (rev 71281)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/requests/rsaconf/XacmlRequest-01-01.xml 2008-03-26 02:32:15 UTC (rev 71282)
@@ -2,7 +2,7 @@
<Request
xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation=" urn:oasis:names:tc:xacml:2.0:context:schema:os
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
<!-- Sample request. In this case a physician is trying to access -->
<!-- The medical record of a patient. The record has been marked -->
@@ -15,75 +15,49 @@
<AttributeValue>Dr. Alice</AttributeValue>
</Attribute>
<Attribute
- AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
+ AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#string">
- <AttributeValue
- >urn:oasis:names:tc:xacml:interop:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:xacml:2.0:interop:example:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:xacml:2.0:interop:example:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:xacml:2.0:interop:example:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:xacml:2.0:interop:example:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:xacml:2.0:interop:example:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:xacml:2.0:interop:example:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:xacml:2.0:interop:example:hl7:prd-017</AttributeValue>
</Attribute>
- <Attribute
- AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
- DataType="http://www.w3.org/2001/XMLSchema#string">
- <AttributeValue
- >urn:oasis:names:tc:xacml:interop:hl7:prd-005</AttributeValue>
- </Attribute>
- <Attribute
- AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
- DataType="http://www.w3.org/2001/XMLSchema#string">
- <AttributeValue
- >urn:oasis:names:tc:xacml:interop:hl7:prd-006</AttributeValue>
- </Attribute>
- <Attribute
- AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
- DataType="http://www.w3.org/2001/XMLSchema#string">
- <AttributeValue
- >urn:oasis:names:tc:xacml:interop:hl7:prd-009</AttributeValue>
- </Attribute>
- <Attribute
- AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
- DataType="http://www.w3.org/2001/XMLSchema#string">
- <AttributeValue
- >urn:oasis:names:tc:xacml:interop:hl7:prd-010</AttributeValue>
- </Attribute>
- <Attribute
- AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
- DataType="http://www.w3.org/2001/XMLSchema#string">
- <AttributeValue
- >urn:oasis:names:tc:xacml:interop:hl7:prd-012</AttributeValue>
- </Attribute>
- <Attribute
- AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
- DataType="http://www.w3.org/2001/XMLSchema#string">
- <AttributeValue
- >urn:oasis:names:tc:xacml:interop:hl7:prd-017</AttributeValue>
- </Attribute>
</Subject>
<Resource>
<Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
DataType="http://www.w3.org/2001/XMLSchema#string">
- <AttributeValue
- >Anthony Gurrola</AttributeValue>
+ <AttributeValue>Anthony Gurrola</AttributeValue>
</Attribute>
+ <Attribute
+ AttributeId="urn:xacml:2.0:interop:example:resource:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:xacml:2.0:interop:example:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:xacml:2.0:interop:example:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:xacml:2.0:interop:example:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:xacml:2.0:interop:example:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:xacml:2.0:interop:example:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:xacml:2.0:interop:example:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:xacml:2.0:interop:example:hl7:prd-017</AttributeValue>
+ </Attribute>
<Attribute
- AttributeId="urn:oasis:names:tc:xacml:interop:resource:confidentiality-code"
+ AttributeId="urn:xacml:2.0:interop:example:resource:hl7:confidentiality-code"
DataType="http://www.w3.org/2001/XMLSchema#string">
- <AttributeValue>CDA</AttributeValue>
+ <AttributeValue>UBA</AttributeValue>
</Attribute>
<Attribute
- AttributeId="urn:oasis:names:tc:xacml:interop:resource:confidentiality-code"
+ AttributeId="urn:xacml:2.0:interop:example:resource:hl7:dissented-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string">
- <AttributeValue>N</AttributeValue>
- </Attribute>
- <Attribute
- AttributeId="urn:oasis:names:tc:xacml:interop:resource:consented-subject-id"
- DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>Dr. Alice</AttributeValue>
</Attribute>
<Attribute
- AttributeId="urn:oasis:names:tc:xacml:interop:resource:type"
+ AttributeId="urn:xacml:2.0:interop:example:resource:type"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue
- >urn:oasis:names:tc:xacml:interop:resource:hl7-medical-record</AttributeValue>
+ >urn:xacml:2.0:interop:example:resource:hl7:medical-record</AttributeValue>
</Attribute>
</Resource>
<Action/>
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/requests/rsaconf/XacmlRequest-02-01.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/requests/rsaconf/XacmlRequest-02-01.xml 2008-03-26 01:35:19 UTC (rev 71281)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/requests/rsaconf/XacmlRequest-02-01.xml 2008-03-26 02:32:15 UTC (rev 71282)
@@ -2,11 +2,11 @@
<Request
xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation=" urn:oasis:names:tc:xacml:2.0:context:schema:os
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
<!-- Sample request. In this case a physician is trying to access -->
<!-- The medical record of a patient. The record has been marked -->
- <!-- with both the CDA and N confidentiality codes and -->
+ <!-- with both the CDA and U confidentiality codes and -->
<!-- there is a registered consent for the record. -->
<Subject>
<Attribute
@@ -17,8 +17,7 @@
<Attribute
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
DataType="http://www.w3.org/2001/XMLSchema#string">
- <AttributeValue
- >urn:oasis:names:tc:xacml:interop:role:physician</AttributeValue>
+ <AttributeValue>urn:xacml:2.0:interop:example:role:hl7:physician</AttributeValue>
</Attribute>
</Subject>
<Resource>
@@ -29,25 +28,20 @@
>Anthony Gurrola</AttributeValue>
</Attribute>
<Attribute
- AttributeId="urn:oasis:names:tc:xacml:interop:resource:confidentiality-code"
- DataType="http://www.w3.org/2001/XMLSchema#string">
- <AttributeValue>CDA</AttributeValue>
- </Attribute>
- <Attribute
- AttributeId="urn:oasis:names:tc:xacml:interop:resource:confidentiality-code"
+ AttributeId="urn:xacml:2.0:interop:example:resource:hl7:confidentiality-code"
DataType="http://www.w3.org/2001/XMLSchema#string">
- <AttributeValue>U</AttributeValue>
+ <AttributeValue>UBA</AttributeValue>
</Attribute>
<Attribute
- AttributeId="urn:oasis:names:tc:xacml:interop:resource:consented-subject-id"
+ AttributeId="urn:xacml:2.0:interop:example:resource:hl7:dissented-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>Dr. Alice</AttributeValue>
</Attribute>
<Attribute
- AttributeId="urn:oasis:names:tc:xacml:interop:resource:type"
+ AttributeId="urn:xacml:2.0:interop:example:resource:type"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue
- >urn:oasis:names:tc:xacml:interop:resource:hl7-medical-record</AttributeValue>
+ >urn:xacml:2.0:interop:example:resource:hl7:medical-record</AttributeValue>
</Attribute>
</Resource>
<Action/>
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/interop/rsaconf/RSAConferenceTestCase.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/interop/rsaconf/RSAConferenceTestCase.java 2008-03-26 01:35:19 UTC (rev 71281)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/interop/rsaconf/RSAConferenceTestCase.java 2008-03-26 02:32:15 UTC (rev 71282)
@@ -73,10 +73,18 @@
String resourceType = Util.MEDICAL_RECORD;
- RequestContext request = Util.createRequestWithHL7Permissions(doctor, permissions,
- patient, confidentialityCodes,
- consentedIds, resourceType);
+ List<String> resourcePermissions = new ArrayList<String>();
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-003");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-005");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-006");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-009");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-010");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-012");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-017");
+ RequestContext request = Util.createRequestWithHL7Permissions(doctor, permissions, patient,
+ confidentialityCodes, consentedIds, resourceType, resourcePermissions);
+
request.marshall(System.out);
}
@@ -104,10 +112,18 @@
String resourceType = Util.MEDICAL_RECORD;
- RequestContext request = Util.createRequestWithNormalRoles(doctor, roles,
- patient, confidentialityCodes,
- consentedIds, resourceType);
+ List<String> resourcePermissions = new ArrayList<String>();
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-003");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-005");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-006");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-009");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-010");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-012");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-017");
+ RequestContext request = Util.createRequestWithNormalRoles(doctor, roles, patient,
+ confidentialityCodes, consentedIds, resourceType, resourcePermissions);
+
request.marshall(System.out);
}
@@ -136,23 +152,30 @@
String patient = "Anthony Gurrola";
List<String> confidentialityCodes = new ArrayList<String>();
- confidentialityCodes.add("CDA");
- confidentialityCodes.add("N");
+ confidentialityCodes.add("UBA");
List<String> consentedIds = new ArrayList<String>();
consentedIds.add("Dr. Alice");
- String resourceType = "urn:oasis:names:tc:xacml:interop:resource:medical-record";
+ String resourceType = Util.MEDICAL_RECORD;
- RequestContext request = Util.createRequestWithHL7Permissions(doctor, permissions,
- patient, confidentialityCodes,
- consentedIds, resourceType);
+ List<String> resourcePermissions = new ArrayList<String>();
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-003");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-005");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-006");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-009");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-010");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-012");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-017");
- assertEquals("Permit?", XACMLConstants.DECISION_PERMIT,
- XACMLTestUtil.getDecision(pdp, request));
+ RequestContext request = Util.createRequestWithHL7Permissions(doctor, permissions, patient,
+ confidentialityCodes, consentedIds, resourceType, resourcePermissions);
+
+ assertEquals("Permit?", XACMLConstants.DECISION_PERMIT, XACMLTestUtil.getDecision(pdp,
+ request));
}
- public void testUseCase1_2() throws Exception
+ public void atestUseCase1_2() throws Exception
{
PolicyDecisionPoint pdp = getPDP();
assertNotNull("JBossPDP is != null", pdp);
@@ -178,13 +201,107 @@
String resourceType = Util.MEDICAL_RECORD;
- RequestContext request = Util.createRequestWithHL7Permissions(doctor, permissions,
- patient, confidentialityCodes,
- consentedIds, resourceType);
+ List<String> resourcePermissions = new ArrayList<String>();
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-003");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-005");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-006");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-009");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-010");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-012");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-017");
+ RequestContext request = Util.createRequestWithHL7Permissions(doctor, permissions, patient,
+ confidentialityCodes, consentedIds, resourceType, resourcePermissions);
+
assertEquals("Deny?", XACMLConstants.DECISION_DENY, XACMLTestUtil.getDecision(pdp, request));
}
+ public void atestUseCase1_3() throws Exception
+ {
+ PolicyDecisionPoint pdp = getPDP();
+ assertNotNull("JBossPDP is != null", pdp);
+
+ Principal doctor = new Principal()
+ {
+ public String getName()
+ {
+ return "Dr. Alice";
+ }
+ };
+
+ List<String> roles = new ArrayList<String>();
+ roles.add(Util.PHYSICIAN);
+
+ String patient = "Anthony Gurrola";
+
+ List<String> confidentialityCodes = new ArrayList<String>();
+ confidentialityCodes.add("UBA");
+ confidentialityCodes.add("MA");
+
+ List<String> consentedIds = new ArrayList<String>();
+ consentedIds.add("Dr. Alice");
+
+ String resourceType = Util.MEDICAL_RECORD;
+
+ List<String> resourcePermissions = new ArrayList<String>();
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-003");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-005");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-006");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-009");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-010");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-012");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-017");
+
+ RequestContext request = Util.createRequestWithNormalRoles(doctor, roles, patient,
+ confidentialityCodes, consentedIds, resourceType, resourcePermissions);
+
+ assertEquals("Permit?", XACMLConstants.DECISION_PERMIT, XACMLTestUtil.getDecision(pdp,
+ request));
+ }
+
+ public void atestUseCase1_4() throws Exception
+ {
+ PolicyDecisionPoint pdp = getPDP();
+ assertNotNull("JBossPDP is != null", pdp);
+
+ Principal doctor = new Principal()
+ {
+ public String getName()
+ {
+ return "Dr. Alice";
+ }
+ };
+
+ List<String> roles = new ArrayList<String>();
+ roles.add("lala");
+
+ String patient = "Anthony Gurrola";
+
+ List<String> confidentialityCodes = new ArrayList<String>();
+ confidentialityCodes.add("UBA");
+ confidentialityCodes.add("MA");
+
+ List<String> consentedIds = new ArrayList<String>();
+ consentedIds.add("Dr. Alice");
+
+ String resourceType = Util.MEDICAL_RECORD;
+
+ List<String> resourcePermissions = new ArrayList<String>();
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-003");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-005");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-006");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-009");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-010");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-012");
+ resourcePermissions.add(Util.PERMISSION_BASE + "prd-017");
+
+ RequestContext request = Util.createRequestWithNormalRoles(doctor, roles, patient,
+ confidentialityCodes, consentedIds, resourceType, resourcePermissions);
+
+ assertEquals("Permit?", XACMLConstants.DECISION_PERMIT, XACMLTestUtil.getDecision(pdp,
+ request));
+ }
+
private PolicyDecisionPoint getPDP()
{
ClassLoader tcl = Thread.currentThread().getContextClassLoader();
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/interop/rsaconf/Util.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/interop/rsaconf/Util.java 2008-03-26 01:35:19 UTC (rev 71281)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/org/jboss/test/security/xacml/interop/rsaconf/Util.java 2008-03-26 02:32:15 UTC (rev 71282)
@@ -46,12 +46,18 @@
private static final String CONSENTED_SUBJECT_ID = "urn:oasis:names:tc:xacml:interop:resource:consented-subject-id";
- private static final String RESOURCE_TYPE = "urn:oasis:names:tc:xacml:interop:resource:type";
-
+ private static final String DISSENTED_SUBJECT_ID = "urn:xacml:2.0:interop:example:resource:hl7:dissented-subject-id";
+
+ private static final String HL7_SUBJECT_PERMISSION = "urn:xacml:2.0:interop:example:subject:hl7:permission";
+
+ private static final String HL7_RESOURCE_PERMISSION = "urn:xacml:2.0:interop:example:resource:hl7:permission";
+
+ private static final String RESOURCE_TYPE = "urn:xacml:2.0:interop:example:resource:type";
+
public static final String PERMISSION_BASE = "urn:xacml:2.0:interop:example:hl7:";
-
+
public static final String PHYSICIAN = "urn:xacml:2.0:interop:example:role:hl7:physician";
-
+
public static final String MEDICAL_RECORD = "urn:xacml:2.0:interop:example:resource:hl7:medical-record";
//Enable for request trace
@@ -67,16 +73,18 @@
* @param confidentialityCodes <code>List</code> of confidentiality codes set for the resource.
* @param consentedIds <code>List</code> of consented subject ids.
* @param resourceType The resource type.
+ * @param resourcePermissions <code>List</code> of permissions required for the resource.
*
* @return a <code>RequestContext</code> with the <code>RequestType</code> set.
*/
- public static RequestContext createRequestWithNormalRoles(Principal principal, List<String> roles,
- String resourceId, List<String> confidentialityCodes, List<String> consentedIds, String resourceType)
+ public static RequestContext createRequestWithNormalRoles(Principal principal,
+ List<String> roles, String resourceId, List<String> confidentialityCodes,
+ List<String> consentedIds, String resourceType, List<String> resourcePermissions)
{
RequestContext request = RequestResponseContextFactory.createRequestCtx();
- RequestType requestType = createRequestType(principal, resourceId, confidentialityCodes, consentedIds,
- resourceType);
+ RequestType requestType = createRequestType(principal, resourceId, confidentialityCodes,
+ consentedIds, resourceType, resourcePermissions);
addNormalRoles(roles, requestType);
try
@@ -102,16 +110,18 @@
* @param confidentialityCodes <code>List</code> of confidentiality codes set for the resource.
* @param consentedIds <code>List</code> of consented subject ids.
* @param resourceType The resource type.
+ * @param resourcePermissions <code>List</code> of permissions required for the resource.
*
* @return a <code>RequestContext</code> with the <code>RequestType</code> set.
*/
- public static RequestContext createRequestWithHL7Permissions(Principal principal, List<String> permissions,
- String resourceId, List<String> confidentialityCodes, List<String> consentedIds, String resourceType)
+ public static RequestContext createRequestWithHL7Permissions(Principal principal,
+ List<String> permissions, String resourceId, List<String> confidentialityCodes,
+ List<String> consentedIds, String resourceType, List<String> resourcePermissions)
{
RequestContext request = RequestResponseContextFactory.createRequestCtx();
- RequestType requestType = createRequestType(principal, resourceId, confidentialityCodes, consentedIds,
- resourceType);
+ RequestType requestType = createRequestType(principal, resourceId, confidentialityCodes,
+ consentedIds, resourceType, resourcePermissions);
addHL7Permissions(permissions, requestType);
try
@@ -136,45 +146,53 @@
* @param confidentialityCodes <code>List</code> of confidentiality codes set for the resource.
* @param consentedIds <code>List</code> of consented subject ids.
* @param resourceType The resource type.
+ * @param resourcePermissions <code>List</code> of permissions required for the resource.
*
* @return a <code>RequestType</code> representing the XACML request.
*/
public static RequestType createRequestType(Principal principal, String resourceId,
- List<String> confidentialityCodes, List<String> consentedIds, String resourceType)
+ List<String> confidentialityCodes, List<String> consentedIds, String resourceType,
+ List<String> resourcePermissions)
{
RequestType requestType = new RequestType();
//create the Subject of the request
SubjectType subject = new SubjectType();
subject.getAttribute().add(
- RequestAttributeFactory.createStringAttributeType(XACMLConstants.ATTRIBUTEID_SUBJECT_ID, null, principal
- .getName()));
+ RequestAttributeFactory.createStringAttributeType(
+ XACMLConstants.ATTRIBUTEID_SUBJECT_ID, null, principal.getName()));
requestType.getSubject().add(subject);
//create the Resource of the request
ResourceType resource = new ResourceType();
- resource.getAttribute()
- .add(
- RequestAttributeFactory.createStringAttributeType(XACMLConstants.ATTRIBUTEID_RESOURCE_ID, null,
- resourceId));
+ resource.getAttribute().add(
+ RequestAttributeFactory.createStringAttributeType(
+ XACMLConstants.ATTRIBUTEID_RESOURCE_ID, null, resourceId));
for (String confidentialityCode : confidentialityCodes)
{
resource.getAttribute().add(
- RequestAttributeFactory.createStringAttributeType(CONFIDENTIALITY_CODE, null, confidentialityCode));
+ RequestAttributeFactory.createStringAttributeType(CONFIDENTIALITY_CODE, null,
+ confidentialityCode));
}
for (String consentedId : consentedIds)
{
resource.getAttribute().add(
- RequestAttributeFactory.createStringAttributeType(CONSENTED_SUBJECT_ID, null, consentedId));
+ RequestAttributeFactory.createStringAttributeType(CONSENTED_SUBJECT_ID, null,
+ consentedId));
}
- resource.getAttribute().add(RequestAttributeFactory.createStringAttributeType(RESOURCE_TYPE, null, resourceType));
+ resource.getAttribute().add(
+ RequestAttributeFactory.createStringAttributeType(RESOURCE_TYPE, null, resourceType));
+ for (String resourcePermission : resourcePermissions)
+ {
+ resource.getAttribute().add(
+ RequestAttributeFactory.createStringAttributeType(HL7_RESOURCE_PERMISSION, null,
+ resourcePermission));
+ }
requestType.getResource().add(resource);
//create the Action of the request - avoid NPE
requestType.setAction(new ActionType());
- // requestType.setEnvironment(new EnvironmentType());
-
return requestType;
}
@@ -193,7 +211,8 @@
for (String role : roles)
{
subject.getAttribute().add(
- RequestAttributeFactory.createStringAttributeType(XACMLConstants.ATTRIBUTEID_ROLE, null, role));
+ RequestAttributeFactory.createStringAttributeType(
+ XACMLConstants.ATTRIBUTEID_ROLE, null, role));
}
}
}
@@ -213,7 +232,7 @@
for (String permission : permissions)
{
subject.getAttribute().add(
- RequestAttributeFactory.createStringAttributeType(XACMLConstants.ATTRIBUTEID_HL7_PERMISSION, null,
+ RequestAttributeFactory.createStringAttributeType(HL7_SUBJECT_PERMISSION, null,
permission));
}
}
More information about the jboss-cvs-commits
mailing list