[jboss-user] [Security & JAAS/JBoss] - ParsingException occurs while parsing sample xacml.xml

mcbeelen do-not-reply at jboss.com
Wed Jun 3 09:09:25 EDT 2009 

I'm getting started with working with XACML and I trying to work with JBoxx XACML for this. I found the "User Guide for JBoss XACML" and I'm working through it.

I'm trying to get a PolicyDecisionPoint


  | ClassLoader tcl = PolicyDecisionPointImpl.class.getClassLoader();
  | InputStream is = tcl.getResourceAsStream("myJBossXACMLConfig.xml");
  | PolicyDecisionPoint pdp = new JBossPDP(is);
  | 

My configuration file looks like this:

<?xml version="1.0" encoding="UTF-8"?>
  | <jbosspdp xmlns="urn:jboss:xacml:2.0">
  |  <Policies>
  |   <Policy>
  |    <Location>xacml-policy.xml</Location>
  |   </Policy>
  |  </Policies>
  |  <Locators>
  |   <Locator Name="org.jboss.security.xacml.locators.JBossPolicySetLocator" />
  |  </Locators>
  | </jbosspdp>

The xacml-policy.xml file is an exact copy of the sample provided in the developers-guide Chapter 4 Web Binding.

When I try to run my code to create the PDP an Exception is thrown:


  | Caused by: org.jboss.security.xacml.sunxacml.ParsingException: couldn't create http://www.w3.org/2001/XMLSchema#anyURI attribute based on DOM node
  | 	at org.jboss.security.xacml.sunxacml.attr.BaseAttributeFactory.createValue(BaseAttributeFactory.java:201)
  | 	at org.jboss.security.xacml.sunxacml.attr.BaseAttributeFactory.createValue(BaseAttributeFactory.java:157)
  | 	at org.jboss.security.xacml.sunxacml.TargetMatch.getInstance(TargetMatch.java:249)
  | 	at org.jboss.security.xacml.sunxacml.TargetMatchGroup.getInstance(TargetMatchGroup.java:111)
  | 	at org.jboss.security.xacml.sunxacml.TargetSection.getInstance(TargetSection.java:116)
  | 	at org.jboss.security.xacml.sunxacml.Target.getInstance(Target.java:185)
  | 	at org.jboss.security.xacml.sunxacml.AbstractPolicy.<init>(AbstractPolicy.java:273)
  | 	at org.jboss.security.xacml.sunxacml.Policy.<init>(Policy.java:305)
  | 	at org.jboss.security.xacml.sunxacml.Policy.getInstance(Policy.java:427)
  | 	at org.jboss.security.xacml.util.XACMLPolicyUtil.createPolicy(XACMLPolicyUtil.java:93)
  | 	at org.jboss.security.xacml.core.JBossXACMLPolicy.<init>(JBossXACMLPolicy.java:85)
  | 


I'm using 

  | <dependency>
  |   <groupId>org.jboss.security</groupId>
  |   <artifactId>jboss-xacml</artifactId>
  |   <version>2.0.3</version>
  | </dependency>
  | 

Does any body know what is going wrong and how I can fix it?
Any suggestions are kindly appreciated.

With kind regards,
    Marco Beelen
    Software developer @ IPROFS


Content of the policy file for completness


  | <?xml version="1.0" encoding="UTF-8"?>
  | <Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
  |  RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides"
  |  Version="2.0" PolicyId="ExamplePolicy">
  |  <Target>
  |   <Resources>
  |    <Resource>
  |     <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
  |      <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">
  |       http://test/developer-guide.html</AttributeValue>
  |      <ResourceAttributeDesignator
  |       DataType="http://www.w3.org/2001/XMLSchema#anyURI" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" />
  |     </ResourceMatch>
  |    </Resource>
  |   </Resources>
  |  </Target>
  |  <Rule Effect="Permit" RuleId="ReadRule">
  |   <Target>
  |    <Actions>
  |     <Action>
  |      <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
  |       <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
  |       <ActionAttributeDesignator
  |        DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" />
  |      </ActionMatch>
  |     </Action>
  |    </Actions>
  |   </Target>
  |   <Condition>
  |    <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
  |     <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">developer
  |     </AttributeValue>
  |     <SubjectAttributeDesignator
  |      DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" />
  |    </Apply>
  |   </Condition>
  |  </Rule>
  |  <!-- If none of the rules apply, deny the request -->
  |  <Rule Effect="Deny" RuleId="DenyRule" />
  | </Policy>
  | 










View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4234987#4234987

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4234987

More information about the jboss-user mailing list