Commit 2b8d2dad authored by cdanger's avatar cdanger

- Fixed #43

- Upgraded authzforce-ce-core-pdp-api version to 16.1.0 adding
PolicyProvider#getCandidateRootPolicy() interface
- Changed PDP config XSD
	- Simplified versioning (version="7.1" and remove minor version from
namespace)
	- 'rootPolicyRef' no longer mandatory. If not specified,
PolicyProvider#getCandidateRootPolicy() on the 'policyProvider' is used
to specify the root policy
- Added CoreStaticPolicyProvider#getCandidateRootPolicy() to implement
PolicyProvider#getCandidateRootPolicy()
parent 4e70b278
......@@ -5,6 +5,18 @@ All notable changes to this project are documented in this file following the [K
- Issues reported on [GitHub](https://github.com/authzforce/core/issues) are referenced in the form of `[GH-N]`, where N is the issue number.
- Issues reported on [OW2's GitLab](https://gitlab.ow2.org/authzforce/core/issues) are referenced in the form of `[GL-N]`, where N is the issue number.
## Unreleased (15.0.0)
** XML namespaces in PDP configuration files must be updated according to [migration guide](MIGRATION.md).**
### Changed
- Upgraded authzforce-ce-core-pdp-api to v16.1.0 (`PolicyProvider` interface defines new method (with default implementation): `getCandidateRootPolicy()`)
- [GH-43]: PDP configuration has been simplified: 'rootPolicyRef' made optional (if undefined, the PDP gets the root policy via the PolicyProvider's new method `getCandidateRootPolicy()` as aforementioned.)
- PDP configuration XSD versioning has been simplified:
- Simplified namespace (removed minor version) to `http://authzforce.github.io/core/xmlns/pdp/7`
- Schema version set to `7.1` (removed patch version).
## 14.0.1
### Fixed
- [GH-42]: Incorrectly formed JSON responses when StatusCode is other than "ok"
......
......@@ -151,11 +151,10 @@ Then instantiate a PDP engine configuration with method [PdpEngineConfiguration#
```xml
<?xml version="1.0" encoding="UTF-8"?>
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7.0" version="7.0.0">
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7">
<policyProvider id="policyProvider" xsi:type="StaticPolicyProvider">
<policyLocation>${PARENT_DIR}/policy.xml</policyLocation>
</policyProvider>
<rootPolicyRef>root</rootPolicyRef>
</pdp>
```
This is a basic PDP configuration with basic settings and the root policy (XACML 3.0 Policy document) loaded from a file `policy.xml` located in the same directory as this PDP configuration file (see previous paragraph for an example of policy).
......
<?xml version="1.0" encoding="UTF-8"?>
<pdp
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://authzforce.github.io/core/xmlns/pdp/7.0"
version="7.0.0">
xmlns="http://authzforce.github.io/core/xmlns/pdp/7"
version="7.1">
<policyProvider
id="rootPolicyProvider"
xsi:type="StaticPolicyProvider">
......
......@@ -56,6 +56,7 @@ import org.ow2.authzforce.core.pdp.api.func.Function;
import org.ow2.authzforce.core.pdp.api.io.XacmlJaxbParsingUtils;
import org.ow2.authzforce.core.pdp.api.policy.CloseablePolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.PolicyVersionPatterns;
import org.ow2.authzforce.core.pdp.api.policy.PrimaryPolicyMetadata;
import org.ow2.authzforce.core.pdp.api.policy.TopLevelPolicyElementType;
import org.ow2.authzforce.core.pdp.api.value.AttributeValueFactory;
import org.ow2.authzforce.core.pdp.api.value.AttributeValueFactoryRegistry;
......@@ -91,6 +92,9 @@ import com.google.common.collect.ImmutableMap;
*/
public final class PdpEngineConfiguration
{
private static final IllegalArgumentException ILLEGAL_ROOT_POLICY_REF_CONFIG_EXCEPTION = new IllegalArgumentException(
"Configuration parameter 'rootPolicyRef' is undefined and 'policyProvider' does not provide any candidate root policy. Please define 'rootPolicyRef' parameter or modify the Policy Provider to return a candidate root policy.");
private static final IllegalArgumentException NULL_REQPREPROC_EXCEPTION = new IllegalArgumentException(
"Undefined request preprocessor ('requestPreproc' element) in I/O processing chain ('ioProcChain' element)");
......@@ -374,14 +378,31 @@ public final class PdpEngineConfiguration
final TopLevelPolicyElementRef rootPolicyRef = pdpJaxbConf.getRootPolicyRef();
/*
* PDP XSD assumed to ensure rootPolicyRef is defined
* If rootPolicyRef is undefined, we expect the Policy Provider to provide one and only once static policy, the one to be used as root policy.
*/
assert rootPolicyRef != null;
final Boolean mustBePolicySet = rootPolicyRef.isPolicySet();
this.rootPolicyElementType = mustBePolicySet == null ? Optional.empty()
: mustBePolicySet.booleanValue() ? Optional.of(TopLevelPolicyElementType.POLICY_SET) : Optional.of(TopLevelPolicyElementType.POLICY);
this.rootPolicyId = rootPolicyRef.getValue();
this.rootPolicyVersionPatterns = Optional.ofNullable(new PolicyVersionPatterns(rootPolicyRef.getVersion(), null, null));
if (rootPolicyRef == null)
{
LOGGER.debug("'rootPolicyRef' configuration parameter undefined. Getting root policy reference from 'policyProvider': {}", policyProvider);
final Optional<PrimaryPolicyMetadata> candidateRootPolicyMeta = policyProvider.getCandidateRootPolicy();
if (!candidateRootPolicyMeta.isPresent())
{
throw ILLEGAL_ROOT_POLICY_REF_CONFIG_EXCEPTION;
}
final PrimaryPolicyMetadata nonNullCandidateRootPolicyRef = candidateRootPolicyMeta.get();
LOGGER.info("'rootPolicyRef' undefined in PDP configuration -> setting root policy to the one candidate returned by the PolicyProvider: {}", nonNullCandidateRootPolicyRef);
this.rootPolicyElementType = Optional.of(nonNullCandidateRootPolicyRef.getType());
this.rootPolicyId = nonNullCandidateRootPolicyRef.getId();
this.rootPolicyVersionPatterns = Optional.of(new PolicyVersionPatterns(nonNullCandidateRootPolicyRef.getVersion().toString(), null, null));
}
else
{
final Boolean mustBePolicySet = rootPolicyRef.isPolicySet();
this.rootPolicyElementType = mustBePolicySet == null ? Optional.empty()
: mustBePolicySet.booleanValue() ? Optional.of(TopLevelPolicyElementType.POLICY_SET) : Optional.of(TopLevelPolicyElementType.POLICY);
this.rootPolicyId = rootPolicyRef.getValue();
this.rootPolicyVersionPatterns = Optional.ofNullable(new PolicyVersionPatterns(rootPolicyRef.getVersion(), null, null));
}
// Decision cache
final AbstractDecisionCache decisionCacheJaxbConf = pdpJaxbConf.getDecisionCache();
......
......@@ -28,6 +28,7 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Deque;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
......@@ -44,12 +45,15 @@ import org.ow2.authzforce.core.pdp.api.XmlUtils.XmlnsFilteringParser;
import org.ow2.authzforce.core.pdp.api.XmlUtils.XmlnsFilteringParserFactory;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry;
import org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory;
import org.ow2.authzforce.core.pdp.api.policy.BasePrimaryPolicyMetadata;
import org.ow2.authzforce.core.pdp.api.policy.BaseStaticPolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.CloseablePolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.PolicyRefsMetadata;
import org.ow2.authzforce.core.pdp.api.policy.PolicyVersion;
import org.ow2.authzforce.core.pdp.api.policy.PolicyVersionPatterns;
import org.ow2.authzforce.core.pdp.api.policy.PrimaryPolicyMetadata;
import org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator;
import org.ow2.authzforce.core.pdp.api.policy.TopLevelPolicyElementType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.ResourceUtils;
......@@ -716,6 +720,73 @@ public class CoreStaticPolicyProvider extends BaseStaticPolicyProvider
return policy;
}
/**
* Returns the latest version of the policy if there is only one in #{@code policyMap}; else null.
*/
private static final <P> PrimaryPolicyMetadata getCandidateRootPolicy(final TopLevelPolicyElementType policyElementType, final PolicyMap<P> policyMap)
{
final Iterator<Entry<String, PolicyVersions<P>>> policyEvaluatorsIt = policyMap.entrySet().iterator();
if (!policyEvaluatorsIt.hasNext())
{
/*
* No policy
*/
return null;
}
/*
* There is at least one policy
*/
final Entry<String, PolicyVersions<P>> firstPolicyEvaluatorEntry = policyEvaluatorsIt.next();
/*
* If there is only one policy, it is the candidate root policy; else we don't know which one so return none.
*/
if (policyEvaluatorsIt.hasNext())
{
return null;
}
/*
* There is only one policy, use latest version as candidate root policy
*/
final Entry<PolicyVersion, P> latestPolicyVersion = firstPolicyEvaluatorEntry.getValue().getLatest(Optional.empty());
assert latestPolicyVersion != null;
final BasePrimaryPolicyMetadata candidateRootPolicyMeta = new BasePrimaryPolicyMetadata(policyElementType, firstPolicyEvaluatorEntry.getKey(), latestPolicyVersion.getKey());
return candidateRootPolicyMeta;
}
/**
* Returns the candidate root policy which is in this case determined as follows: if there is one and only one Policy provided, return the latest version of this Policy; else if there is one and
* only one PolicySet, return the latest version of this PolicySet; else none.
*/
@Override
public Optional<PrimaryPolicyMetadata> getCandidateRootPolicy()
{
/*
* Look for the one and only Policy
*/
final PrimaryPolicyMetadata candidateRootPolicy = getCandidateRootPolicy(TopLevelPolicyElementType.POLICY, this.policyEvaluatorMap);
if (candidateRootPolicy != null)
{
return Optional.of(candidateRootPolicy);
}
/*
* No single Policy, try with PolicySet
*/
final PrimaryPolicyMetadata candidateRootPolicySet = getCandidateRootPolicy(TopLevelPolicyElementType.POLICY_SET, this.policySetEvaluatorMap);
if (candidateRootPolicySet != null)
{
return Optional.of(candidateRootPolicySet);
}
/*
* No single policy(set)
*/
return Optional.empty();
}
@Override
public void close()
{
......
<?xml version="1.0" encoding="UTF-8"?>
<schema
xmlns="http://www.w3.org/2001/XMLSchema"
targetNamespace="http://authzforce.github.io/core/xmlns/pdp/7.0"
xmlns:tns="http://authzforce.github.io/core/xmlns/pdp/7.0"
targetNamespace="http://authzforce.github.io/core/xmlns/pdp/7"
xmlns:tns="http://authzforce.github.io/core/xmlns/pdp/7"
elementFormDefault="qualified"
xmlns:xacml="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
xmlns:authz-ext="http://authzforce.github.io/xmlns/pdp/ext/3"
version="7.0.0">
version="7.1">
<import namespace="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" />
<import namespace="http://authzforce.github.io/xmlns/pdp/ext/3" />
<annotation>
......@@ -190,12 +190,12 @@
<element
name="rootPolicyRef"
type="tns:TopLevelPolicyElementRef"
minOccurs="1"
minOccurs="0"
maxOccurs="1">
<annotation>
<documentation>
Identifies the root policy from which the policy evaluation begins. This identifier must be resolved by the Policy Provider configured previously (cf. 'policyProvider'
element).
element). In case this is not specified, the policy returned by the PolicyProvider#getCandidateRootPolicy() method is used as root policy. Refer to the respective PolicyProvider's documentation for more information.
</documentation>
</annotation>
</element>
......@@ -702,6 +702,10 @@
of declaration of policyLocations, the order
matters for
PolicySetIdReference resolution.
This PolicyProvider implements the 'PolicyProvider#getCandidateRootPolicy()' - the method provides a default root policy to be used when the PDP's configuration parameter 'rootPolicyRef' is undefined - as follows:
- If there is one and only one XACML Policy provided (e.g. one or more 'policyLocations' are defined, pointing to one or more versions of the same XACML Policy), return the latest version of this Policy;
- Else apply the same rule to XACML PolicySet(s);
- Else no candidate (e.g. there is more than one XACML Policy and more than one XACML PolicySet, in which case the 'rootPolicyRef' must be explicitly defined in PDP's configuration to make the choice).
</documentation>
</annotation>
<complexContent>
......
......@@ -2,8 +2,8 @@
<!-- Testing parameter 'maxPolicySetRefDepth' -->
<pdp
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://authzforce.github.io/core/xmlns/pdp/7.0"
version="7.0.0">
xmlns="http://authzforce.github.io/core/xmlns/pdp/7"
version="7.1">
<policyProvider
id="rootPolicyProvider"
xsi:type="StaticPolicyProvider">
......
......@@ -2,12 +2,11 @@
<!-- Testing parameter 'maxPolicySetRefDepth' -->
<pdp
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://authzforce.github.io/core/xmlns/pdp/7.0"
version="7.0.0">
xmlns="http://authzforce.github.io/core/xmlns/pdp/7"
version="7.1">
<policyProvider
id="rootPolicyProvider"
xsi:type="StaticPolicyProvider">
<policyLocation>${PARENT_DIR}/policies/*.xml</policyLocation>
</policyProvider>
<rootPolicyRef>root</rootPolicyRef>
</policyProvider>ef>
</pdp>
<?xml version="1.0" encoding="UTF-8"?>
<!-- Testing parameter 'maxPolicySetRefDepth' -->
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7.0" version="7.0.0">
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7" version="7.1">
<policyProvider
id="rootPolicyProvider"
xsi:type="StaticPolicyProvider">
<policyLocation>${PARENT_DIR}/policies/*.xml</policyLocation>
</policyProvider>
<rootPolicyRef>root</rootPolicyRef>
</policyProvider>cyRef>
</pdp>
<?xml version="1.0" encoding="UTF-8"?>
<!-- Testing parameter 'maxPolicySetRefDepth' -->
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7.0" version="7.0.0">
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7" version="7.1">
<policyProvider
id="rootPolicyProvider"
xsi:type="StaticPolicyProvider">
<policyLocation>${PARENT_DIR}/policies/*.xml</policyLocation>
</policyProvider>
<rootPolicyRef>root</rootPolicyRef>
</pdp>
<?xml version="1.0" encoding="UTF-8"?>
<!-- Testing parameter 'maxPolicySetRefDepth' -->
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7.0" version="7.0.0">
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7" version="7.1">
<policyProvider
id="rootPolicyProvider"
xsi:type="StaticPolicyProvider">
<policyLocation>${PARENT_DIR}/policies/*.xml</policyLocation>
</policyProvider>
<rootPolicyRef>root</rootPolicyRef>
</pdp>
<?xml version="1.0" encoding="UTF-8"?>
<!-- Testing parameter 'maxPolicySetRefDepth' -->
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7.0" version="7.0.0">
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7" version="7.1">
<policyProvider
id="rootPolicyProvider"
xsi:type="StaticPolicyProvider">
<policyLocation>${PARENT_DIR}/policies/*.xml</policyLocation>
</policyProvider>
<rootPolicyRef>root</rootPolicyRef>
</pdp>
<?xml version="1.0" encoding="UTF-8"?>
<!-- Testing parameter 'maxPolicySetRefDepth' -->
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7.0" version="7.0.0">
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7" version="7.1">
<policyProvider
id="rootPolicyProvider"
xsi:type="StaticPolicyProvider">
<policyLocation>${PARENT_DIR}/policies/*.xml</policyLocation>
</policyProvider>
<rootPolicyRef>root</rootPolicyRef>
</pdp>
<?xml version="1.0" encoding="UTF-8"?>
<tns:attributeProvider id="test" xmlns:tns="http://authzforce.github.io/core/xmlns/pdp/7.0" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:test="http://authzforce.github.io/core/xmlns/test/3"
<tns:attributeProvider id="test" xmlns:tns="http://authzforce.github.io/core/xmlns/pdp/7" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:test="http://authzforce.github.io/core/xmlns/test/3"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="test:TestAttributeProviderDescriptor">
<Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:example:attribute:role" IncludeInResult="false">
......
......@@ -2,15 +2,14 @@
<!-- Testing parameter 'maxPolicySetRefDepth' -->
<pdp
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://authzforce.github.io/core/xmlns/pdp/7.0"
version="7.0.0">
xmlns="http://authzforce.github.io/core/xmlns/pdp/7"
version="7.1">
<combiningAlgorithm>urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:on-permit-apply-second</combiningAlgorithm>
<policyProvider
id="refPolicyprovider"
xsi:type="StaticPolicyProvider">
<policyLocation>${PARENT_DIR}/policies/*.xml</policyLocation>
</policyProvider>
<rootPolicyRef>root</rootPolicyRef>
<ioProcChain>
<requestPreproc>urn:ow2:authzforce:feature:pdp:request-preproc:xacml-xml:multiple:repeated-attribute-categories-lax</requestPreproc>
</ioProcChain>
......
......@@ -2,14 +2,13 @@
<!-- Testing parameter 'maxPolicySetRefDepth' -->
<pdp
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://authzforce.github.io/core/xmlns/pdp/7.0"
version="7.0.0">
xmlns="http://authzforce.github.io/core/xmlns/pdp/7"
version="7.1">
<attributeDatatype>urn:ow2:authzforce:feature:pdp:data-type:test-xacml-policy</attributeDatatype>
<policyProvider
id="refPolicyprovider"
xsi:type="StaticPolicyProvider">
<policyLocation>${PARENT_DIR}/policies/*.xml</policyLocation>
</policyProvider>
<rootPolicyRef>root</rootPolicyRef>
</pdp>
<?xml version="1.0" encoding="UTF-8"?>
<!-- Testing parameter 'maxPolicySetRefDepth' -->
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7.0" version="7.0.0">
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7" version="7.1">
<policyProvider id="refPolicyprovider" xsi:type="StaticPolicyProvider">
<policyLocation>${PARENT_DIR}/policies/*.xml</policyLocation>
</policyProvider>
<rootPolicyRef>root</rootPolicyRef>
<ioProcChain>
<requestPreproc>urn:ow2:authzforce:feature:pdp:request-preproc:xacml-xml:multiple:repeated-attribute-categories-lax</requestPreproc>
<resultPostproc>urn:ow2:authzforce:feature:pdp:result-postproc:xacml-xml:multiple:test-combined-decision</resultPostproc>
......
<?xml version="1.0" encoding="UTF-8"?>
<!-- Testing parameter 'maxPolicySetRefDepth' -->
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7.0" version="7.0.0">
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7" version="7.1">
<attributeDatatype>urn:oasis:names:tc:xacml:3.0:data-type:dnsName-value</attributeDatatype>
<function>urn:oasis:names:tc:xacml:3.0:function:dnsName-value-equal</function>
<policyProvider id="refPolicyprovider" xsi:type="StaticPolicyProvider">
<policyLocation>${PARENT_DIR}/policies/*.xml</policyLocation>
</policyProvider>
<rootPolicyRef>root</rootPolicyRef>
</pdp>
<?xml version="1.0" encoding="UTF-8"?>
<!-- Testing parameter 'maxPolicySetRefDepth' -->
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7.0" version="7.0.0" maxPolicyRefDepth="1">
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7" version="7.1" maxPolicyRefDepth="1">
<policyProvider id="refPolicyprovider" xsi:type="StaticPolicyProvider">
<policyLocation>${PARENT_DIR}/policies/*.xml</policyLocation>
</policyProvider>
......
<?xml version="1.0" encoding="UTF-8"?>
<!-- Testing parameter 'maxPolicySetRefDepth' -->
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7.0" version="7.0.0" maxPolicyRefDepth="1" maxVariableRefDepth="0">
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7" version="7.1" maxPolicyRefDepth="1" maxVariableRefDepth="0">
<policyProvider id="refPolicyprovider" xsi:type="StaticPolicyProvider">
<policyLocation>${PARENT_DIR}/policies/*.xml</policyLocation>
</policyProvider>
<rootPolicyRef>root</rootPolicyRef>
</pdp>
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8"?>
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7.0" version="7.0.0" standardEnvAttributeSource="PDP_ONLY"
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7" version="7.1" standardEnvAttributeSource="PDP_ONLY"
clientRequestErrorVerbosityLevel="10">
<policyProvider
id="refPolicyprovider"
xsi:type="StaticPolicyProvider">
<policyLocation>${PARENT_DIR}/policies/*.xml</policyLocation>
</policyProvider>
<rootPolicyRef policySet="true">root</rootPolicyRef>
<ioProcChain>
<requestPreproc>urn:ow2:authzforce:feature:pdp:request-preproc:xacml-xml:multiple:repeated-attribute-categories-lax</requestPreproc>
</ioProcChain>
......
<?xml version="1.0" encoding="UTF-8"?>
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7.0" version="7.0.0"
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7" version="7.1"
standardEnvAttributeSource="REQUEST_ELSE_PDP"
clientRequestErrorVerbosityLevel="10">
<policyProvider
......@@ -7,7 +7,6 @@
xsi:type="StaticPolicyProvider">
<policyLocation>${PARENT_DIR}/policies/*.xml</policyLocation>
</policyProvider>
<rootPolicyRef policySet="true">root</rootPolicyRef>
<ioProcChain>
<requestPreproc>urn:ow2:authzforce:feature:pdp:request-preproc:xacml-xml:multiple:repeated-attribute-categories-lax</requestPreproc>
</ioProcChain>
......
<?xml version="1.0" encoding="UTF-8"?>
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7.0" version="7.0.0"
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7" version="7.1"
standardEnvAttributeSource="REQUEST_ONLY"
clientRequestErrorVerbosityLevel="10">
<policyProvider
......@@ -7,7 +7,6 @@
xsi:type="StaticPolicyProvider">
<policyLocation>${PARENT_DIR}/policies/*.xml</policyLocation>
</policyProvider>
<rootPolicyRef policySet="true">root</rootPolicyRef>
<ioProcChain>
<requestPreproc>urn:ow2:authzforce:feature:pdp:request-preproc:xacml-xml:multiple:repeated-attribute-categories-lax</requestPreproc>
</ioProcChain>
......
......@@ -2,9 +2,9 @@
<!-- Testing parameter 'maxPolicySetRefDepth' -->
<pdp
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://authzforce.github.io/core/xmlns/pdp/7.0"
xmlns="http://authzforce.github.io/core/xmlns/pdp/7"
xmlns:ext="http://authzforce.github.io/core/xmlns/test/3"
version="7.0.0">
version="7.1">
<policyProvider
id="refPolicyProvider"
xsi:type="ext:MongoDBBasedPolicyProviderDescriptor"
......
<?xml version="1.0" encoding="UTF-8"?>
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7.0" version="7.0.0">
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7" version="7.1">
<policyProvider id="refPolicyprovider" xsi:type="StaticPolicyProvider">
<policyLocation>${PARENT_DIR}/policies/*.xml</policyLocation>
</policyProvider>
......
......@@ -33,7 +33,7 @@
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core-pdp-api</artifactId>
<version>16.0.0</version>
<version>16.1.0</version>
</dependency>
<!-- /AuthzForce dependencies -->
<!-- Test dependencies -->
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment