Skip to content
  1. Apr 06, 2022
  2. Mar 14, 2022
  3. Mar 12, 2022
  4. Mar 11, 2022
  5. Mar 07, 2022
    • cdanger's avatar
      - Added SPIF-to-XACML conversion stylesheets: · 629cb21d
      cdanger authored
        - `spif2xacml-for-xpath-1.0.xsl`: SPIF-to-XACML policy transformation XSLT using XPath 1.0, more verbose and less efficient than the XPath 2.0 version below.
        - `spif2xacml-for-xpath-2.0.xsl`: SPIF-to-XACML policy transformation XSLT using XPath 2.0 features (not available in 1.0), with the option to enable AuthzForce optimizations (XSLT parameter `authzforce_optimized`) for further enhancements.
      - Used generated policies from sample ACME SPIF with above stylesheets to custom pdp tests XPath2.0 and XacmlVariablesAsXPathVariables.
  6. Feb 18, 2022
  7. Feb 07, 2022
  8. Feb 02, 2022
    • cdanger's avatar
      - Fixed #62: Refactor BasePdpEngine - Move the standardEnvironmentAttribute*... · 508e918b
      cdanger authored
      - Fixed #62: Refactor BasePdpEngine - Move the standardEnvironmentAttribute* code (providing current-time/dateTime/date attributes not present in the request) to dedicated AttributeProvider -> new PDP XSD and new built-in AttributeProvider: `StandardEnvironmentAttributeProvider` class
      - authzforce-ce-parent upgraded to 8.1.0
      - Authzfoce-ce-core-pdp-api upgraded to 19.0.0: applied API changes:
      ### Changed
      - AttributeProvider interface removed, existing NamedAttributeProvider used instead
      - `authzforce-ce-parent` version: 8.1.0
      - Improved support of Multiple Decision Profile in the `PdpEngine` interface and the following types of PDP extensions:  Combining Algorithm, Function, Attribute Provider, Policy Provider. The corresponding interfaces (`CombiningAlg`...) have changed: certain of their methods - called during request evaluation - now take a new `Optional<EvaluationContext>` parameter which is used to pass the MDP evaluation context (MDP = Multiple Decision Profile) which is an evaluation context shared across all the Individual Decision Requests within the same Multiple Decision Request whenever MDP is used in the input request to the PDP. This enables all PDP extensions to be aware / provide better support of the Multiple Decision Profile. This may be used in particular by an Attribute Provider providing the standard current-time/current-date/current-dateTime attributes which should have the same values for all Individual Decision Requests corresponding to the same Multiple Decision Request.
      - `DecisionRequest` and `EvaluationContext` interfaces changed:
        - New method `getCreationTimestamp()`: provides the date/time of the request/context creation. Used typically for the standard current-* attributes.
        - `putNamedAttributeValueIfAbsent(AttributeFqn, AttributeBag)` replaced with more generic `putNamedAttributeValue(AttributeFqn, AttributeBag, boolean override)`
      ### Added
      - Attribute Provider (`NamedAttributeProvider`) interface: added 2 new methods for better support of the Multiple Decision Profile (all implemented by default to do nothing):
          - `beginMultipleDecisionRequest(EvaluationContext mdpContext)`: for special processing in the context of the MDP request (before corresponding Individual Decision requests are evaluated)
          - `supportsBeginMultipleDecisionRequest()`: indicates whether the Attribute Provider implements `beginMultipleDecisionRequest()` method and therefore needs the PDP engine to call it when a new MDP request is evaluated
          - `beginIndividualDecisionRequest(EvaluationContext individualDecisionContext, Optional<EvaluationContext> mdpContext)`: for special processing in the context of an Individual Decision request, before it is evaluated against policies (before the `get(attribute)` method is ever called for the individual decision request).
          - `supportsBeginIndividualDecisionRequest()`: indicates whether the Attribute Provider implements `beginIndividualDecisionRequest()` method and therefore needs the PDP engine to call it when a new individual decision request is evaluated.
      - PdpBean#evaluate(...), PdpEngine#evaluate(...) and all *Evaluator#evaluate(...) method takes a new `Optional<EvaluationContext>` parameter to support the new MDP evaluation context when MDP (Multiple Decision profile) is used
      - Moved the OSS PDP benchmark (authzforce, at&t xacml and wso2 balana) to a separate maven module
      - Obsoleted .travis.yml replaced with GitHub Action
      - Replaced ModularAttributeProvider with new CloseableNamedAttributeProviderRegistry, EvaluationContextBased*NamedAttributeProvider classes
      - Updated all tests pdp.xml (PDP configs) to new XSD
      - Added Migration (from 17.x to 18.x) instructions with new `migration` folder containing migration XSLT stylesheets and new XSLT for migrating PDP config to XSD v8: pdp-xsd-v7.xsl
      - pdp-testutils module: upgraded jongo dependency to 1.5.0, mongo-java-driver to 3.12.10
      - New StandardResourceAttribute/StandardSubjectAttribute enums for standard resource/suject attributes with standard-fixed datatype
      - pdp-cli: Upgraded picocli to 4.6.2, testng to 7.5
  9. Oct 22, 2021
  10. Aug 28, 2021
  11. Jun 22, 2021
  12. Jan 27, 2021
    • cdanger's avatar
      - Fixed #40: Upgrade supported JRE to JAVA 11 (java 8 no longer supported) · 5ad38b49
      cdanger authored
      - Upgraded Maven parent project to 8.0.0
      - As part of Java 11 migration, upgraded JAXB (Jakarta XML Bining) to v2.3.3
      - Upgraded authzforce-ce-core-pdp-api to v18.0.0
      - Fixed CVE on jackson-databind -> v2.9.10.8
      - Upgraded authzforce-ce-xacml-json-model: 3.0.0
      - Replaced findbugs maven plugin with spotbugs
      - updated license headers for year 2021
  13. Mar 23, 2020
  14. Mar 15, 2020
  15. Jan 17, 2020
  16. Jan 16, 2020
    • cdanger's avatar
      - Fixed #43 · 2b8d2dad
      cdanger authored
      - Upgraded authzforce-ce-core-pdp-api version to 16.1.0 adding
      PolicyProvider#getCandidateRootPolicy() interface
      - Changed PDP config XSD
      	- Simplified versioning (version="7.1" and remove minor version from
      	- 'rootPolicyRef' no longer mandatory. If not specified,
      PolicyProvider#getCandidateRootPolicy() on the 'policyProvider' is used
      to specify the root policy
      - Added CoreStaticPolicyProvider#getCandidateRootPolicy() to implement
  17. Oct 31, 2019
  18. Oct 28, 2019
  19. Oct 27, 2019
  20. Oct 26, 2019
  21. Jun 02, 2019
  22. Aug 29, 2018
  23. Aug 17, 2018
  24. Jul 19, 2018