Commit f18531c2 authored by cdanger's avatar cdanger
Browse files

Merge branch 'release/5.3.0'

parents 18327506 61910526
......@@ -2,6 +2,15 @@
All notable changes to this project are documented in this file following the [Keep a CHANGELOG](http://keepachangelog.com) conventions. We try to apply [Semantic Versioning](http://semver.org) with one particular rule: the version must be equal to or greater than the version of the _authzforce-ce-rest-api-model_ dependency (declared in _rest-service_ module's POM). Indeed, this dependency holds the resources of the REST API specification implemented by this project. Therefore, the rule helps relate a specific version of this project to the specific version of the REST API specification that is implemented/supported.
## 5.3.0
### Changed
- Version of dependency `authzforce-ce-pap-dao-flat-file` to `6.0.0`, causing changes to the REST API URL `/domains/{domainId}/pap/pdp.properties` regarding IDs of features of type `urn:ow2:authzforce:feature-type:pdp:request-filter`:
- `urn:ow2:authzforce:xacml:request-filter:default-lax` changed to `urn:ow2:authzforce:feature:pdp:request-filter:default-lax`;
- `urn:ow2:authzforce:xacml:request-filter:default-strict` changed to `urn:ow2:authzforce:feature:pdp:request-filter:default-strict`;
- `urn:ow2:authzforce:xacml:request-filter:multiple:repeated-attribute-categories-strict` changed to `urn:ow2:authzforce:feature:pdp:request-filter:multiple:repeated-attribute-categories-strict`;
- `urn:ow2:authzforce:xacml:request-filter:multiple:repeated-attribute-categories-lax` changed to `urn:ow2:authzforce:feature:pdp:request-filter:multiple:repeated-attribute-categories-lax`.
## 5.2.0
### Added
- REST API spec (authzforce-ce-rest-api-model) v5.1.0 support: enhanced management of PDP features, i.e. all supported features may be listed, and each feature may have a 'type' and an 'enabled' (true or false) state that can be updated via the API
......
......@@ -7,7 +7,7 @@
Server components and distribution of AuthZForce authorization service (FIWARE Authorization PDP GEri).
This project also provides the Reference Implementation (GEri) of [FIWARE](https://www.fiware.org) *Authorization PDP* Generic Enabler (GE). More info on the [FIWARE catalogue](http://catalogue.fiware.org/enablers/authorization-pdp-authzforce).
The manuals are available on [readthedocs.org](http://authzforce-ce-fiware.readthedocs.org/).
The manuals are available on [readthedocs.org](http://readthedocs.org/projects/authzforce-ce-fiware/versions/).
Note for contributers:
The sources for the manuals are located in [fiware repository](http://github.com/authzforce/fiware/doc).
This diff is collapsed.
......@@ -6,8 +6,8 @@
maxVariableRefDepth="10"
maxPolicyRefDepth="10"
strictAttributeIssuerMatch="false"
requestFilter="urn:ow2:authzforce:xacml:request-filter:default-lax">
<!-- Replace with requestFilter = "urn:ow2:authzforce:xacml:request-filter:multiple:repeated-attribute-categories-lax" for Multiple Decision Profile support. -->
requestFilter="urn:ow2:authzforce:feature:pdp:request-filter:default-lax">
<!-- Replace with requestFilter = "urn:ow2:authzforce:feature:pdp:request-filter:multiple:repeated-attribute-categories-lax" for Multiple Decision Profile support. -->
<!-- You may customize this PDP configuration except 'rootPolicyProvider' and 'refPolicyProvider' elements. -->
<!-- policyLocation must start with ${PARENT_DIR}/ and end with: /*SUFFIX (* is expanded to base64url(policyId)/policyVersion) -->
<refPolicyProvider
......
......@@ -5,8 +5,8 @@
version="3.6.4"
maxPolicyRefDepth="10"
strictAttributeIssuerMatch="false"
requestFilter="urn:ow2:authzforce:xacml:request-filter:default-lax">
<!-- Replace with requestFilter = "urn:ow2:authzforce:xacml:request-filter:multiple:repeated-attribute-categories-lax" for Multiple Decision Profile support. -->
requestFilter="urn:ow2:authzforce:feature:pdp:request-filter:default-lax">
<!-- Replace with requestFilter = "urn:ow2:authzforce:feature:pdp:request-filter:multiple:repeated-attribute-categories-lax" for Multiple Decision Profile support. -->
<!-- You may customize this PDP configuration except 'rootPolicyProvider' and 'refPolicyProvider' elements. -->
<!-- policyLocation must start with ${PARENT_DIR}/ and end with: /*SUFFIX (* is expanded to base64url(policyId)/policyVersion) -->
<refPolicyProvider
......
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-parent</artifactId>
<version>3.3.7</version>
</parent>
<artifactId>authzforce-ce-server</artifactId>
<!-- FIWARE Versioning + Version must be equal or higher than 'authzforce-ce-rest-api-model'
dependency in 'rest-service' module -->
<version>5.2.0</version>
<packaging>pom</packaging>
<name>${project.groupId}:${project.artifactId}</name>
<description>AuthZForce CE Server</description>
<url>https://github.com/authzforce/server</url>
<properties>
<git.url.base>https://github.com/authzforce/server</git.url.base>
<authzforce-ce-core.version>3.9.0</authzforce-ce-core.version>
<authzforce-ce-pap-dao-flat-file.version>5.1.0</authzforce-ce-pap-dao-flat-file.version>
</properties>
<scm>
<connection>scm:git:${git.url.base}.git</connection>
<developerConnection>scm:git:${git.url.base}.git</developerConnection>
<tag>HEAD</tag>
<url>${git.url.base}</url>
</scm>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-core</artifactId>
<version>${authzforce-ce-core.version}</version>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-core</artifactId>
<version>${authzforce-ce-core.version}</version>
<classifier>tests</classifier>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-pap-dao-flat-file</artifactId>
<version>${authzforce-ce-pap-dao-flat-file.version}</version>
</dependency>
</dependencies>
</dependencyManagement>
<modules>
<module>rest-service</module>
<module>webapp</module>
<module>upgrader</module>
<module>dist</module>
</modules>
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-parent</artifactId>
<version>3.3.7</version>
</parent>
<artifactId>authzforce-ce-server</artifactId>
<!-- FIWARE Versioning + Version must be equal or higher than 'authzforce-ce-rest-api-model' dependency in 'rest-service' module -->
<version>5.3.0</version>
<packaging>pom</packaging>
<name>${project.groupId}:${project.artifactId}</name>
<description>AuthZForce CE Server</description>
<url>https://github.com/authzforce/server</url>
<properties>
<git.url.base>https://github.com/authzforce/server</git.url.base>
<authzforce-ce-core.version>4.0.0</authzforce-ce-core.version>
<authzforce-ce-core-pap-api.version>5.2.0</authzforce-ce-core-pap-api.version>
<!-- Version must be compatible with authzforce-ce-core and authzforce-ce-core-pap-api versions above. -->
<authzforce-ce-pap-dao-flat-file.version>6.0.0</authzforce-ce-pap-dao-flat-file.version>
</properties>
<scm>
<connection>scm:git:${git.url.base}.git</connection>
<developerConnection>scm:git:${git.url.base}.git</developerConnection>
<tag>HEAD</tag>
<url>${git.url.base}</url>
</scm>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-core</artifactId>
<version>${authzforce-ce-core.version}</version>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-core</artifactId>
<version>${authzforce-ce-core.version}</version>
<classifier>tests</classifier>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-core-pap-api</artifactId>
<version>${authzforce-ce-core-pap-api.version}</version>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-pap-dao-flat-file</artifactId>
<version>${authzforce-ce-pap-dao-flat-file.version}</version>
</dependency>
</dependencies>
</dependencyManagement>
<modules>
<module>rest-service</module>
<module>webapp</module>
<module>upgrader</module>
<module>dist</module>
</modules>
</project>
......@@ -4,7 +4,7 @@
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-server</artifactId>
<!-- Version must be equal or higher than authzforce-ce-rest-api-model dependency -->
<version>5.2.0</version>
<version>5.3.0</version>
<relativePath>..</relativePath>
</parent>
<artifactId>authzforce-ce-server-rest-service</artifactId>
......@@ -47,7 +47,6 @@
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-core-pap-api</artifactId>
<version>5.1.0</version>
</dependency>
</dependencies>
<build>
......@@ -103,7 +102,6 @@
<artifactId>license-maven-plugin</artifactId>
<configuration>
<header>license/thales-gpl.header.txt</header>
<skipExistingHeaders>true</skipExistingHeaders>
<includes>
<include>src/**</include>
</includes>
......
/**
* Copyright (C) 2012-2015 Thales Services SAS.
* Copyright (C) 2012-2016 Thales Services SAS.
*
* This file is part of AuthZForce.
* This file is part of AuthZForce CE.
*
* AuthZForce is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software
* Foundation, either version 3 of the License, or (at your option) any later version.
* AuthZForce CE is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* AuthZForce is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU General Public License for more details.
* AuthZForce CE is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with AuthZForce. If not, see <http://www.gnu.org/licenses/>.
* You should have received a copy of the GNU General Public License
* along with AuthZForce CE. If not, see <http://www.gnu.org/licenses/>.
*/
/**
*
......
/**
* Copyright (C) 2012-2015 Thales Services SAS.
* Copyright (C) 2012-2016 Thales Services SAS.
*
* This file is part of AuthZForce.
* This file is part of AuthZForce CE.
*
* AuthZForce is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software
* Foundation, either version 3 of the License, or (at your option) any later version.
* AuthZForce CE is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* AuthZForce is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU General Public License for more details.
* AuthZForce CE is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with AuthZForce. If not, see <http://www.gnu.org/licenses/>.
* You should have received a copy of the GNU General Public License
* along with AuthZForce CE. If not, see <http://www.gnu.org/licenses/>.
*/
/**
*
......
......@@ -3,13 +3,18 @@
*
* This file is part of AuthZForce CE.
*
* AuthZForce CE is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software
* Foundation, either version 3 of the License, or (at your option) any later version.
* AuthZForce CE is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* AuthZForce CE is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
* AuthZForce CE is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with AuthZForce CE. If not, see <http://www.gnu.org/licenses/>.
* You should have received a copy of the GNU General Public License
* along with AuthZForce CE. If not, see <http://www.gnu.org/licenses/>.
*/
package org.ow2.authzforce.rest.service.jaxrs;
......
/**
* Copyright (C) 2012-2015 Thales Services SAS.
* Copyright (C) 2012-2016 Thales Services SAS.
*
* This file is part of AuthZForce.
* This file is part of AuthZForce CE.
*
* AuthZForce is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software
* Foundation, either version 3 of the License, or (at your option) any later version.
* AuthZForce CE is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* AuthZForce is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU General Public License for more details.
* AuthZForce CE is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with AuthZForce. If not, see <http://www.gnu.org/licenses/>.
* You should have received a copy of the GNU General Public License
* along with AuthZForce CE. If not, see <http://www.gnu.org/licenses/>.
*/
/**
*
......
......@@ -3,13 +3,18 @@
*
* This file is part of AuthZForce CE.
*
* AuthZForce CE is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software
* Foundation, either version 3 of the License, or (at your option) any later version.
* AuthZForce CE is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* AuthZForce CE is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
* AuthZForce CE is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with AuthZForce CE. If not, see <http://www.gnu.org/licenses/>.
* You should have received a copy of the GNU General Public License
* along with AuthZForce CE. If not, see <http://www.gnu.org/licenses/>.
*/
package org.ow2.authzforce.rest.service.jaxrs;
......
......@@ -3,13 +3,18 @@
*
* This file is part of AuthZForce CE.
*
* AuthZForce CE is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software
* Foundation, either version 3 of the License, or (at your option) any later version.
* AuthZForce CE is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* AuthZForce CE is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
* AuthZForce CE is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with AuthZForce CE. If not, see <http://www.gnu.org/licenses/>.
* You should have received a copy of the GNU General Public License
* along with AuthZForce CE. If not, see <http://www.gnu.org/licenses/>.
*/
package org.ow2.authzforce.rest.service.jaxrs;
......
/**
* Copyright (C) 2012-2015 Thales Services SAS.
* Copyright (C) 2012-2016 Thales Services SAS.
*
* This file is part of AuthZForce.
* This file is part of AuthZForce CE.
*
* AuthZForce is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software
* Foundation, either version 3 of the License, or (at your option) any later version.
* AuthZForce CE is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* AuthZForce is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU General Public License for more details.
* AuthZForce CE is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with AuthZForce. If not, see <http://www.gnu.org/licenses/>.
* You should have received a copy of the GNU General Public License
* along with AuthZForce CE. If not, see <http://www.gnu.org/licenses/>.
*/
/**
*
......
......@@ -3,7 +3,7 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-server</artifactId>
<version>5.2.0</version>
<version>5.3.0</version>
<relativePath>..</relativePath>
</parent>
<artifactId>authzforce-ce-server-upgrader</artifactId>
......@@ -139,7 +139,6 @@
<artifactId>license-maven-plugin</artifactId>
<configuration>
<header>license/thales-gpl.header.txt</header>
<skipExistingHeaders>true</skipExistingHeaders>
<includes>
<include>src/test/java</include>
</includes>
......@@ -213,7 +212,7 @@
<!-- <property name="ignore.domain.name" value="true" /> -->
<!-- <property name="pdp.max.var.ref.depth" value="20" /> -->
<!-- <property name="pdp.max.policy.ref.depth" value="20" /> -->
<!-- <property name="pdp.request.filter" value="urn:ow2:authzforce:xacml:request-filter:multiple:repeated-attribute-categories-lax" /> -->
<!-- <property name="pdp.request.filter" value="urn:ow2:authzforce:feature:pdp:request-filter:multiple:repeated-attribute-categories-lax" /> -->
</ant>
</target>
</configuration>
......@@ -237,7 +236,7 @@
<!-- <property name="ignore.domain.name" value="true" /> -->
<!-- <property name="pdp.max.var.ref.depth" value="20" /> -->
<!-- <property name="pdp.max.policy.ref.depth" value="20" /> -->
<!-- <property name="pdp.request.filter" value="urn:ow2:authzforce:xacml:request-filter:multiple:repeated-attribute-categories-lax" /> -->
<!-- <property name="pdp.request.filter" value="urn:ow2:authzforce:feature:pdp:request-filter:multiple:repeated-attribute-categories-lax" /> -->
</ant>
</target>
</configuration>
......@@ -261,7 +260,7 @@
<!-- <property name="ignore.domain.name" value="true" /> -->
<!-- <property name="pdp.max.var.ref.depth" value="20" /> -->
<!-- <property name="pdp.max.policy.ref.depth" value="20" /> -->
<!-- <property name="pdp.request.filter" value="urn:ow2:authzforce:xacml:request-filter:multiple:repeated-attribute-categories-lax" /> -->
<!-- <property name="pdp.request.filter" value="urn:ow2:authzforce:feature:pdp:request-filter:multiple:repeated-attribute-categories-lax" /> -->
</ant>
</target>
</configuration>
......
......@@ -10,14 +10,6 @@ To upgrade AuhZForce data from a R4 version (4.2.x, 4.3.x or 4.4.x) to ${project
$ sudo apt-get install ivy ant-contrib
```
1. Download AuthZForce server upgrader tool from [Maven Central Repository](http://repo1.maven.org/maven2/org/ow2/authzforce/authzforce-ce-server-upgrader/${project.version}/authzforce-ce-server-upgrader-${project.version}.tar.gz). You get a file called ``authzforce-ce-server-upgrader-${project.version}.tar.gz``.
1. Copy this file to the host where the old AuthZForce Server is installed, and unzip it and change directory:
```shell
$ tar xvzf authzforce-ce-server-upgrader-${project.version}.tar.gz
$ cd authzforce-ce-server-upgrader-${project.version}
```
1. If you have custom AuthZForce PDP attribute providers, for each one, you have to adapt them to the new PDP AttributeProvider's Java interface, deploy and enable them on the new AuthZForce Server. Please refer to the [online User and Programmer Guide](http://readthedocs.org/projects/authzforce-ce-fiware/versions/) for more information on this process (select the latest version with the 3 first dot-separated numbers -- MAJOR.MINOR.PATCH -- matching your AuthZForce Server version). Then you have to add a new `xsl:when` element in the following form in the XSL template named `attribute-finders-upgrade` in XSL stylesheet `xslt/M.m.x/domain-pdp-upgrade.xsl` (path relative to the current working directory) -- replace `M.m` with the MAJOR.MINOR version of your old Authzforce version to be upgraded -- where you defined the transformation rules to upgrade the attribute provider configuration to the new model (the `TestAttributeProvider` below is just an example and may be ignored):
```xml
......
......@@ -90,15 +90,15 @@
</condition>
</fail>
<property name="pdp.request.filter" value="urn:ow2:authzforce:xacml:request-filter:default-lax" description="PDP property: request filter" />
<fail message="Invalid pdp.request.filter arg: not one of: 'urn:ow2:authzforce:xacml:request-filter:default-lax', 'urn:ow2:authzforce:xacml:request-filter:default-strict', 'urn:ow2:authzforce:xacml:request-filter:multiple:repeated-attribute-categories-lax', 'urn:ow2:authzforce:xacml:request-filter:multiple:repeated-attribute-categories-strict'.">
<property name="pdp.request.filter" value="urn:ow2:authzforce:feature:pdp:request-filter:default-lax" description="PDP property: request filter" />
<fail message="Invalid pdp.request.filter arg: not one of: 'urn:ow2:authzforce:feature:pdp:request-filter:default-lax', 'urn:ow2:authzforce:feature:pdp:request-filter:default-strict', 'urn:ow2:authzforce:feature:pdp:request-filter:multiple:repeated-attribute-categories-lax', 'urn:ow2:authzforce:feature:pdp:request-filter:multiple:repeated-attribute-categories-strict'.">
<condition>
<not>
<or>
<equals arg1="${pdp.request.filter}" arg2="urn:ow2:authzforce:xacml:request-filter:default-lax" />
<equals arg1="${pdp.request.filter}" arg2="urn:ow2:authzforce:xacml:request-filter:default-strict" />
<equals arg1="${pdp.request.filter}" arg2="urn:ow2:authzforce:xacml:request-filter:multiple:repeated-attribute-categories-lax" />
<equals arg1="${pdp.request.filter}" arg2="urn:ow2:authzforce:xacml:request-filter:multiple:repeated-attribute-categories-strict" />
<equals arg1="${pdp.request.filter}" arg2="urn:ow2:authzforce:feature:pdp:request-filter:default-lax" />
<equals arg1="${pdp.request.filter}" arg2="urn:ow2:authzforce:feature:pdp:request-filter:default-strict" />
<equals arg1="${pdp.request.filter}" arg2="urn:ow2:authzforce:feature:pdp:request-filter:multiple:repeated-attribute-categories-lax" />
<equals arg1="${pdp.request.filter}" arg2="urn:ow2:authzforce:feature:pdp:request-filter:multiple:repeated-attribute-categories-strict" />
</or>
</not>
</condition>
......
......@@ -35,6 +35,6 @@
WARNING: guava's packaging is bundle! So you have to add bundle in ivy:retrieve type attribute, e.g. "jar,bundle".
-->
<dependency org="com.google.guava" name="guava" rev="18.0" transitive="false" />
<dependency org="org.ow2.authzforce" name="authzforce-ce-pap-dao-flat-file" rev="5.1.0" transitive="false" />
<dependency org="org.ow2.authzforce" name="authzforce-ce-pap-dao-flat-file" rev="6.0.0" transitive="false" />
</dependencies>
</ivy-module>
......@@ -36,7 +36,7 @@
<xsl:param name="maxVariableRefDepth" select="10" />
<xsl:param name="maxPolicyRefDepth" select="10" />
<!-- Single quotes to escape special character ':' -->
<xsl:param name="requestFilter" select="'urn:ow2:authzforce:xacml:request-filter:default-lax'" />
<xsl:param name="requestFilter" select="'urn:ow2:authzforce:feature:pdp:request-filter:default-lax'" />
<!-- WARNING 1: old policyFinder, resourceFinder, cache elements ignored/not supported. WARNING 2: if you use custom attribute finders, i.e. other than native CurrentDateTimeFinder or AttributeSelectorXPathFinder (in 'old' namespace), or if you use NON-standard datatypes / combining algorithms / functions, you have to add transformation rules to handle each of those. WARNING 3: old 'useStandard*' attributes are ignored (assume it is true always) -->
<xsl:template match="old:pdps">
<xsl:apply-templates select="document($refPoliciesFileURI)/oldapi:policySets/xacml:PolicySet" />
......
......@@ -21,7 +21,7 @@
<xsl:param name="maxPolicyRefDepth" select="10" />
<!-- Single quotes to escape special character ':' -->
<xsl:param name="requestFilter"
select="'urn:ow2:authzforce:xacml:request-filter:default-lax'" />
select="'urn:ow2:authzforce:feature:pdp:request-filter:default-lax'" />
<!-- Force xsi and flat-file-dao namespaces on root tag -->
<xsl:template match="/*">
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment