Example: calling an XACML PDP
This topic has not yet been written. The content below is from the topic description.
The API is as follows: import org.jboss.identity.federation.api.soap.SOAPSAMLXACML; import org.jboss.identity.federation.api.soap.SOAPSAMLXACML.Result;   //Where your endpoint is located String endpoint = "http://localhost:8080/test/SOAPServlet";  //If you want to name your issuer of SAML request String issuer = "testIssuer";  //Create an XACML Request RequestType xacmlRequest = getXACMLRequest(); //Look in example below SOAPSAMLXACML soapSAMLXACML = new SOAPSAMLXACML();         Result result = soapSAMLXACML.send(endpoint, issuer, xacmlRequest); assertTrue("No fault", result.isFault() == false); assertTrue("Decision available", result.isResponseAvailable()); assertTrue("Deny", result.isDeny());  Remember, in this use case we are talking to an unsecured PDP. If there is an http proxy or the PDP requires security, we will deal with that later (in our beta release probably).  Lets look at the signature of the Result class. import org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope.Fault; import org.jboss.security.xacml.core.model.context.DecisionType;  public class Result {          public boolean isResponseAvailable()           public boolean isFault()           public DecisionType getDecision()           public Fault getFault()           public boolean isPermit()           public boolean isDeny() }  Let us look at a payload:                            vaPepEntity                                                                                                     Doctor, Bob I                                                                              physician                                                                              urn:va:xacml:2.0:interop:rsa8:hl7:prd-010                                                           urn:va:xacml:2.0:interop:rsa8:hl7:prd-012                                                           urn:va:xacml:2.0:interop:rsa8:hl7:prd-017                                                           urn:va:xacml:2.0:interop:rsa8:hl7:prd-005                                                           urn:va:xacml:2.0:interop:rsa8:hl7:prd-003                                                           urn:va:xacml:2.0:interop:rsa8:hl7:prd-009                                                           urn:va:xacml:2.0:interop:rsa8:hl7:prd-006                                                                                                           Facility A                                                                                                                                                      urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record                                                                                                           urn:va:xacml:2.0:interop:rsa8:hl7:prd-010                                                           urn:va:xacml:2.0:interop:rsa8:hl7:prd-012                                                           urn:va:xacml:2.0:interop:rsa8:hl7:prd-005                                                           urn:va:xacml:2.0:interop:rsa8:hl7:prd-003                                                                                                           MA                                                                              Doctor, Bob I                                                                                                                    read                                                                                                                    Facility A                                                                        This payload is from the HIMSS Technology Demonstration 2009 where JBoss participated.  Now let us look at the JUnit Test Case: package org.jboss.test.identity.federation.bindings.util;  import java.util.ArrayList; import java.util.List;  import org.jboss.identity.federation.api.soap.SOAPSAMLXACML; import org.jboss.identity.federation.api.soap.SOAPSAMLXACML.Result; import org.jboss.security.xacml.core.model.context.ActionType; import org.jboss.security.xacml.core.model.context.AttributeType; import org.jboss.security.xacml.core.model.context.AttributeValueType; import org.jboss.security.xacml.core.model.context.EnvironmentType; import org.jboss.security.xacml.core.model.context.RequestType; import org.jboss.security.xacml.core.model.context.ResourceType; import org.jboss.security.xacml.core.model.context.SubjectType; import org.jboss.security.xacml.factories.RequestAttributeFactory;  import junit.framework.TestCase;  /** * Unit test the SOAP SAML XACML Unit Test * @author Anil Saldhana */ public class SOAPSAMLXACMLUnitTestCase extends TestCase {   //Change it to true when you have an end point running locally   private boolean sendRequest = false;     private String endpoint = "http://localhost:8080/test/SOAPServlet";     private String issuer = "testIssuer";    public void testXACML() throws Exception   {      if(sendRequest)      {         //Create an XACML Request         RequestType xacmlRequest = getXACMLRequest();         SOAPSAMLXACML soapSAMLXACML = new SOAPSAMLXACML();                 Result result = soapSAMLXACML.send(endpoint, issuer, xacmlRequest);         assertTrue("No fault", result.isFault() == false);         assertTrue("Decision available", result.isResponseAvailable());         assertTrue("Deny", result.isDeny());      }   }     private RequestType getXACMLRequest()   {      RequestType requestType = new RequestType();      requestType.getSubject().add(createSubject());      requestType.getResource().add(createResource());      requestType.setAction(createAction());      requestType.setEnvironment(createEnvironment());      return requestType;   }     private SubjectType createSubject()   {      //Create a subject type      SubjectType subject = new SubjectType();      subject.setSubjectCategory("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject");           subject.getAttribute().addAll(getSubjectAttributes());       return subject;   }    public ResourceType createResource()   {      ResourceType resourceType = new ResourceType();       AttributeType attResourceID = RequestAttributeFactory.createStringAttributeType(            "urn:va:xacml:2.0:interop:rsa8:resource:hl7:type", issuer,            "urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record");             //Create a multi-valued attribute - hl7 permissions      AttributeType multi = new AttributeType();      multi.setAttributeId("urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission");      multi.setDataType("http://www.w3.org/2001/XMLSchema#string");           if (issuer != null)         multi.setIssuer(issuer);           multi.getAttributeValue().add(createAttributeValueType("urn:va:xacml:2.0:interop:rsa8:hl7:prd-010"));      multi.getAttributeValue().add(createAttributeValueType("urn:va:xacml:2.0:interop:rsa8:hl7:prd-012"));      multi.getAttributeValue().add(createAttributeValueType("urn:va:xacml:2.0:interop:rsa8:hl7:prd-005"));      multi.getAttributeValue().add(createAttributeValueType("urn:va:xacml:2.0:interop:rsa8:hl7:prd-003"));                  AttributeType attConfidentialityCode = RequestAttributeFactory.createStringAttributeType(            "urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code", issuer,            "MA");           AttributeType attDissentedSubjectId = RequestAttributeFactory.createStringAttributeType(            "urn:va:xacml:2.0:interop:rsa8:resource:hl7:radiology:dissented-subject-id", issuer,            "Doctor, Bob I");           //Add the attributes into the resource      resourceType.getAttribute().add(attResourceID);      resourceType.getAttribute().add(multi);      resourceType.getAttribute().add(attConfidentialityCode);      resourceType.getAttribute().add(attDissentedSubjectId);      return resourceType;   }    private ActionType createAction()   {      ActionType actionType = new ActionType();      AttributeType attActionID = RequestAttributeFactory.createStringAttributeType(            "urn:oasis:names:tc:xacml:1.0:action:action-id", issuer, "read");      actionType.getAttribute().add(attActionID);      return actionType;   }     private List getSubjectAttributes()   {      List attrList = new ArrayList();           //create the subject attributes           //SubjectID - Bob      AttributeType attSubjectID = RequestAttributeFactory.createStringAttributeType(            "urn:oasis:names:tc:xacml:1.0:subject:subject-id", issuer, "Doctor, Bob I");       //Role - Physician          AttributeType attRole = RequestAttributeFactory.createStringAttributeType(            "urn:va:xacml:2.0:interop:rsa8:subject:role", issuer, "Physician");                //Create a multi-valued attribute - hl7 permissions      AttributeType multi = new AttributeType();      multi.setAttributeId("urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission");      multi.setDataType("http://www.w3.org/2001/XMLSchema#string");           if (issuer != null)         multi.setIssuer(issuer);           multi.getAttributeValue().add(createAttributeValueType("urn:va:xacml:2.0:interop:rsa8:hl7:prd-010"));      multi.getAttributeValue().add(createAttributeValueType("urn:va:xacml:2.0:interop:rsa8:hl7:prd-012"));      multi.getAttributeValue().add(createAttributeValueType("urn:va:xacml:2.0:interop:rsa8:hl7:prd-017"));      multi.getAttributeValue().add(createAttributeValueType("urn:va:xacml:2.0:interop:rsa8:hl7:prd-005"));      multi.getAttributeValue().add(createAttributeValueType("urn:va:xacml:2.0:interop:rsa8:hl7:prd-003"));      multi.getAttributeValue().add(createAttributeValueType("urn:va:xacml:2.0:interop:rsa8:hl7:prd-009"));      multi.getAttributeValue().add(createAttributeValueType("urn:va:xacml:2.0:interop:rsa8:hl7:prd-006"));           //Locality      AttributeType attLocality = RequestAttributeFactory.createStringAttributeType(            "urn:oasis:names:tc:xacml:1.0:subject:locality", issuer, "Facility A");                 attrList.add(attSubjectID);      attrList.add(attRole);      attrList.add(multi);      attrList.add(attLocality);           return attrList;   }     private EnvironmentType createEnvironment()   {      EnvironmentType env = new EnvironmentType();           AttributeType attFacility = RequestAttributeFactory.createStringAttributeType(            "urn:va:xacml:2.0:interop:rsa8:environment:locality", issuer, "Facility A");           env.getAttribute().add(attFacility);      return env;   }     private AttributeValueType createAttributeValueType(String value)   {      AttributeValueType avt = new AttributeValueType();      avt.getContent().add(value);      return avt;   } }  Remember an XACML request always deals with a subject, resource, action and environment in its request context. You will need to have a fair understanding of XACML.  Let us analyze the result of calling the PDP: Result result = soapSAMLXACML.send(endpoint, issuer, xacmlRequest); assertTrue("No fault", result.isFault() == false); assertTrue("Decision available", result.isResponseAvailable()); assertTrue("Deny", result.isDeny()); We are ensuring that there was no SOAP Fault returned from the PDP. The next check is to ensure that there is an XACML decision waiting for us and the result is DENY from the PDP. XACML Policy Used in the test In the WEB-INF/classes directory, I created a policies folder and had the xacml policy as himss-policy.xml Please look at the attachment "himss-policies.tar" for the policy files that need to go inside the policies folder. JBossXACML PolicyConfig in the test policyConfig.xml was used in WEB-INF/classes                policies/himss-policy.xml                    Â