Policy for XACML Attribute Locator examples
Let us use a single policy for the two examples below:      XACML 2.0 Interop Example Policy 02: Only allow a customer whose id matches the      account owner-id to access the account and only if the account status is active.      Only allow trades that have value within credit-line and trade-limit restrictions.                                                                                                                                                                                                                                                                                                                       XACML 2.0 Interop Example Rule 02: Only allow a customer whose id matches the        account owner-id to access the account and only if the account status is active.                                                                                                                                                                                                                                                    This Policy is permit-overrides, therefore if a rule above evaluated to      Permit this Rule will be skipped. However, if no Permit was obtained, this      Rule evaluates to true and so produces a Deny. Therefore evaluation of this      Policy results in either a Permit or Deny which is the intended effect.                                                           We will have a common db.properties:  In this example, I am using HSQL.  The Tomcat JDBCRealm page has some good details on how the following properties file may look for various databases.  driverName=org.hsqldb.jdbcDriver connectionURL=jdbc:hsqldb:target/XACMLDBAttributeLocator