http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_deny_D1.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_deny_D1.xml b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_deny_D1.xml new file mode 100755 index 0000000..7a3ea98 --- /dev/null +++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_deny_D1.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:82e231ef-24c4-42d7-90da-cdcb1fc2e965" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"> + <Description></Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Bart</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:xacml:rule:id:274963c8-a178-48dd-892d-7f53cd7dfbc8" Effect="Deny"> + <Target/> + <ObligationExpressions> + <ObligationExpression ObligationId="com:obligation:deny:D1" FulfillOn="Deny"/> + </ObligationExpressions> + </Rule> +</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_deny_D2.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_deny_D2.xml b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_deny_D2.xml new file mode 100755 index 0000000..75e6e40 --- /dev/null +++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_deny_D2.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:eb9ea623-f64f-4cb6-a8c0-9c2b934bf11e" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"> + <Description></Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>write</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:xacml:rule:id:dfa632c1-0b8e-4f67-8c05-4e3b654102e4" Effect="Deny"> + <Target/> + <ObligationExpressions> + <ObligationExpression ObligationId="com:obligation:deny:D2" FulfillOn="Deny"/> + </ObligationExpressions> + </Rule> +</Policy> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_na.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_na.xml b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_na.xml new file mode 100755 index 0000000..7deacb8 --- /dev/null +++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_na.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:6ca0abaf-151e-4da4-a105-1a7cf067db84" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"> + <Description></Description> + <Target/> +</Policy> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_no_match.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_no_match.xml b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_no_match.xml new file mode 100755 index 0000000..a3dbdf4 --- /dev/null +++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_no_match.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:7df0ff38-76e6-4eb5-bf17-e1f54e94b0e7" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"> + <Description></Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:date-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date";>2014-01-01</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-date" DataType="http://www.w3.org/2001/XMLSchema#date"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> +</Policy> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_permit_P1.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_permit_P1.xml b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_permit_P1.xml new file mode 100755 index 0000000..57b1ad2 --- /dev/null +++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_permit_P1.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:4a897a3a-d874-4eb7-b351-5075c093bb8b" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"> + <Description></Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Homer</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:xacml:rule:id:0861ebc7-7560-4df1-aee5-db50012dc740" Effect="Permit"> + <Target/> + <ObligationExpressions> + <ObligationExpression ObligationId="com:obligation:permit:P1" FulfillOn="Permit"/> + </ObligationExpressions> + </Rule> +</Policy> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_permit_P2.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_permit_P2.xml b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_permit_P2.xml new file mode 100755 index 0000000..c86b03b --- /dev/null +++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_permit_P2.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:4cb8e62f-62a0-43bd-a43d-311d4451536f" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"> + <Description></Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:xacml:rule:id:5190a218-2f01-4723-ad30-b9d011d21a15" Effect="Permit"> + <Target/> + <ObligationExpressions> + <ObligationExpression ObligationId="com:obligation:permit:P2" FulfillOn="Permit"/> + </ObligationExpressions> + </Rule> +</Policy> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.01.Permit.json ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.01.Permit.json b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.01.Permit.json new file mode 100755 index 0000000..e69f4c3 --- /dev/null +++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.01.Permit.json @@ -0,0 +1,28 @@ +{ + "Request" : { + "AccessSubject" : { + "Attribute" : [ + { + "Value" : "Homer", + "AttributeId" : "urn:oasis:names:tc:xacml:1.0:subject:subject-id" + } + ] + }, + "Action" : { + "Attribute" : [ + { + "Value" : "write", + "AttributeId" : "urn:oasis:names:tc:xacml:1.0:action:action-id" + } + ] + }, + "Resource" : { + "Attribute" : [ + { + "Value" : "foo bar", + "AttributeId" : "urn:oasis:names:tc:xacml:1.0:resource:resource-id" + } + ] + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.02.Permit.json ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.02.Permit.json b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.02.Permit.json new file mode 100755 index 0000000..56f8073 --- /dev/null +++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.02.Permit.json @@ -0,0 +1,28 @@ +{ + "Request" : { + "AccessSubject" : { + "Attribute" : [ + { + "Value" : "Bart", + "AttributeId" : "urn:oasis:names:tc:xacml:1.0:subject:subject-id" + } + ] + }, + "Action" : { + "Attribute" : [ + { + "Value" : "read", + "AttributeId" : "urn:oasis:names:tc:xacml:1.0:action:action-id" + } + ] + }, + "Resource" : { + "Attribute" : [ + { + "Value" : "HOF", + "AttributeId" : "urn:oasis:names:tc:xacml:1.0:resource:resource-id" + } + ] + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.03.Permit.json ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.03.Permit.json b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.03.Permit.json new file mode 100755 index 0000000..7836028 --- /dev/null +++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.03.Permit.json @@ -0,0 +1,28 @@ +{ + "Request" : { + "AccessSubject" : { + "Attribute" : [ + { + "Value" : "Homer", + "AttributeId" : "urn:oasis:names:tc:xacml:1.0:subject:subject-id" + } + ] + }, + "Action" : { + "Attribute" : [ + { + "Value" : "read", + "AttributeId" : "urn:oasis:names:tc:xacml:1.0:action:action-id" + } + ] + }, + "Resource" : { + "Attribute" : [ + { + "Value" : "HOF", + "AttributeId" : "urn:oasis:names:tc:xacml:1.0:resource:resource-id" + } + ] + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.04.Deny.json ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.04.Deny.json b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.04.Deny.json new file mode 100755 index 0000000..792781a --- /dev/null +++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.04.Deny.json @@ -0,0 +1,28 @@ +{ + "Request" : { + "AccessSubject" : { + "Attribute" : [ + { + "Value" : "Bart", + "AttributeId" : "urn:oasis:names:tc:xacml:1.0:subject:subject-id" + } + ] + }, + "Action" : { + "Attribute" : [ + { + "Value" : "execute", + "AttributeId" : "urn:oasis:names:tc:xacml:1.0:action:action-id" + } + ] + }, + "Resource" : { + "Attribute" : [ + { + "Value" : "foo bar", + "AttributeId" : "urn:oasis:names:tc:xacml:1.0:resource:resource-id" + } + ] + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.05.Deny.json ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.05.Deny.json b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.05.Deny.json new file mode 100755 index 0000000..a312cfe --- /dev/null +++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.05.Deny.json @@ -0,0 +1,28 @@ +{ + "Request" : { + "AccessSubject" : { + "Attribute" : [ + { + "Value" : "Lisa", + "AttributeId" : "urn:oasis:names:tc:xacml:1.0:subject:subject-id" + } + ] + }, + "Action" : { + "Attribute" : [ + { + "Value" : "write", + "AttributeId" : "urn:oasis:names:tc:xacml:1.0:action:action-id" + } + ] + }, + "Resource" : { + "Attribute" : [ + { + "Value" : "foo bar", + "AttributeId" : "urn:oasis:names:tc:xacml:1.0:resource:resource-id" + } + ] + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.06.Deny.json ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.06.Deny.json b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.06.Deny.json new file mode 100755 index 0000000..35be36b --- /dev/null +++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.06.Deny.json @@ -0,0 +1,28 @@ +{ + "Request" : { + "AccessSubject" : { + "Attribute" : [ + { + "Value" : "Bart", + "AttributeId" : "urn:oasis:names:tc:xacml:1.0:subject:subject-id" + } + ] + }, + "Action" : { + "Attribute" : [ + { + "Value" : "write", + "AttributeId" : "urn:oasis:names:tc:xacml:1.0:action:action-id" + } + ] + }, + "Resource" : { + "Attribute" : [ + { + "Value" : "foo bar", + "AttributeId" : "urn:oasis:names:tc:xacml:1.0:resource:resource-id" + } + ] + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/xacml.properties ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/xacml.properties b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/xacml.properties new file mode 100755 index 0000000..f984ec7 --- /dev/null +++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/xacml.properties @@ -0,0 +1,46 @@ +# +# Default XACML Properties File +# Standard API Factories +# +xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory +xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory +xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory +xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory +xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory + +# +# AT&T PDP Implementation Factories +# +xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory +xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory +xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory +xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory + +# +# When set to true, this flag tells the StdPolicyFinderFactory to combined all the root policy files into +# into one PolicySet and use the given Policy Algorithm. +# +xacml.att.policyFinderFactory.combineRootPolicies=urn:com:att:xacml:3.0:policy-combining-algorithm:combined-permit-overrides + +# +# Set this as the algorithm and you will see request 03 and request 06 only return one obligation. +# +#xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:first-applicable + +# +# NOTE: If you are testing against a RESTful PDP, then the PDP must be configured with the +# policies and PIP configuration as defined below. Otherwise, this is the configuration that +# the embedded PDP uses. +# + +# Policies to load +# +#xacml.rootPolicies=p1,p2,d1,d2,na,indet +xacml.rootPolicies=p1,p2,d1,d2,na,no +p1.file=testsets/algorithms/combinedPermitOverrides/policy_permit_P1.xml +p2.file=testsets/algorithms/combinedPermitOverrides/policy_permit_P2.xml +d1.file=testsets/algorithms/combinedPermitOverrides/policy_deny_D1.xml +d2.file=testsets/algorithms/combinedPermitOverrides/policy_deny_D2.xml +na.file=testsets/algorithms/combinedPermitOverrides/policy_na.xml +no.file=testsets/algorithms/combinedPermitOverrides/policy_no_match.xml + http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/annotation/AnnotationPolicy.v1.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/annotation/AnnotationPolicy.v1.xml b/openaz-xacml-test/testsets/annotation/AnnotationPolicy.v1.xml new file mode 100755 index 0000000..ae838f4 --- /dev/null +++ b/openaz-xacml-test/testsets/annotation/AnnotationPolicy.v1.xml @@ -0,0 +1,44 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:att:xacml:policy:id:5b82db34-1613-4108-8973-93074182dd94" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"> + <Description>A sample policy to demonstrate use of annotations in a Java class.</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>www.mywebsite.com</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:att:xacml:rule:id:8b257f30-4e06-4c8e-8fb7-691b9534d55c" Effect="Permit"> + <Description>PERMIT - John can access it</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>John</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>ACCESS</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> + <Rule RuleId="urn:com:att:xacml:rule:id:4fe7c147-7811-4e30-a463-9135afb1cfc2" Effect="Deny"> + <Description>DENY - Ringo cannot</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Ringo</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> +</Policy> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/annotation/xacml.properties ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/annotation/xacml.properties b/openaz-xacml-test/testsets/annotation/xacml.properties new file mode 100755 index 0000000..dfa16e7 --- /dev/null +++ b/openaz-xacml-test/testsets/annotation/xacml.properties @@ -0,0 +1,37 @@ +# +# Properties that the embedded PDP engine uses to configure and load +# +# Standard API Factories +# +xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory +xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory +xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory +xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory +xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory +# +# AT&T PDP Implementation Factories +# +xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory +xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory +xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory +xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory + +# +# NOTE: If you are testing against a RESTful PDP, then the PDP must be configured with the +# policies and PIP configuration as defined below. Otherwise, this is the configuration that +# the embedded PDP uses. +# + +# Policies to load +# +xacml.rootPolicies=annotations +annotations.file=testsets/annotation/AnnotationPolicy.v1.xml + +# PIP Engine Definition +# +xacml.pip.engines= + +# +# These properties are for an attribute generator to build into requests. +# +#xacml.attribute.generator= http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml-perf.properties ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml-perf.properties b/openaz-xacml-test/testsets/conformance/xacml-perf.properties new file mode 100755 index 0000000..75b9639 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml-perf.properties @@ -0,0 +1,30 @@ +# Default XACML Properties File +# Standard API Factories +# +xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory +xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory +xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory +xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory +#xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory + +# If there is a standard set of PIPEngines: +# xacml.pip.engines=engine1,engine2,...,engineN +# engine1.classname=com.att.research.xacmlpip.OraclePIP +# engine1.prop1=foo +# engine1.prop2=bar +# ... +# engine2.classname=com.att.research.xacmlpip.ActiveDirectoryPIP +# ... +#xacml.pip.engines=ConformancePIPEngine +ConformancePIPEngine.classname=com.att.research.xacmlatt.pdp.test.conformance.ConformancePIPEngine +ConformancePIPEngine.file=testsets/conformance/xacml3.0-ct-v.0.4/PIP.txt + +# AT&T PDP Implementation Factories +# +xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory +xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory +xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory +xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory + +# If there is a standard policy for the engine: +# xacml.att.stdPolicyFinderFactory.rootPolicyFile=/etc/stdpolicyset.xml http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml.properties ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml.properties b/openaz-xacml-test/testsets/conformance/xacml.properties new file mode 100755 index 0000000..5114d0c --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml.properties @@ -0,0 +1,30 @@ +# Default XACML Properties File +# Standard API Factories +# +xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory +xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory +xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory +xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory +#xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory + +# If there is a standard set of PIPEngines: +# xacml.pip.engines=engine1,engine2,...,engineN +# engine1.classname=com.att.research.xacmlpip.OraclePIP +# engine1.prop1=foo +# engine1.prop2=bar +# ... +# engine2.classname=com.att.research.xacmlpip.ActiveDirectoryPIP +# ... +xacml.pip.engines=ConformancePIPEngine +ConformancePIPEngine.classname=com.att.research.xacmlatt.pdp.test.conformance.ConformancePIPEngine +ConformancePIPEngine.file=testsets/conformance/xacml3.0-ct-v.0.4/PIP.txt + +# AT&T PDP Implementation Factories +# +xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory +xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory +xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory +xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory + +# If there is a standard policy for the engine: +# xacml.att.stdPolicyFinderFactory.rootPolicyFile=/etc/stdpolicyset.xml
