Implementing a XACML editor based on an existing XML editor as a plugin
https://stackoverflow.com/questions/6371733
-
28-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianسؤال
Here's what I was thinking of this morning:
I need to define a lot of XACML Policies (which is an XML application) at the moment. So far I've used the XML-Editor supplied with Eclipse and defined some templates to make things easier. This works pretty well but some things could be improved:
- it would be nice if the content assist would only suggest templates which are actually allowed at the point where I want to insert them
- another neat feature would be to have a list of valid attribute values when I "tab" to the placedholder defined in the template
Is this actually possible? I've read somewhere here that you can define your own template variables programmatically, which could maybe solve the first problem I have.
المحلول
WSO2 Identity Server is a open source entitlement engine which is based on the sunxacml. WSO2 Identity Server contains a nice XACML UI policy editor which can be easily used to create complex XACML policies.. I think it is better to try it by yourself. User dont want to have much knowledge on XACML to define those policies. But still you want to define the attribute values by manual process. Also It has a PIP layer to plug any attribute finder module with it. Therefore you are able to find your attribute from any database, LDAP user store , web services and many more .... Also there are decision caching, policy caching and PIP level attribute caching to improve the performance. You can download the WSO2 Identity Server from http://wso2.org/ and refer the implementation source code from https://svn.wso2.org/repos/wso2/trunk/carbon/components/identity/
نصائح أخرى
You could also consider the ALFA plugin for Eclipse which is a free plugin. It moves away from the XML notation of XACML and uses a pseudo-code language called ALFA (Axiomatics Language for Authorization). ALFA is easier to understand, read, and write. Here's an example:
/**
* A user can edit a document he/she owns
*/
policy editDoc{
target clause actionId=="edit" and resourceType=="document"
apply firstApplicable
rule ownersCanEdit{
permit
condition document.owner==user.userId
}
}
You can download the plugin for free from here.
