[Jboss-dev-forums] [Design of Security on JBoss] - XACML Integration in JBoss 5.0

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Now that the following JIRA issues have been resolved, I want to update the community about XACML Integration with the web and ejb layers.

http://jira.jboss.com/jira/browse/JBAS-2673
http://jira.jboss.com/jira/browse/JBAS-3324

I have the first cut of xacml 2.0 integrated with the web and the ejb layers in jboss 5.0 (Branch: HEAD). There is scope for integration with other layers (on demand). 

Utilized the Open Source Sun XACML project as the integration foundation (Policy Decision Point).  Given this, we basically needed a mechanism to generate the XACML requests, because the parsing of the xacml policy files were taken care of by the foundation(SunXACML).

We have a XACMLPolicyModule that can be plugged into the authorization framework and this can take an injected delegate map based on the layers (Resource.WEB and Resource.EJB  or whatever). The delegates for the layer are the Policy Enforcement Points (PEP) that take in the information that is provided via the contextual map of the Resource interfacehttp://fisheye.jboss.com/viewrep/JBoss/jbosssx/src/main/org/jboss/security/authorization/Resource.java
and build the xacml request.

At the current level of integration, an xacml policy file is located by the presence of "jboss-xacml-policy.xml" in the WEB-INF/META-INF of your web/ejb deployment.

As always there is scope for improvement and based on advanced user needs, we will work on the xacml layer.

In the future, I would like to refactor the layer to provide pluggable PDP.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3956277#3956277

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3956277