I was wondering whether sunxacml has namespace support. I have a number of policy files that correctly conform to schema (access_control-xacml-2.0-policy-schema-os.xsd) but include a namespace, e.g. <os:Policy xmlns:os="urn:oasis:names:tc:xacml:2.0:policy:schema:os">. I am dealing with various XML documents from different sources using different namespaces. Since sunxacl assumes a xmlns without a prefix (<Policy xmlns=",urn:oasis:names:tc:xacml:2.0:policy:schema:os">), this messes up the (web-based) application I am currently working on. Testing these policy files with a sample request utterly fails with sunxacml. Without the namespace, everything works exactly right and decisions made by the PDP are correct.
Looking through the code, I noticed that always 'getNodeName()' or 'getTagName()' is employed to get to the name of a node. It probably would have better to use 'getLocalName()' instead which returns the name of the element without a prefix. I replaced a few getNodeName() and getTagName() and I can get rid of a number of exceptions (e.g. in PolicyReader.java and Policy.java).
Is there another way to tell sunxacml to honor namespaces, or is the only solution to simply change all getTagName(), getNodeName(), etc to getLocalName(). The latter seems feasible as the number of getTageName and getNodeName statements is not that high.
Thanks,
Andre
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
I was wondering whether sunxacml has namespace support. I have a number of policy files that correctly conform to schema (access_control-xacml-2.0-policy-schema-os.xsd) but include a namespace, e.g. <os:Policy xmlns:os="urn:oasis:names:tc:xacml:2.0:policy:schema:os">. I am dealing with various XML documents from different sources using different namespaces. Since sunxacl assumes a xmlns without a prefix (<Policy xmlns=",urn:oasis:names:tc:xacml:2.0:policy:schema:os">), this messes up the (web-based) application I am currently working on. Testing these policy files with a sample request utterly fails with sunxacml. Without the namespace, everything works exactly right and decisions made by the PDP are correct.
Looking through the code, I noticed that always 'getNodeName()' or 'getTagName()' is employed to get to the name of a node. It probably would have better to use 'getLocalName()' instead which returns the name of the element without a prefix. I replaced a few getNodeName() and getTagName() and I can get rid of a number of exceptions (e.g. in PolicyReader.java and Policy.java).
Is there another way to tell sunxacml to honor namespaces, or is the only solution to simply change all getTagName(), getNodeName(), etc to getLocalName(). The latter seems feasible as the number of getTageName and getNodeName statements is not that high.
Thanks,
Andre