Re: [sunxacml-discuss] PolicyFinderModule.java
Brought to you by:
farrukh_najmi,
sethp
Menu
▾
▴
Re: [sunxacml-discuss] PolicyFinderModule.java
|
From: Muhammad M. A. <Muh...@ui...> - 2005-03-17 09:12:33
|
Dear seth, in the following i am writing the flow of the program that i noticed n = try to explain the methods that i dont understand for what purpose = included or where called ? 1. FilePolicyModule.java basically add the policies to the filenames (v) = from all the polcies from the command line. Comment : I think that inorder to execute the RBAC paradigm, we can = specify a directory that contains the Role policy sets there instead of = command line policy description.Also as in the FilePolicyModule.java = there is no implemenation for the method isReferenceSupported(), we can = implement from the super abstract class PolicyFinderModule.java n thats = it am i right ?? i means just addding one method more in the = FilePolicyModule.java will b sufficient to support policy referencing = specially when referenced (permission) policies are not in the same = directory ?? 2. PolicyFiner object is created n = PolicyFinder.setModules(policymodules) is called, i.e. set of policy = names are added to another set n sent to PolicyFinder.setModules Comment : Still the actual policy is not loaded, only they have their = names in the set, n PolicyFinder.setModules() contains two checks to see = that if isRequestSupported() n isReferenceSupported() then add this set = to requestModules n referenceModules sets as well. 3. PolicyFinder.init () is called from PDP which initizes the policies. = here it also calls the init() method of the FilePolicyModule by having = a call to module.init(this). 4. init() method of the FilePolicyModule.java loads the policies with = the specified names . Comment: There is a method inside FilePolicyModule.java findpolicy(..) , = for what purpose this method is used there. ?? as there are already two = methods defined in PolicyFinder.java for finding polcies, one with = EvaluationContext n 2nd with URI n type. 2ndly where these findPolicy = methods are called i means from where, i tried to point out, but i was = not successful, may b i can try debugging step by step, but am i = perciveng the correct flow of control ?? Handling of the Role Policy set can be handled by FilePolicyModule.java = agreed ?? , what about permission references in the Role Policy Set = specially if permission files are in some other directory , which method = i hve to change, n also if i want to enforce the perority for negative = permission always computed first. with Best regards Muhammad. |
