Re: [sunxacml-discuss] PolicyFinderModule.java
Brought to you by:
farrukh_najmi,
sethp
Menu
▾
▴
Re: [sunxacml-discuss] PolicyFinderModule.java
|
From: Seth P. <Set...@Su...> - 2005-03-18 19:42:11
|
Hi Muhammad. Forgive my slowness in getting back to you...I've been=20 trying to catch up (in order) to the mail on this list, but the last=20 week has left me little time to do so... Anyway, rather than respond to each specific question, I have a couple=20= general commnts. First, the FilePolicyModule class is just provided as an example. It's=20= there to get people started, and to support the SimplePDP class. It's=20 not supposed to support more than a few basic features. In the next=20 release the hope is to have several modules as samples, but that's not=20= there yet. Second, the FPM class does not support references. This is pretty well=20= documented and has been discussed on this list before. Could it be=20 modified to support references? Yes, but I'm not going to do so (see=20 the previous paragraph). If you want to support references, you'll need=20= to do more than just implement the isReferenceSupported() method.=20 You'll also need to implement the findPolicy method that supplies=20 references. If you want to see an example of this, you should look at=20 the sample code in the 1.2 release, where there is an example of a=20 module that supports references. Also, in the test code, there is a=20 module that supports references, but of course it's not provided as a=20 tutorial so it's probably a less clear example. Finally, I'm not clear exactly what all your comments about the PFM=20 were about. Were you trying to ask specific questions about the=20 PolicyFinderModule API, or were you trying to learn something else? I'm=20= happy to take another shot at answering them, but I'm just sure exactly=20= what you're asking. It looks like you were just documenting the FPM=20 class, but I could be wrong.. Now, to one of your specific questons I can answer :) =A0 > Handling of the Role Policy set can be handled by=20 > FilePolicyModule.java agreed ?? , what about permission references in=20= > the Role Policy Set specially if permission files are in some other=20 > directory , which method i hve to change, n also if i want to enforce=20= > the perority for negative permission always computed first. Yes, all this can be handled. You need to write a new module to handle=20= the referencing, but the rest is just a matter of how you implement=20 your policies. In terms of handling files in different directories,=20 that's just an implementation of how you decide to support references. seth |
