[XML Security Suite]

How to use the XACL package

API

How to use the XACL processor?

Here is a pseudo code describing how to use it. 

import org.w3c.dom.*;
import com.ibm.xml.policy.xacl.*;
public class Test{
  public static void main(String[] argv) 
    {
    //Create access request, target, policy, status
    Element accessReq=.....
    Document target=.....
    Element policy=.....
    Element status=.....
    
    //Create hierarchy objects
    Hierarchy role_hierarchy=...
    Hierarchy group_hierarchy=...
    //Enforce the policy
    Processor xp=new Processor();
    DecisionList decisionList;
    try{
      decisionList=xp.process(accessReq, 
                        target, 
                        policy, 
                        status,
                        role_hierarchy,
                        group_hierarchy);
    }catch(Exception e){
      ...
    }
    Document dl = decisionList.getDocument();
  }
}

Sample Code

Here is a sample code SampleXACLProcessor.java. It constructs access request, target document, policy, and status from specified files, and enforce the policy. You can compile and run it as follows:

  1. Compile:

    Change the active directory to the samples directory that is just below the directory where you installed this package. For example, if you installed it in E:/xss4j, you would use the following command:

    E:/xss4j>cd samples

    Next, execute the following command (on one line):

    E:/xss4j/samples >javac xacl/SampleXACLProcessor.java

    This compiles the source code and generates a class file SampleXACLProcessor.class. Add this class file to your classpath.

  2. Run:

    Change the active directory to the data/xacldata directory that is just below the directory where you installed this package. For example, if you installed it in E:/xss4j, you would use the following command:

    E:/xss4j>cd data/xacldata

    Next, execute the following command (on one line):

    E:/xss4j/data/xacldata >java xacl.SampleXACLProcessor ex1_request1.xml ex1_target.xml ex1_policy.xml ex1_status.xml

    You can see the decision list in your console.

Plug-In

How to add new functions, predicates, and provisional actions? The current version supports several functions, predicates, and provisional actions. The list of them is here. Application developers can implement application-specific functions, predicates, and provisional actions by implementing the corresponding Java interfaces, i.e., FunctionInterface, PredicateInferface, and ProvisionalActionInteraface in the com.ibm.xml.policy.xacl package, respectively.

[ IBM | alphaWorks | XML Security Suite | Discussion about XML Security Suite ]
Michiharu Kudo
Satoshi Hada
Last modified: April 2, 2002