How to generate XACML policies ? Generating XACML (2.0) policies using Picketbox API (formerly known as Jboss)
XACML stands for eXtensible Access Control Markup Language. The standard defines a declarative access control policy language implemented in XML and a processing model describing how to evaluate access requests according to the rules defined in policies (Source: Wikipedia). This article is particularly about generating XACML based security polices so, I am assuming that you have basic understanding of XACML architecture, its components and tags.
Frankly speaking, I was not able to find a simple program (code), that can generate a policy on one click. This consumed a lot of my time and often made me frustrated. Although, there are few implementations of XACML e.g WSO2 provides a complete XACML based server that can not only generate a security policy but can also evaluate it. I would recommend people to use it. You can find its details over here. But WS02 server is complex to understand and requires a lot of settings before it comes to a running state. Also, to build your custom access control model you may need to code yourself. So, to address these issues and save your time (yes, your time) I am making this post which specifically talks about generating XACML policies on one click.
We will be using Picketbox (Jboss) API for implementation of XACML. The project will be build using Eclipse IDE, running Windows 7 Ultimate (x64) and the language used will be Java. Make sure you have JAVA JDK installed on your system, you can download latest JDK from here. Now lets generate a policy:
1. Download Eclipse from their official website and run it.
2. I m using Eclipse Kepler Java EE version.
3. Go to File —> New Project —> Other —> Java Project. Specify a name, Click next and then finish.
4. A project will be created
5. Since we are using Picketbox API, so we need to import there libraries/JAR files. Download JAR files from here. To import JAR files, right click on the project —> navigate to Build Path —> and click on Configure Build Path.
6. A new window will pop up, click on “Add External JARs”
8. You will see the JARs imported in your project.
10. Copy the source code from this file source_code_JAVA and paste it the class you have just created.
11. Now again, right click on the project, navigate to Run and click on “Run as Java Application”.
12. On successful run, a policy will be generated which will be displayed to console and saved in D drive. You can find this generated security policy here: simple_policy_XML
This is it, I hope this post helps you in configuring Picketbox API for generating XACML policies. In my next post I will provide you guidance about Policy Decision Point (PDP) which basically evaluates a security policy. Feel free to ask questions. Ciao.