PEPs are an important component of any Policy based infrastructure. PEPs are needed to construct the policy requests to be passed to the PDPs for evaluation.

JBossXACML provides an object model that is based on JAXB v2.0 and later, to construct XACML Policy requests. The package org.jboss.security.xacml.core.model.context contains the object classes. Please make a note of this package used for building request and responses. This is different from the package used for policy construction. There may be types that have the same name in the two different packages.

There is a utility factory class that can be used to construct the various attributes of the Request. The class is org.jboss.security.xacml.factories.RequestAttributeFactory.

An example of construction of XACML Request is shown below:

import java.io.InputStream;

import junit.framework.TestCase;

import org.jboss.security.xacml.core.JBossPDP;
import org.jboss.security.xacml.core.model.context.ActionType;
import org.jboss.security.xacml.core.model.context.AttributeType;
import org.jboss.security.xacml.core.model.context.EnvironmentType;
import org.jboss.security.xacml.core.model.context.RequestType;
import org.jboss.security.xacml.core.model.context.ResourceType;
import org.jboss.security.xacml.core.model.context.SubjectType;
import org.jboss.security.xacml.factories.RequestAttributeFactory;
import org.jboss.security.xacml.factories.RequestResponseContextFactory;
import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
import org.jboss.security.xacml.interfaces.RequestContext;
import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.test.security.xacml.factories.util.XACMLTestUtil;

public void testInteropTestWithObjects() throws Exception
   {
      ClassLoader tcl = Thread.currentThread().getContextClassLoader();
      InputStream is = 
tcl.getResourceAsStream("test/config/interopPolicySetConfig.xml");
      assertNotNull("InputStream != null", is);
      PolicyDecisionPoint pdp = new JBossPDP(is);
      assertNotNull("JBossPDP is != null", pdp); 

      assertEquals("Case 1 should be deny", XACMLConstants.DECISION_DENY,
            XACMLTestUtil.getDecision(pdp,
         getRequestContext("false","false",10)));
      assertEquals("Case 2 should be deny", XACMLConstants.DECISION_PERMIT,
            XACMLTestUtil.getDecision(pdp,
getRequestContext("false","false",1)));
      assertEquals("Case 3 should be deny", XACMLConstants.DECISION_PERMIT,
            XACMLTestUtil.getDecision(pdp,
getRequestContext("true","false",5)));
      assertEquals("Case 4 should be deny", XACMLConstants.DECISION_DENY,
            XACMLTestUtil.getDecision(pdp,
getRequestContext("false","false",9)));
      assertEquals("Case 5 should be deny", XACMLConstants.DECISION_DENY,
            XACMLTestUtil.getDecision(pdp,
getRequestContext("true","false",10)));
      assertEquals("Case 6 should be deny", XACMLConstants.DECISION_DENY,
            XACMLTestUtil.getDecision(pdp,
getRequestContext("true","false",15)));
      assertEquals("Case 7 should be deny", XACMLConstants.DECISION_PERMIT,
            XACMLTestUtil.getDecision(pdp,
getRequestContext("true","true",10)));  
   }
   
private RequestContext getRequestContext(String reqTradeAppr, String reqCreditAppr,
         int buyPrice) throws Exception
   {
      RequestType request = new RequestType();
      request.getSubject().add(
createSubject(reqTradeAppr,reqCreditAppr,buyPrice));
      request.getResource().add(createResource());
      request.setAction(createAction());
      request.setEnvironment( new EnvironmentType());
      
      RequestContext requestCtx = 
RequestResponseContextFactory.createRequestCtx();
      requestCtx.setRequest(request);
      if(debug)
        requestCtx.marshall(System.out);
      
      return requestCtx;
   } 
   
   
   private SubjectType createSubject(String reqTradeAppr, 
String reqCreditAppr,
         int buyPrice)
   {
      //Create a subject type
      SubjectType subject = new SubjectType();
      subject.setSubjectCategory(
"urn:oasis:names:tc:xacml:1.0:subject-category:access-subject");
      //create the subject attributes
      AttributeType attSubjectID = 
RequestAttributeFactory.createStringAttributeType(
            "urn:oasis:names:tc:xacml:1.0:subject:subject-id",
            "xacml20.interop.com", "123456"); 
      subject.getAttribute().add(attSubjectID);
      
      AttributeType attUserName = 
RequestAttributeFactory.createStringAttributeType(
                  "urn:xacml:2.0:interop:example:subject:user-name",
                 "xacml20.interop.com", "John Smith");
      subject.getAttribute().add(attUserName);
      
      AttributeType attBuyNumShares = 
RequestAttributeFactory.createIntegerAttributeType(
      "urn:xacml:2.0:interop:example:subject:buy-num-shares",
      "xacml20.interop.com", 1000);
      subject.getAttribute().add(attBuyNumShares); 
      
      AttributeType attBuyOfferShare = 
RequestAttributeFactory.createIntegerAttributeType(
      "urn:xacml:2.0:interop:example:subject:buy-offer-price",
      "xacml20.interop.com", buyPrice);
      subject.getAttribute().add(attBuyOfferShare);
       
      
      AttributeType attRequestExtCred = 
RequestAttributeFactory.createStringAttributeType(
      "urn:xacml:2.0:interop:example:subject:req-credit-ext-approval",
      "xacml20.interop.com", reqCreditAppr);
      subject.getAttribute().add(attRequestExtCred); 
      
      AttributeType attRequestTradeApproval = 
RequestAttributeFactory.createStringAttributeType(
      "urn:xacml:2.0:interop:example:subject:req-trade-approval",
      "xacml20.interop.com", reqTradeAppr);
      subject.getAttribute().add(attRequestTradeApproval);

     return subject;
   }
   
   public ResourceType createResource()
   {
      ResourceType resourceType = new ResourceType();
      
      AttributeType attResourceID = 
RequestAttributeFactory.createStringAttributeType(
      "urn:oasis:names:tc:xacml:1.0:resource:resource-id",
       "xacml20.interop.com", "CustomerAccount");
      resourceType.getAttribute().add(attResourceID);
      
      
      AttributeType attOwnerID = 
RequestAttributeFactory.createStringAttributeType(
      "urn:xacml:2.0:interop:example:resource:owner-id",
      "xacml20.interop.com", "123456");
      resourceType.getAttribute().add(attOwnerID);

      AttributeType attOwnerName = 
RequestAttributeFactory.createStringAttributeType(
      "urn:xacml:2.0:interop:example:resource:owner-name",
       "xacml20.interop.com", "John Smith");
      resourceType.getAttribute().add(attOwnerName);
      
      AttributeType attAccountStatus = 
RequestAttributeFactory.createStringAttributeType(
      "urn:xacml:2.0:interop:example:resource:account-status",
      "xacml20.interop.com", "Active");
      resourceType.getAttribute().add(attAccountStatus); 
      
      AttributeType attCreditLine = 
ReuestAttributeFactory.createIntegerAttributeType(
       "urn:xacml:2.0:interop:example:resource:credit-line",
       "xacml20.interop.com", 15000);
      resourceType.getAttribute().add(attCreditLine); 
      
      AttributeType attCurrentCredit = 
RequestAttributeFactory.createIntegerAttributeType(
       "urn:xacml:2.0:interop:example:resource:current-credit",
       "xacml20.interop.com", 10000);
      resourceType.getAttribute().add(attCurrentCredit); 
      
      AttributeType attTradeLimit = 
RequestAttributeFactory.createIntegerAttributeType(
      "urn:xacml:2.0:interop:example:resource:trade-limit",
       "xacml20.interop.com", 10000);
      resourceType.getAttribute().add(attTradeLimit); 
      return resourceType;
   }
   
   private ActionType createAction()
   {
      ActionType actionType = new ActionType();
      AttributeType attActionID = 
RequestAttributeFactory.createStringAttributeType(
      "urn:oasis:names:tc:xacml:1.0:action:action-id",
      "xacml20.interop.com", "Buy");
      actionType.getAttribute().add(attActionID);
      return actionType;
   }