1) Introducing Apache OpenAz
The XACML functionality in Apache CXF is based on OpenSAML, which provides support for XACML 2.0. However, XACML 3.0 is an OASIS standard as of January, 2013. A new project in the Apache Incubator called Apache OpenAz addresses this gap. The source code is broken down into the following modules:
- openaz-xacml - API + common functionality.
- openaz-xacml-rest - Some common functionality used by the RESTful API interfaces
- openaz-xacml-pdp - A PDP implementation
- openaz-xacml-pdp-rest - An implementation of the XACML 3.0 RESTful Interface for the PDP
- openaz-xacml-pap-rest - An implementation of the XACML 3.0 RESTful Interface for the PAP
- openaz-xacml-test - Some testsuites
- openax-pep - The PEP (Policy Enforcement Point) implementation.
The testcases are available here:
- cxf-sts-xacml: This project contains a number of tests that show how to use XACML with CXF to authorize a client request. It contains both XACML 2.0 tests and XACML 3.0 tests.
The service endpoint is configured in Spring as follows, registering a XACML3AuthorizingInterceptor (which in turn contains a reference to the co-located PDP):