.. This work is licensed under a Creative Commons Attribution 4.0 International License. .. _xacmltutorial-label: Policy XACML - Custom Application Tutorial ########################################## .. toctree:: :maxdepth: 3 This tutorial shows how to build a XACML application for a Policy Type. Please be sure to clone the policy repositories before going through the tutorial. See :ref:`policy-development-tools-label` for details. Design a Policy Type ******************** Follow :ref:`TOSCA Policy Primer ` for more information. For the tutorial, we will use this example Policy Type in which an ONAP PEP client would like to enforce an action **authorize** for a *user* to execute a *permission* on an *entity*. `See here for latest Tutorial Policy Type `_. .. literalinclude:: tutorial/tutorial-policy-type.yaml :language: yaml :caption: Example Tutorial Policy Type :linenos: We would expect then to be able to create the following policies to allow the demo user to Read/Write an entity called foo, while the audit user can only read the entity called foo. Neither user has Delete permission. `See here for latest Tutorial Policies `_. .. literalinclude:: tutorial/tutorial-policies.yaml :language: yaml :caption: Example Policies Derived From Tutorial Policy Type :linenos: Design Decision Request and expected Decision Response ****************************************************** For the PEP (Policy Enforcement Point) client applications that call the Decision API, you need to design how the Decision API Request resource fields will be sent via the PEP. .. literalinclude:: tutorial/tutorial-decision-request.json :language: JSON :caption: Example Decision Request :linenos: For simplicity, this tutorial expects only a *Permit* or *Deny* in the Decision Response. However, one could customize the Decision Response object and send back whatever information is desired. .. literalinclude:: tutorial/tutorial-decision-response.json :language: JSON :caption: Example Decision Response :linenos: Create A Maven Project ********************** Use whatever tool or environment to create your application project. This tutorial assumes you use Maven to build it. Add Dependencies Into Application pom.xml ***************************************** Here we import the XACML PDP Application common dependency which has the interfaces we need to implement. In addition, we are importing a testing dependency that has common code for producing a JUnit test. .. code-block:: java :caption: pom.xml dependencies org.onap.policy.xacml-pdp.applications common 2.3.3 org.onap.policy.xacml-pdp xacml-test 2.3.3 test Create META-INF to expose Java Service ************************************** The ONAP XACML PDP Engine will not be able to find the tutorial application unless it has a property file located in src/main/resources/META-INF/services that contains a property file declaring the class that implements the service. The name of the file must match **org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider** and the contents of the file is one line **org.onap.policy.tutorial.tutorial.TutorialApplication**. .. code-block:: java :caption: META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider org.onap.policy.tutorial.tutorial.TutorialApplication Create A Java Class That Extends **StdXacmlApplicationServiceProvider** *********************************************************************** You could implement **XacmlApplicationServiceProvider** if you wish, but for simplicity if you just extend **StdXacmlApplicationServiceProvider** you will get a lot of implementation done for your application up front. All that needs to be implemented is providing a custom translator. .. code-block:: java :caption: Custom Tutorial Application Service Provider :emphasize-lines: 6 package org.onap.policy.tutorial.tutorial; import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator; import org.onap.policy.pdp.xacml.application.common.std.StdXacmlApplicationServiceProvider; public class TutorialApplication extends StdXacmlApplicationServiceProvider { @Override protected ToscaPolicyTranslator getTranslator(String type) { // TODO Auto-generated method stub return null; } } Override Methods for Tutorial ***************************** Override these methods to differentiate Tutorial from other applications so that the XACML PDP Engine can determine how to route policy types and policies to the application. .. code-block:: java :caption: Custom Tutorial Application Service Provider package org.onap.policy.tutorial.tutorial; import java.util.Arrays; import java.util.List; import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicyTypeIdentifier; import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator; import org.onap.policy.pdp.xacml.application.common.std.StdXacmlApplicationServiceProvider; public class TutorialApplication extends StdXacmlApplicationServiceProvider { private final ToscaPolicyTypeIdentifier supportedPolicyType = new ToscaPolicyTypeIdentifier(); @Override public String applicationName() { return "tutorial"; } @Override public List actionDecisionsSupported() { return Arrays.asList("authorize"); } @Override public synchronized List supportedPolicyTypes() { return Arrays.asList(supportedPolicyType); } @Override public boolean canSupportPolicyType(ToscaPolicyTypeIdentifier policyTypeId) { return supportedPolicyType.equals(policyTypeId); } @Override protected ToscaPolicyTranslator getTranslator(String type) { // TODO Auto-generated method stub return null; } } Create A Translation Class that extends the ToscaPolicyTranslator Class *********************************************************************** Please be sure to review the existing translators in the policy/xacml-pdp repo to see if they could be re-used for your policy type. For the tutorial, we will create our own translator. The custom translator is not only responsible for translating Policies derived from the Tutorial Policy Type, but also for translating Decision API Requests/Responses to/from the appropriate XACML requests/response objects the XACML engine understands. .. code-block:: java :caption: Custom Tutorial Translator Class package org.onap.policy.tutorial.tutorial; import org.onap.policy.models.decisions.concepts.DecisionRequest; import org.onap.policy.models.decisions.concepts.DecisionResponse; import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy; import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException; import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator; import com.att.research.xacml.api.Request; import com.att.research.xacml.api.Response; import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; public class TutorialTranslator implements ToscaPolicyTranslator { public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException { // TODO Auto-generated method stub return null; } public Request convertRequest(DecisionRequest request) { // TODO Auto-generated method stub return null; } public DecisionResponse convertResponse(Response xacmlResponse) { // TODO Auto-generated method stub return null; } } Implement the TutorialTranslator Met

# Copyright © 2017 Amdocs, Bell Canada
#
# Li