Build XACML PDP support for native xacml policy type

Added a new native application to the service loader framework
Added a new translator for the native application
Added custom serialization providers for xacml+json and xacml+xml
Added a new endpoint for native xacml decision api
Added a new api provider function to handle the native xacml api calls
Added corresponding junit tests

Issue-ID: POLICY-2182
Change-Id: I30fa4637612c324d543f9952386cf1a27a52d76c
Signed-off-by: Chenfei Gao <cgao@research.att.com>

9 files changed, 510 insertions, 0 deletions

diff --git a/applications/native/pom.xml b/applications/native/pom.xml
new file mode 100644
index 00000000..f65a7d30
--- /dev/null
+++ b/applications/native/pom.xml
@@ -0,0 +1,28 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.onap.policy.xacml-pdp.applications</groupId>
+    <artifactId>applications</artifactId>
+    <version>2.2.0-SNAPSHOT</version>
+  </parent>
+
+  <artifactId>native</artifactId>
+
+  <name>${project.artifactId}</name>
+  <description>This modules contains the xacml application that evaluates native policies and requests.</description>
+  
+  <dependencies>
+      <dependency>
+          <groupId>org.onap.policy.xacml-pdp.applications</groupId>
+          <artifactId>common</artifactId>
+          <version>${project.version}</version>
+      </dependency>
+      <dependency>
+          <groupId>org.onap.policy.xacml-pdp</groupId>
+          <artifactId>xacml-test</artifactId>
+          <version>${project.version}</version>
+          <scope>test</scope>
+      </dependency>
+  </dependencies>
+
+</project>
\ No newline at end of file
diff --git a/applications/native/src/main/java/org/onap/policy/xacml/pdp/application/nativ/NativePdpApplication.java b/applications/native/src/main/java/org/onap/policy/xacml/pdp/application/nativ/NativePdpApplication.java
new file mode 100644
index 00000000..0d862d11
--- /dev/null
+++ b/applications/native/src/main/java/org/onap/policy/xacml/pdp/application/nativ/NativePdpApplication.java
@@ -0,0 +1,78 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP
+ * ================================================================================
+ * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.xacml.pdp.application.nativ;
+
+import com.att.research.xacml.api.Request;
+import com.att.research.xacml.api.Response;
+import java.util.Arrays;
+import java.util.List;
+import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicyTypeIdentifier;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator;
+import org.onap.policy.pdp.xacml.application.common.std.StdXacmlApplicationServiceProvider;
+
+/**
+ * This class implements an application that handles onap.policies.native.Xacml policies.
+ *
+ * @author Chenfei Gao (cgao@research.att.com)
+ *
+ */
+public class NativePdpApplication extends StdXacmlApplicationServiceProvider {
+
+    private static final ToscaPolicyTypeIdentifier supportedPolicyType = new ToscaPolicyTypeIdentifier(
+            "onap.policies.native.Xacml", "1.0.0");
+    private NativePdpApplicationTranslator translator = new NativePdpApplicationTranslator();
+
+    @Override
+    public String applicationName() {
+        return "native";
+    }
+
+    @Override
+    public List<String> actionDecisionsSupported() {
+        return Arrays.asList("native");
+    }
+
+    @Override
+    public synchronized List<ToscaPolicyTypeIdentifier> supportedPolicyTypes() {
+        return Arrays.asList(supportedPolicyType);
+    }
+
+    @Override
+    public boolean canSupportPolicyType(ToscaPolicyTypeIdentifier policyTypeId) {
+        return supportedPolicyType.equals(policyTypeId);
+    }
+
+    @Override
+    protected ToscaPolicyTranslator getTranslator(String type) {
+        return translator;
+    }
+
+    /**
+     * Makes decision for the incoming native xacml request.
+     * @param request the native xacml request
+     * @return the native xacml response
+     */
+    public Response makeNativeDecision(Request request) {
+        return this.xacmlDecision(request);
+    }
+}
diff --git a/applications/native/src/main/java/org/onap/policy/xacml/pdp/application/nativ/NativePdpApplicationTranslator.java b/applications/native/src/main/java/org/onap/policy/xacml/pdp/application/nativ/NativePdpApplicationTranslator.java
new file mode 100644
index 00000000..98a1c657
--- /dev/null
+++ b/applications/native/src/main/java/org/onap/policy/xacml/pdp/application/nativ/NativePdpApplicationTranslator.java
@@ -0,0 +1,112 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP
+ * ================================================================================
+ * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.xacml.pdp.application.nativ;
+
+import com.att.research.xacml.api.Request;
+import com.att.research.xacml.api.Response;
+import com.att.research.xacml.util.XACMLPolicyScanner;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.Map;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
+import org.onap.policy.models.decisions.concepts.DecisionRequest;
+import org.onap.policy.models.decisions.concepts.DecisionResponse;
+import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * This class implements one translator that interprets TOSCA policy and decision API request/response payload.
+ *
+ * @author Chenfei Gao (cgao@research.att.com)
+ *
+ */
+public class NativePdpApplicationTranslator implements ToscaPolicyTranslator {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(NativePdpApplicationTranslator.class);
+    private static final String POLICY = "policy";
+
+    public NativePdpApplicationTranslator() {
+        super();
+    }
+
+    @Override
+    public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
+        //
+        // Extract the Base64 encoded policy xml string and decode it
+        //
+        String encodedXacmlPolicy = getNativeXacmlPolicy(toscaPolicy);
+        String decodedXacmlPolicy;
+        try {
+            decodedXacmlPolicy = new String(Base64.getDecoder().decode(encodedXacmlPolicy), StandardCharsets.UTF_8);
+        } catch (IllegalArgumentException exc) {
+            throw new ToscaPolicyConversionException("error on Base64 decoding the native policy", exc);
+        }
+        LOGGER.debug("Decoded xacml policy {}",decodedXacmlPolicy);
+        //
+        // Scan the string and convert to xacml PolicyType
+        //
+        try (InputStream is = new ByteArrayInputStream(decodedXacmlPolicy.getBytes(StandardCharsets.UTF_8))) {
+            //
+            // Here we assume it is PolicyType, not PolicySetType
+            // PolicySetType will be addressed later
+            //
+            return (PolicyType) XACMLPolicyScanner.readPolicy(is);
+        } catch (IOException exc) {
+            throw new ToscaPolicyConversionException("Failed to read policy", exc);
+        }
+    }
+
+    private String getNativeXacmlPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
+
+        Map<String, Object> propertyMap = toscaPolicy.getProperties();
+        if (propertyMap.isEmpty() || !propertyMap.containsKey(POLICY)) {
+            throw new ToscaPolicyConversionException("no xacml native policy found in the tosca policy");
+        }
+
+        String nativePolicyString = propertyMap.get(POLICY).toString();
+        LOGGER.debug("Base64 encoded native xacml policy {}", nativePolicyString);
+        return nativePolicyString;
+    }
+
+    @Override
+    public Request convertRequest(DecisionRequest request) {
+        //
+        // We do nothing to DecisionRequest for native xacml application
+        //
+        return null;
+    }
+
+    @Override
+    public DecisionResponse convertResponse(Response xacmlResponse) {
+        //
+        // We do nothing to DecisionResponse for native xacml application
+        //
+        return null;
+    }
+}
\ No newline at end of file
diff --git a/applications/native/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider b/applications/native/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider
new file mode 100644
index 00000000..480ad05a
--- /dev/null
+++ b/applications/native/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider
@@ -0,0 +1 @@
+org.onap.policy.xacml.pdp.application.nativ.NativePdpApplication
\ No newline at end of file
diff --git a/applications/native/src/test/java/org/onap/policy/xacml/pdp/application/nativ/NativePdpApplicationTest.java b/applications/native/src/test/java/org/onap/policy/xacml/pdp/application/nativ/NativePdpApplicationTest.java
new file mode 100644
index 00000000..b25c2a31
--- /dev/null
+++ b/applications/native/src/test/java/org/onap/policy/xacml/pdp/application/nativ/NativePdpApplicationTest.java
@@ -0,0 +1,163 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP
+ * ================================================================================
+ * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.xacml.pdp.application.nativ;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import com.att.research.xacml.api.Decision;
+import com.att.research.xacml.api.Request;
+import com.att.research.xacml.api.Response;
+import com.att.research.xacml.std.dom.DOMRequest;
+import com.att.research.xacml.std.dom.DOMResponse;
+import java.io.File;
+import java.util.Properties;
+import java.util.ServiceLoader;
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
+import org.onap.policy.common.endpoints.parameters.RestServerParameters;
+import org.onap.policy.common.utils.resources.TextFileUtils;
+import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider;
+import org.onap.policy.pdp.xacml.application.common.XacmlPolicyUtils;
+import org.onap.policy.pdp.xacml.xacmltest.TestUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class NativePdpApplicationTest {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(NativePdpApplicationTest.class);
+    private static final String PERMIT = "Permit";
+    private static Properties properties = new Properties();
+    private static File propertiesFile;
+    private static RestServerParameters clientParams = new RestServerParameters();
+    private static NativePdpApplication service;
+    private static Request request;
+
+    @ClassRule
+    public static final TemporaryFolder policyFolder = new TemporaryFolder();
+
+    /**
+     * Copies the xacml.properties and policies files into
+     * temporary folder and loads the service provider saving
+     * instance of provider off for other tests to use.
+     */
+    @BeforeClass
+    public static void setup() throws Exception {
+        LOGGER.info("Setting up class");
+        //
+        // Setup our temporary folder
+        //
+        XacmlPolicyUtils.FileCreator myCreator = (filename) -> policyFolder.newFile(filename);
+        propertiesFile = XacmlPolicyUtils.copyXacmlPropertiesContents("src/test/resources/xacml.properties",
+                properties, myCreator);
+        //
+        // Load service
+        //
+        ServiceLoader<XacmlApplicationServiceProvider> applicationLoader =
+                ServiceLoader.load(XacmlApplicationServiceProvider.class);
+        //
+        // Find the native application and save for use in all the tests
+        //
+        StringBuilder strDump = new StringBuilder("Loaded applications:" + XacmlPolicyUtils.LINE_SEPARATOR);
+        for (XacmlApplicationServiceProvider application : applicationLoader) {
+            //
+            // Is it our service?
+            //
+            if (application instanceof NativePdpApplication) {
+                //
+                // Should be the first and only one
+                //
+                assertThat(service).isNull();
+                service = (NativePdpApplication) application;
+            }
+            strDump.append(application.applicationName());
+            strDump.append(" supports ");
+            strDump.append(application.supportedPolicyTypes());
+            strDump.append(XacmlPolicyUtils.LINE_SEPARATOR);
+        }
+        LOGGER.info("{}", strDump);
+        //
+        // Tell it to initialize based on the properties file
+        // we just built for it.
+        //
+        service.initialize(propertiesFile.toPath().getParent(), clientParams);
+        //
+        // Load XACML Request
+        //
+        request = DOMRequest.load(
+                TextFileUtils.getTextFileAsString(
+                        "src/test/resources/requests/native.policy.request.xml"));
+    }
+
+    @Test
+    public void testNativePolicy() throws Exception {
+
+        LOGGER.info("*********** Running native policy test *************");
+        //
+        // Now load the TOSCA compliant native policy - make sure
+        // the pdp can support it and have it load into the PDP.
+        //
+        TestUtils.loadPolicies("src/test/resources/policies/native.policy.yaml", service);
+        //
+        // Send the request and verify decision result
+        //
+        requestAndCheckDecision(request, PERMIT);
+    }
+
+    /**
+     * Request a decision and check that it matches expectation.
+     *
+     * @param request to send to XACML PDP
+     * @param expected from the response
+     * @throws Exception on errors requesting a decision and checking the returned decision
+     *
+     **/
+    private void requestAndCheckDecision(Request request, String expected) throws Exception {
+        //
+        // Ask for a decision
+        //
+        Response decision = service.makeNativeDecision(request);
+        //
+        // Check decision
+        //
+        checkDecision(expected, decision);
+    }
+
+    /**
+     * Check that decision matches expectation.
+     *
+     * @param expected from the response
+     * @param response received
+     * @throws Exception on errors checking the decision
+     *
+     **/
+    public void checkDecision(String expected, Response response) throws Exception {
+        LOGGER.info("Looking for {} Decision", expected);
+        assertThat(response).isNotNull();
+        Decision decision = response.getResults().iterator().next().getDecision();
+        assertThat(decision).isNotNull();
+        assertThat(decision.toString()).isEqualTo(expected);
+        LOGGER.info("Xacml response we received {}", DOMResponse.toString(response));
+    }
+}
\ No newline at end of file
diff --git a/applications/native/src/test/resources/policies/native.policy.xml b/applications/native/src/test/resources/policies/native.policy.xml
new file mode 100644
index 00000000..d6e4f4fb
--- /dev/null
+++ b/applications/native/src/test/resources/policies/native.policy.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA1:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
+    <Description>
+        Policy for Conformance Test IIA001.
+    </Description>
+    <Target/>
+    <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA1:rule">
+        <Description>
+            Julius Hibbert can read or write Bart Simpson's medical record.
+        </Description>
+        <Target>
+            <AnyOf>
+                <AllOf>
+                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+                        <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+                    </Match>
+                </AllOf>
+            </AnyOf>
+            <AnyOf>
+                <AllOf>
+                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
+                        <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#anyURI" MustBePresent="false"/>
+                    </Match>
+                </AllOf>
+            </AnyOf>
+            <AnyOf>
+                <AllOf>
+                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+                        <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+                    </Match>
+                </AllOf>
+                <AllOf>
+                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
+                        <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+                    </Match>
+                </AllOf>
+            </AnyOf>
+        </Target>
+    </Rule>
+</Policy>
diff --git a/applications/native/src/test/resources/policies/native.policy.yaml b/applications/native/src/test/resources/policies/native.policy.yaml
new file mode 100644
index 00000000..00bc5db9
--- /dev/null
+++ b/applications/native/src/test/resources/policies/native.policy.yaml
@@ -0,0 +1,12 @@
+tosca_definitions_version: tosca_simple_yaml_1_0_0
+topology_template:
+  policies:
+    -
+      native.access.control:
+        type: onap.policies.native.Xacml
+        version: 1.0.0
+        metadata:
+          policy-id: native.access.control
+          policy-version: 1
+        properties:
+          policy: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+CjxQb2xpY3kgeG1sbnM9InVybjpvYXNpczpuYW1lczp0Yzp4YWNtbDozLjA6Y29yZTpzY2hlbWE6d2QtMTciIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIFBvbGljeUlkPSJ1cm46b2FzaXM6bmFtZXM6dGM6eGFjbWw6Mi4wOmNvbmZvcm1hbmNlLXRlc3Q6SUlBMTpwb2xpY3kiIFJ1bGVDb21iaW5pbmdBbGdJZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjMuMDpydWxlLWNvbWJpbmluZy1hbGdvcml0aG06ZGVueS1vdmVycmlkZXMiIFZlcnNpb249IjEuMCIgeHNpOnNjaGVtYUxvY2F0aW9uPSJ1cm46b2FzaXM6bmFtZXM6dGM6eGFjbWw6My4wOnBvbGljeTpzY2hlbWE6b3MgYWNjZXNzX2NvbnRyb2wteGFjbWwtMi4wLXBvbGljeS1zY2hlbWEtb3MueHNkIj4KICAgIDxEZXNjcmlwdGlvbj4KICAgICAgICBQb2xpY3kgZm9yIENvbmZvcm1hbmNlIFRlc3QgSUlBMDAxLgogICAgPC9EZXNjcmlwdGlvbj4KICAgIDxUYXJnZXQvPgogICAgPFJ1bGUgRWZmZWN0PSJQZXJtaXQiIFJ1bGVJZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjIuMDpjb25mb3JtYW5jZS10ZXN0OklJQTE6cnVsZSI+CiAgICAgICAgPERlc2NyaXB0aW9uPgogICAgICAgICAgICBKdWxpdXMgSGliYmVydCBjYW4gcmVhZCBvciB3cml0ZSBCYXJ0IFNpbXBzb24ncyBtZWRpY2FsIHJlY29yZC4KICAgICAgICA8L0Rlc2NyaXB0aW9uPgogICAgICAgIDxUYXJnZXQ+CiAgICAgICAgICAgIDxBbnlPZj4KICAgICAgICAgICAgICAgIDxBbGxPZj4KICAgICAgICAgICAgICAgICAgICA8TWF0Y2ggTWF0Y2hJZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjEuMDpmdW5jdGlvbjpzdHJpbmctZXF1YWwiPgogICAgICAgICAgICAgICAgICAgICAgICA8QXR0cmlidXRlVmFsdWUgRGF0YVR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hI3N0cmluZyI+SnVsaXVzIEhpYmJlcnQ8L0F0dHJpYnV0ZVZhbHVlPgogICAgICAgICAgICAgICAgICAgICAgICA8QXR0cmlidXRlRGVzaWduYXRvciBBdHRyaWJ1dGVJZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjEuMDpzdWJqZWN0OnN1YmplY3QtaWQiIENhdGVnb3J5PSJ1cm46b2FzaXM6bmFtZXM6dGM6eGFjbWw6MS4wOnN1YmplY3QtY2F0ZWdvcnk6YWNjZXNzLXN1YmplY3QiIERhdGFUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSNzdHJpbmciIE11c3RCZVByZXNlbnQ9ImZhbHNlIi8+CiAgICAgICAgICAgICAgICAgICAgPC9NYXRjaD4KICAgICAgICAgICAgICAgIDwvQWxsT2Y+CiAgICAgICAgICAgIDwvQW55T2Y+CiAgICAgICAgICAgIDxBbnlPZj4KICAgICAgICAgICAgICAgIDxBbGxPZj4KICAgICAgICAgICAgICAgICAgICA8TWF0Y2ggTWF0Y2hJZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjEuMDpmdW5jdGlvbjphbnlVUkktZXF1YWwiPgogICAgICAgICAgICAgICAgICAgICAgICA8QXR0cmlidXRlVmFsdWUgRGF0YVR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hI2FueVVSSSI+aHR0cDovL21lZGljby5jb20vcmVjb3JkL3BhdGllbnQvQmFydFNpbXBzb248L0F0dHJpYnV0ZVZhbHVlPgogICAgICAgICAgICAgICAgICAgICAgICA8QXR0cmlidXRlRGVzaWduYXRvciBBdHRyaWJ1dGVJZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjEuMDpyZXNvdXJjZTpyZXNvdXJjZS1pZCIgQ2F0ZWdvcnk9InVybjpvYXNpczpuYW1lczp0Yzp4YWNtbDozLjA6YXR0cmlidXRlLWNhdGVnb3J5OnJlc291cmNlIiBEYXRhVHlwZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjYW55VVJJIiBNdXN0QmVQcmVzZW50PSJmYWxzZSIvPgogICAgICAgICAgICAgICAgICAgIDwvTWF0Y2g+CiAgICAgICAgICAgICAgICA8L0FsbE9mPgogICAgICAgICAgICA8L0FueU9mPgogICAgICAgICAgICA8QW55T2Y+CiAgICAgICAgICAgICAgICA8QWxsT2Y+CiAgICAgICAgICAgICAgICAgICAgPE1hdGNoIE1hdGNoSWQ9InVybjpvYXNpczpuYW1lczp0Yzp4YWNtbDoxLjA6ZnVuY3Rpb246c3RyaW5nLWVxdWFsIj4KICAgICAgICAgICAgICAgICAgICAgICAgPEF0dHJpYnV0ZVZhbHVlIERhdGFUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSNzdHJpbmciPnJlYWQ8L0F0dHJpYnV0ZVZhbHVlPgogICAgICAgICAgICAgICAgICAgICAgICA8QXR0cmlidXRlRGVzaWduYXRvciBBdHRyaWJ1dGVJZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjEuMDphY3Rpb246YWN0aW9uLWlkIiBDYXRlZ29yeT0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjMuMDphdHRyaWJ1dGUtY2F0ZWdvcnk6YWN0aW9uIiBEYXRhVHlwZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjc3RyaW5nIiBNdXN0QmVQcmVzZW50PSJmYWxzZSIvPgogICAgICAgICAgICAgICAgICAgIDwvTWF0Y2g+CiAgICAgICAgICAgICAgICA8L0FsbE9mPgogICAgICAgICAgICAgICAgPEFsbE9mPgogICAgICAgICAgICAgICAgICAgIDxNYXRjaCBNYXRjaElkPSJ1cm46b2FzaXM6bmFtZXM6dGM6eGFjbWw6MS4wOmZ1bmN0aW9uOnN0cmluZy1lcXVhbCI+CiAgICAgICAgICAgICAgICAgICAgICAgIDxBdHRyaWJ1dGVWYWx1ZSBEYXRhVHlwZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjc3RyaW5nIj53cml0ZTwvQXR0cmlidXRlVmFsdWU+CiAgICAgICAgICAgICAgICAgICAgICAgIDxBdHRyaWJ1dGVEZXNpZ25hdG9yIEF0dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFtZXM6dGM6eGFjbWw6MS4wOmFjdGlvbjphY3Rpb24taWQiIENhdGVnb3J5PSJ1cm46b2FzaXM6bmFtZXM6dGM6eGFjbWw6My4wOmF0dHJpYnV0ZS1jYXRlZ29yeTphY3Rpb24iIERhdGFUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSNzdHJpbmciIE11c3RCZVByZXNlbnQ9ImZhbHNlIi8+CiAgICAgICAgICAgICAgICAgICAgPC9NYXRjaD4KICAgICAgICAgICAgICAgIDwvQWxsT2Y+CiAgICAgICAgICAgIDwvQW55T2Y+CiAgICAgICAgPC9UYXJnZXQ+CiAgICA8L1J1bGU+CjwvUG9saWN5Pgo=
\ No newline at end of file
diff --git a/applications/native/src/test/resources/requests/native.policy.request.xml b/applications/native/src/test/resources/requests/native.policy.request.xml
new file mode 100644
index 00000000..41dcf183
--- /dev/null
+++ b/applications/native/src/test/resources/requests/native.policy.request.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd" ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+    <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
+      <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+    </Attribute>
+  </Attributes>
+  <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+    <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id">
+      <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
+    </Attribute>
+  </Attributes>
+  <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
+    <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id">
+      <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+    </Attribute>
+  </Attributes>
+  <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" />
+</Request>
diff --git a/applications/native/src/test/resources/xacml.properties b/applications/native/src/test/resources/xacml.properties
new file mode 100644
index 00000000..3d4d025c
--- /dev/null
+++ b/applications/native/src/test/resources/xacml.properties
@@ -0,0 +1,53 @@
+#
+# Properties that the embedded PDP engine uses to configure and load
+#
+# Standard API Factories
+#
+xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
+xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
+xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
+xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
+xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory
+#
+# AT&T PDP Implementation Factories
+#
+xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
+xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
+xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory
+#
+# ONAP PDP Implementation Factories
+#
+xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory
+
+#
+# Use a root combining algorithm
+#
+xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides
+
+#
+# PIP Engine Definitions
+#
+count-recent-operations.classname=org.onap.policy.pdp.xacml.application.common.operationshistory.CountRecentOperationsPip
+count-recent-operations.issuer=urn:org:onap:xacml:guard:count-recent-operations
+count-recent-operations.name=CountRecentOperations
+count-recent-operations.description=Returns operation counts based on time window
+count-recent-operations.persistenceunit=OperationsHistoryPUTest
+
+get-operation-outcome.classname=org.onap.policy.pdp.xacml.application.common.operationshistory.GetOperationOutcomePip
+get-operation-outcome.issuer=urn:org:onap:xacml:guard:get-operation-outcome
+get-operation-outcome.name=GetOperationOutcome
+get-operation-outcome.description=Returns operation outcome
+get-operation-outcome.persistenceunit=OperationsHistoryPUTest
+
+#
+# Make pips available to finder
+#
+xacml.pip.engines=count-recent-operations,get-operation-outcome
+
+#
+# JPA Properties
+#
+javax.persistence.jdbc.driver=org.h2.Driver
+javax.persistence.jdbc.url=jdbc:h2:mem:testdb;DATABASE_TO_UPPER=FALSE
+javax.persistence.jdbc.user=policy
+javax.persistence.jdbc.password=P01icY