Versions Compared

Old Version 26

changes.mady.by.user Greg Jansen

Saved on

compared with

New Version 27

changes.mady.by.user Greg Jansen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The ResourceFinder returns a ResourceFinder result, which contains the entire set of resolved resource ID attribute values. In other words the result is not a streaming interface, but a concrete class that returns a set. It would be far preferable to have a streaming/iterator approach to support big deletes trees.

Components to Develop

Most of these components are some variation on a XACML finder module, which is a part of the original Sun engine API. The JBoss PDP implementation adds new options for wiring finder modules, via configuration of custom locator classes. In many cases the locator class extends the corresponding Sun finder module. For example the ResourceLocator extends ResourceFinderModule.

PolicyFinderModule (w/PolicyLocator for JBossPDP configuration)

...

This is admittedly a little abstruse, but the policy finder modules become module becomes part of the PDP via configured implementations an implementation of the PolicyLocator interface. An implementation must have a no argument constructor and received configuration via a setOptions() callback method. The PolicyLocator has a map where it will store its PolicyFinderModule for use by the JBossPDP. A simple example is the JBossPolicyLocator, which puts a list of pre-configured policies into a wrapper policy finder module. This wrapper policy finder module is added to the locator's internal map under the policy finder module key. To see how the PDP builds the list of policy finder modules at initialization time, see JBossPDP.boostrapPDP(), especially the createPolicyFinderModules() method. There you can see it build a list of finder modules from each configured policy locator.

...

  1. finding the nearest real node for a given the path, since access checks are sometimes performed on new nodes before they are added.
  2. Then you find the nearest parent with a policy property.
  3. Then you read in and return the policy XACML. (There is a PolicyReader class you can use here)
  4. It will also need to support requests for policies by node URI, i.e. resolving policies that are linked from the first policy.

...

ModeShapeResourceFinderModule

Implements callback methods for finding child and descendant resources. This will be used for delete and possibly move operations, which have cascading effect on the node tree.

AttributeFinderModule(s)

Attribute finder modules do not work the same as policy finder modules. The AttributeLocator is an implementation of the AttributeFinderModule interface. So only one class is needed per functionJBoss has an abstract class called StorageAttributeLocator which may be useful for formulating SPARQL queries that function much like prepared statements against a DB, where there is a replacement value. That pattern may be useful for a ResourceAttributeFinderModule.

SubjectAttributeFinderModule

EnvironmentAttributeFinderModule