Cisco Enterprise Policy Manager Java Developers Guide, Release 3.3.2.0
PDP WSDL
Download this chapter
PDP WSDLPDP WSDL
Download the complete book
EPMDeveloper.pdfEPMDeveloper.pdf (PDF - 1 MB)
 Feedback

Table Of Contents

Using PDP WSDL

AuthorizationServiceWsdl

Accessing AuthorizationServiceWsdl

Generate Client Stub Using AXIS 1.1

Generate Client Stub Using AXIS 2.0

Generate Client Stub for .NET Applications

Invoking getAuthorizedDecisions() Method Using Axis1.1

Invoking getAuthorizedDecisions() Method Using Axis2.0

Invoking getAuthorizedDecisions() Method in .NET:

PdpServiceWsdl

Sample Request and Response Codes

isUserAccessAllowed Method

getPermissibleResourcesForUser Method


Using PDP WSDL

In CEPM, you can make use of the PDP WSDLs to generate client stubs for your application irrespective of its construction framework such as C, C++, Dotnet, etc. The PEP client constructs a XACML request object and sends it to the PDP using SOAP. The PDP, in return, communicates the decision through a XACML response object.

CEPM now provides two WSDLs, such as,

AuthorizationServiceWsdl

PdpServiceWsdl

Note In CEPM Version 3.3.0.0, the PdpServiceWsdl feature was deprecated, and in Version 3.3.1.0 PdpServiceWsdl was replaced with the AuthorizationServiceWsdl feature. In Version 3.3.1.4, the PdpServiceWsdl feature is reinstated with limited functionality for use with legacy deployments.

Note Cisco strongly recommends usage of AuthorizationServiceWsdl feature for all future deployments and upgrades.

This chapter explains:

How to download the WSDL

Generate your own PEP client stub

How to construct a XACML request object

How to get the response

How to retrieve data from the response

AuthorizationServiceWsdl

AuthrizationServicesWsdl is a WS-I compliant WSDL, which supports a generic method called getAuthorizedDecisions(). This method which takes XACML request object as its input parameter. This method replaces all existing PEP methods such as isUserAccessAllowed(), isGroupAccessAllowed, isRoleAccessAllowed(), getDecisions() etc.

Accessing AuthorizationServiceWsdl

You can access the WSDL from the following service URL: 

http://host:port/pdp/services/AuthorizationServices?wsdl

Replace the host name and port number arguments in the URL with the correct values corresponding to where you have deployed the PDP.

Generate Client Stub Using AXIS 1.1

To customize the WSDLs according to your application requirements, generate the necessary client stubs using the appropriate conversion tools. For example, to utilize this WSDL in your Java application, use the Apache - WSDL2Java tool for building stubs, skeletons, and datatypes from WSDL documents. Assuming that Axis1.1 is installed in your system, to generate the stub, go to /Axis1.1/bin in the command prompt and run the following code: 

java org.apache.axis.wsdl.WSDL2Java AuthorizationService.wsdl

Generate Client Stub Using AXIS 2.0

Assuming that Axis2.0 is installed in your system, to generate the stub, go to /Axis2.0/bin in the command prompt and run the following code: 

wsdl2java.bat -uri AuthorizationService.wsdl

Generate Client Stub for .NET Applications

If your application is developed in .NET, you can generate the required client stubs by creating web reference for every WSDL. To do this:

Step 1 Open your project in the Microsoft Visual Studio.

Step 2 Right click on Reference.

Figure 4-1 Solution Explorer

Step 3 Select Add Web Reference.

Step 4 In the URL field, enter the directory path or the URL of the PDP WSDL using which you want to generate the stub.

Figure 4-2 Add Web Reference

Step 5 Enter the name of the Web Reference.

Step 6 Click Add Reference.

This generates the necessary client stub for your application.

Invoking getAuthorizedDecisions() Method Using Axis1.1

The getAuthorizedDecisions method is a generic method which takes XACML request as its input parameter. This single API method replaces all existing PEP methods such as isUserAccessAllowed(), isRoleAccessAllowed(), getDecisions() etc. The following is a sample code for using the getAuthorizedDecisions method using AuthorizationServiceWsdl.

Step 1 Initialize the AuthorizationService at client side. 

AuthorizationServiceLocator locator=new AuthorizationServiceLocator();

IAuthorizationService service=null;

try {

service=locator.getAuthorizationService(new 
URL("http://localhost:7070/pdp/services/AuthorizationService"));

} catch (Exception e) {

// TODO Auto-generated catch block

e.printStackTrace();

}

Step 2 Construct the XACML request object. 

XacmlRequest request =new XacmlRequest();

Step 3 Add subject to the XACML Request with subjectCategory='urn:oasis:names:tc:xacml:1.0:subject-category:access-subject'

subjectid='urn:oasis:names:tc:xacml:1.0:subject:subject-id'

Note For Group based entitlement, the subject-id will be group-id -

urn:oasis:names:tc:xacml:1.0:subject:group-id

For Role based entitlement, the subject-id will be role-id -

urn:oasis:names:tc:xacml:1.0:subject:role-id 

Subject subject=new Subject();

subject.setSubjectCategory("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject")
;

XACMLAttribute[] subAttribute=new XACMLAttribute[1];

subject.setAttributes(subAttribute);

subAttribute[0]=new XACMLAttribute();

subAttribute[0].setType("http://www.w3.org/2001/XMLSchema#string");

subAttribute[0].setId("urn:oasis:names:tc:xacml:1.0:subject:subject-id");

XACMLAttributeValue[] subAttrValue=new XACMLAttributeValue[1];

subAttribute[0].setAttribValue(subAttrValue);

subAttrValue[0]=new XACMLAttributeValue();

//Add the subject value below

subAttrValue[0].setType("http://www.w3.org/2001/XMLSchema#string");

subAttrValue[0].setValue("gracie");

request.setSubjects(new Subject[]{subject});

Step 4 Add resource to the XACML Request with the following resource-id attributeid='urn:oasis:names:tc:xacml:1.0:resource:resource-id' 

Resource resource=new Resource();

XACMLAttribute[] resAttribute=new XACMLAttribute[1];

resource.setAttributes(resAttribute);

resAttribute[0]=new XACMLAttribute();

resAttribute[0].setType("http://www.w3.org/2001/XMLSchema#string");

resAttribute[0].setId("urn:oasis:names:tc:xacml:1.0:resource:resource-id");

XACMLAttributeValue[] resAttrValue=new XACMLAttributeValue[1];

resAttribute[0].setAttribValue(resAttrValue);

resAttrValue[0]=new XACMLAttributeValue();

//Add the subject value below

resAttrValue[0].setType("http://www.w3.org/2001/XMLSchema#string");

resAttrValue[0].setValue("Prime group:Prime portal:Resource5");

request.setResources(new Resource[]{resource});

Step 5 Add action to the XACML Request with the following action-id: attributeid='urn:oasis:names:tc:xacml:1.0:action:action-id' 

Action action=new Action();

XACMLAttribute[] actAttribute=new XACMLAttribute[1];

action.setAttributes(actAttribute);

actAttribute[0]=new XACMLAttribute();

actAttribute[0].setType("http://www.w3.org/2001/XMLSchema#string");

actAttribute[0].setId("urn:oasis:names:tc:xacml:1.0:action:action-id");

XACMLAttributeValue[] actAttrValue=new XACMLAttributeValue[1];

actAttribute[0].setAttribValue(actAttrValue);

actAttrValue[0]=new XACMLAttributeValue();

//Add the subject value below

actAttrValue[0].setType("http://www.w3.org/2001/XMLSchema#string");

actAttrValue[0].setValue("any");

request.setAction(action);

Step 6 Add environment such as context, role bundle to the XACML Request. 

Environment environment=new Environment();

XACMLAttribute[] envAttribute=new XACMLAttribute[3];

environment.setAttributes(envAttribute);

Add context to the environment section of XACML Request 

envAttribute[0]=new XACMLAttribute();

envAttribute[0].setType("http://www.w3.org/2001/XMLSchema#string");

envAttribute[0].setId("urn:cisco:cepm:3.3:xacml:context-name");

XACMLAttributeValue[] envAttrValue=new XACMLAttributeValue[1];

envAttribute[0].setAttribValue(envAttrValue);

envAttrValue[0]=new XACMLAttributeValue();

envAttrValue[0].setType("http://www.w3.org/2001/XMLSchema#string");

envAttrValue[0].setValue("Global Context:Global Context");

Add rolebundle to the environment section of XACML Request 

envAttribute[1]=new XACMLAttribute();

envAttribute[1].setType("http://www.w3.org/2001/XMLSchema#string");

envAttribute[1].setId("urn:cisco:cepm:3.3:xacml:rolebundle-name");

XACMLAttributeValue[] envAttrRBValue=new XACMLAttributeValue[1];

envAttribute[1].setAttribValue(envAttrRBValue);

envAttrRBValue[0]=new XACMLAttributeValue();

envAttrRBValue[0].setType("http://www.w3.org/2001/XMLSchema#string");

envAttrRBValue[0].setValue("Default");

Add level to the environment section of XACML Request. Level mentioned in the XACMLRequest indicates the level of child resources up to which the evaluation should be done for the requested resource. 

envAttribute[2]=new XACMLAttribute();

envAttribute[2].setType("http://www.w3.org/2001/XMLSchema#string");

envAttribute[2].setId("level");

XACMLAttributeValue[] envAttrLevValue=new XACMLAttributeValue[1];

envAttribute[2].setAttribValue(envAttrLevValue);

envAttrLevValue[0]=new XACMLAttributeValue();

envAttrLevValue[0].setType("http://www.w3.org/2001/XMLSchema#string");

envAttrLevValue[0].setValue("1");

Step 7 Set the environment variables. 

request.setEnvironment(environment);

Step 8 Invoke the getAuthorizedDecisions method. 

try {

XacmlResponse response=service.getAuthorizedDecision(request);

Step 9 Get the response. 

Result[] results=response.getResults();

if(results!=null && results.length>0)

for (int i = 0; i < results.length; i++) {

System.out.println("ResourceName=["+results[i].getResourceId()+"],decision=["+results[i].g
etDecision()+"]");

}

} catch (LicenseException e) {

// TODO Auto-generated catch block

e.printStackTrace();

} catch (AuthenticationFailedException e) {

// TODO Auto-generated catch block

e.printStackTrace();

} catch (XacmlProcessingException e) {

// TODO Auto-generated catch block

e.printStackTrace();

} catch (DBException e) {

// TODO Auto-generated catch block

e.printStackTrace();

} catch (RemoteException e) {

// TODO Auto-generated catch block

e.printStackTrace();

}

The following is the sample response code. 

if(results!=null && results.length>0)

for (int i = 0; i < results.length; i++) {

System.out.println("ResourceName=["+results[i].getResourceId()+"],decision=["+results[i].g
etDecision()+"]");

Obligation[] obligation= results[i].getObligations();

for (int j = 0; j < obligation.length; j++) {

System.out.println("\t\t\tObligation Details are 
id=["+obligation[j].getObligationId()+"],fulfillon=["+obligation[j].getFulfillOn()+"]");

AttributeAssignment[] attribAssign= obligation[j].getAttributeAssignment();

for (int k = 0; k < attribAssign.length; k++) {

System.out.println("\t\t\t\t\tAttributeAssignment Details are 
attributeid=["+attribAssign[k].getAttributeID()+"],attributeValue=["+ 
attribAssign[k].getValue()+"]"); 

}

}

}

Invoking getAuthorizedDecisions() Method Using Axis2.0

The following is a sample code for using the getAuthorizedDecisions method:

Step 1 Initialize the AuthorizationService in the client side. 

AuthorizationServiceStub stub=new 
AuthorizationServiceStub("http://localhost:7070/pdp/services/AuthorizationService");

GetAuthorizedDecision decision=new GetAuthorizedDecision();

Step 2 Construct the XACML request object. 

XacmlRequest request=new XacmlRequest();

decision.setXacmlRequest(request);

SubjectArray subArray=new SubjectArray();

Step 3 Add subjects to the XACML request 

Subject[] subject=new Subject[1];

subject[0]=new Subject();

subject[0].setSubjectCategory("urn:oasis:names:tc:xacml:1.0:subject-category:access-subjec
t");

XACMLAttributeArray subAttrArray= new XACMLAttributeArray();

XACMLAttribute[] subAttribute=new XACMLAttribute[1];

subAttribute[0]=new XACMLAttribute();

subAttribute[0].setId("urn:oasis:names:tc:xacml:1.0:subject:subject-id");

subAttribute[0].setType("http://www.w3.org/2001/XMLSchema#string");

subAttribute[0].setIssuer("requestor");

subAttrArray.setXacmlAttributeArray(subAttribute);

XACMLAttributeValue[] subvalue=new XACMLAttributeValue[1];

subvalue[0]=new XACMLAttributeValue();

subvalue[0].setType("http://www.w3.org/2001/XMLSchema#string");

subvalue[0].setValue("gracie");

XACMLAttributeValueArray xaArray=new XACMLAttributeValueArray(); 

xaArray.setXacmlAttributeValueArray(subvalue);

subAttribute[0].setAttribValue(xaArray);

subject[0].setAttributes(subAttrArray);

subArray.setSubjectArray(subject);

Step 4 Add resource to the XACML request 

ResourceArray resArray=new ResourceArray();

Resource[] resource=new Resource[1];

resource[0]=new Resource();

XACMLAttributeArray resAttrArray= new XACMLAttributeArray();

XACMLAttribute[] resAttribute=new XACMLAttribute[1];

resAttribute[0]=new XACMLAttribute();

resAttribute[0].setId("urn:oasis:names:tc:xacml:1.0:resource:resource-id");

resAttribute[0].setType("http://www.w3.org/2001/XMLSchema#string");

resAttrArray.setXacmlAttributeArray(resAttribute);

XACMLAttributeValue[] resvalue=new XACMLAttributeValue[1];

resvalue[0]=new XACMLAttributeValue();

resvalue[0].setType("http://www.w3.org/2001/XMLSchema#string");

resvalue[0].setValue("Prime group:Prime portal:Resource5");

XACMLAttributeValueArray resxaArray=new XACMLAttributeValueArray(); 

resxaArray.setXacmlAttributeValueArray(resvalue);

resAttribute[0].setAttribValue(resxaArray);

resource[0].setAttributes(resAttrArray);

resArray.setResourceArray(resource);

Step 5 Add action to the XACML request 

Action action =new Action();

XACMLAttributeArray actAttrArray= new XACMLAttributeArray();

XACMLAttribute[] actAttribute=new XACMLAttribute[1];

actAttribute[0]=new XACMLAttribute();

actAttribute[0].setId("urn:oasis:names:tc:xacml:1.0:action:action-id");

actAttribute[0].setType("http://www.w3.org/2001/XMLSchema#string");

actAttrArray.setXacmlAttributeArray(actAttribute);

XACMLAttributeValue[] actvalue=new XACMLAttributeValue[1];

actvalue[0]=new XACMLAttributeValue();

actvalue[0].setType("http://www.w3.org/2001/XMLSchema#string");

actvalue[0].setValue("any");

XACMLAttributeValueArray actxaArray=new XACMLAttributeValueArray(); 

actxaArray.setXacmlAttributeValueArray(actvalue);

actAttribute[0].setAttribValue(actxaArray);

action.setAttributes(actAttrArray);

Step 6 Add environment to the XACML request 

Environment env=new Environment();

XACMLAttributeArray envAttrArray= new XACMLAttributeArray();

XACMLAttribute[] envAttribute=new XACMLAttribute[1];

envAttribute[0]=new XACMLAttribute();

envAttribute[0].setId("level");

envAttribute[0].setType("http://www.w3.org/2001/XMLSchema#string");

envAttribute[0].setIssuer("requestor");

envAttrArray.setXacmlAttributeArray(resAttribute);

XACMLAttributeValue[] envvalue=new XACMLAttributeValue[1];

envvalue[0]=new XACMLAttributeValue();

envvalue[0].setType("http://www.w3.org/2001/XMLSchema#string");

envvalue[0].setValue("1");

XACMLAttributeValueArray envxaArray=new XACMLAttributeValueArray(); 

envxaArray.setXacmlAttributeValueArray(envvalue);

envAttribute[0].setAttribValue(envxaArray);

env.setAttributes(envAttrArray);

request.setSubjects(subArray);

request.setResources(resArray);

request.setAction(action);

request.setEnvironment(env);

Step 7 Get the response. 

GetAuthorizedDecisionResponse response=stub.getAuthorizedDecision(decision);

XacmlResponse res=response.getXacmlResponse();

ResultArray resultArray=res.getResults();

Result[] results=resultArray.getResultsArray();

for (int i = 0; i < results.length; i++) {

System.out.println("ResourceName=["+results[i].getResourceId()+"],decision=["+results[i].g
etDecision()+"]");

}

The following is the sample response code. 

if(results!=null && results.length>0)

   for (int i = 0; i < results.length; i++) {

System.out.println("ResourceName=["+results[i].getResourceId()+"],decision=["+results[i].g
etDecision()+"]");

Obligation[] obligation= results[i].getObligations().getObligationArray();

   for (int j = 0; j < obligation.length; j++) {

System.out.println("\t\t\tObligation Details are 
id=["+obligation[j].getObligationId()+"],fulfillon=["+obligation[j].getFulfillOn()+"]");

AttributeAssignment[] attribAssign= 
obligation[j].getAttributeAssignment().getAttributeAssignmentArray();

   for (int k = 0; k < attribAssign.length; k++) {

System.out.println("\t\t\t\t\tAttributeAssignment Details are 
attributeid=["+attribAssign[k].getAttributeID()+"],attributeValue=["+ 
attribAssign[k].getValue()+"]"); 

      }

    }

}

Invoking getAuthorizedDecisions() Method in .NET:

the following is the sample code for using GetAuthorizedDecision method for .NET application:

Step 1 Initialize the AuthorizationService in the client side. 

AuthorizationService service = new AuthorizationService();

service.Url = "http://localhost:9090/pdp/services/AuthorizationService";

Step 2 Construct the XACML request object. 

XacmlRequest request = CreateXacmlRequest("policyAttributeUser", "Prime group:Prime 
portal:Resource1","any",null,new string[]{"Default"},new string[]{"Global Context:Global 
Context"});

private static XacmlRequest CreateXacmlRequest(String subject, String resource, String 
action, Hashtable environment, String[] roleBundles, String[] contexts)

{

XacmlRequest request = null;

Step 3 Create subject 

XACMLAttributeValue subjectAttributeValue = new XACMLAttributeValue();

subjectAttributeValue.type = "http://www.w3.org/2001/XMLSchema#string";

subjectAttributeValue.value = subject;

XACMLAttributeValue[] subjectAttributesValue = new XACMLAttributeValue[1];

subjectAttributesValue[0] = subjectAttributeValue;

XACMLAttribute subjectAttribute = new XACMLAttribute();

subjectAttribute.attribValue = subjectAttributesValue;

subjectAttribute.id = "urn:oasis:names:tc:xacml:1.0:subject:subject-id";

subjectAttribute.issuer = "requestor";

subjectAttribute.type = "http://www.w3.org/2001/XMLSchema#string";

XACMLAttribute[] subjectAttributes = new XACMLAttribute[1];

subjectAttributes[0] = subjectAttribute;

Subject[] subjects = new Subject[1];

Subject sub = new Subject();

sub.attributes = subjectAttributes;

sub.subjectCategory = "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject";

subjects[0] = sub;

Step 4 Create Resource 

XACMLAttributeValue resourceAttributeValue = new XACMLAttributeValue();

resourceAttributeValue.value = resource;

resourceAttributeValue.type = "resource-id";

XACMLAttributeValue[] resourcesAttributesValue = new XACMLAttributeValue[1];

resourcesAttributesValue[0] = resourceAttributeValue;

XACMLAttribute resourceAttribute = new XACMLAttribute();

resourceAttribute.attribValue = resourcesAttributesValue;

resourceAttribute.id = "urn:oasis:names:tc:xacml:1.0:resource:resource-id";

resourceAttribute.issuer = "";

resourceAttribute.type = "http://www.w3.org/2001/XMLSchema#string";

XACMLAttribute[] resourcesAttributes = new XACMLAttribute[1];

resourcesAttributes[0] = resourceAttribute;

Resource[] resources = new Resource[1];

Resource res = new Resource();

res.attributes = resourcesAttributes;

resources[0] = res;

Step 5 Create action 

XACMLAttributeValue actionAttributeValue = new XACMLAttributeValue();

actionAttributeValue.value = action;

actionAttributeValue.type = "action-id";

XACMLAttributeValue[] actionsAttributesValue = new XACMLAttributeValue[1];

actionsAttributesValue[0] = actionAttributeValue;

XACMLAttribute actionAttribute = new XACMLAttribute();

actionAttribute.attribValue = actionsAttributesValue;

actionAttribute.id = "urn:oasis:names:tc:xacml:1.0:action:action-id";

actionAttribute.issuer = "";

actionAttribute.type = "http://www.w3.org/2001/XMLSchema#string";

XACMLAttribute[] actionsAttributes = new XACMLAttribute[1];

actionsAttributes[0] = actionAttribute;

Action act = new Action();

act.attributes = actionsAttributes;

int numberOfKeys = 0;

if (roleBundles != null)

{

numberOfKeys = numberOfKeys + 1;

}

else

{

if ((environment != null) && 
(!environment.Contains("urn:cisco:cepm:3.3:xacml:rolebundle-name")))

environment.Add("urn:cisco:cepm:3.3:xacml:rolebundle-name", "Default");

}

if ((contexts != null) && (contexts[0] != null))

{

numberOfKeys = numberOfKeys + 1;

}

else

{

if ((environment != null) && 
!environment.Contains("urn:cisco:cepm:3.3:xacml:context-name")))

environmnt.Add("urn:cisco:cepm:3.3:xacml:context-name", "Global Context:Global Context")

}

if (environment != null)

numberOfKeys = numberOfKeys + environment.Count;

XACMLAttribute[] environmentsAttributes = new XACMLAttribute[numberOfKeys]; ;

Step 6 Create environment. 

int index = 0;

if (environment != null)

{

foreach (DictionaryEntry entry in environment)

{

String key = entry.Key.ToString();

String value = entry.Value.ToString();

XACMLAttributeValue environmentAttributeValue = new XACMLAttributeValue();

environmentAttributeValue.value = value;

environmentAttributeValue.type = key;

XACMLAttributeValue[] environmentsAttributesValue = new XACMLAttributeValue[1];

environmentsAttributesValue[0] = environmentAttributeValue;

XACMLAttribute environmentAttribute = new XACMLAttribute();

environmentAttribute.attribValue = environmentsAttributesValue;

environmentAttribute.id = key;

environmentAttribute.issuer = "";

environmentAttribute.type = "http://www.w3.org/2001/XMLSchema#string";

environmentsAttributes[index] = environmentAttribute;

index++;

}

}

if (roleBundles != null)

{

XACMLAttributeValue[] environmentsAttributesValue = new 
XACMLAttributeValue[roleBundles.Length];

int innerIndex = 0;

foreach (String roleBundle in roleBundles)

{

XACMLAttributeValue environmentAttributeValue = new XACMLAttributeValue();

environmentAttributeValue.value = roleBundle;

environmentAttributeValue.type = "http://www.w3.org/2001/XMLSchema#string";

environmentsAttributesValue[innerIndex++] = environmentAttributeValue;

}

XACMLAttribute environmentAttribute = new XACMLAttribute();

environmentAttribute.attribValue = environmentsAttributesValue;

environmentAttribute.id = "urn:cisco:cepm:3.3:xacml:rolebundle-name";

environmentAttribute.issuer = "";

environmentAttribute.type = "http://www.w3.org/2001/XMLSchema#string";

environmentsAttributes[index++] = environmentAttribute;

}

if ((contexts != null) && (contexts[0] != null))

{

XACMLAttributeValue[] environmentsAttributesValue = new 
XACMLAttributeValue[contexts.Length];

int innerIndex = 0;

foreach (String context in contexts)

{

if (context != null)

{

XACMLAttributeValue environmentAttributeValue = new XACMLAttributeValue();

environmentAttributeValue.value = context;

environmentAttributeValue.type = "http://www.w3.org/2001/XMLSchema#string";

environmentsAttributesValue[innerIndex++] = environmentAttributeValue;

}

}

XACMLAttribute environmentAttribute = new XACMLAttribute();

environmentAttribute.attribValue = environmentsAttributesValue;

environmentAttribute.id = "urn:cisco:cepm:3.3:xacml:context-name";

environmentAttribute.issuer = "";

environmentAttribute.type = "http://www.w3.org/2001/XMLSchema#string";

environmentsAttributes[index++] = environmentAttribute;

}

TestPDPWsdl.PepClient.Environment env = new TestPDPWsdl.PepClient.Environment();

env.attributes = environmentsAttributes;

request = new XacmlRequest();

request.subjects = subjects;

request.resources = resources;

request.action = act;

request.environment = env;

return request;

}

}

Step 7 Invoke getAuthorizedDecisions method to get the response. 

XacmlResponse response = service.getAuthorizedDecision(request);

The following is the sample response code. 

private static void GetAttributes(XacmlResponse response)

{

if(response.results!=null)

{

foreach(Result result in response.results)

{

Console.WriteLine("Decision [ " + decisions[result.decision] + " ]");

foreach(Obligation obligation in result.obligations)

{

foreach(AttributeAssignment attribute in obligation.attributeAssignment)

{

Console.WriteLine(attribute.attributeID + "\t\t\t\t\t"+attribute.value);

}

}

}

}

}

PdpServiceWsdl

PdpServiceWsdl is a non-WS-I compliant WSDL, which supports the following PEP methods:

isUserAccessAllowed()

getPermissibleResourcesForUser()

Using SoapUI tool, you can verify how the request and response are structured for the supported methods. To do this:

Step 1 Open the SoapUI tool.

Step 2 Add your project by selecting File > New SoapUI Project. A pop up window appears.

Step 3 In the pop up window, enter the project name.

Step 4 Add the WSDL URL in http://host:port/pdp/services/PDPService?wsdl format.

Note Replace the host name and port number arguments in the URL with the correct values corresponding to where you have deployed the PDP.

Step 5 Click OK. This adds the project in the tool and constructs the methods of the specified WSDL with the request and response structure. Expand the project name to see the WSDL name. You can see the supported method names by further expansion of the tree.

Step 6 To add a request, select a method and click Request. This adds the Request and Response frames in the tool window. The request frame contains the request in a predefined format.

Step 7 Enter the input parameter values. See Sample Request and Response Codes for sample request and response codes for the supported methods.

Step 8 Click Submit Request to Endpoint URL button to get the response for the above requests.

You can see the response in the right frame. See Sample Request and Response Codes for the supported methods.

Sample Request and Response Codes

isUserAccessAllowed Method

If you select isUserAccessAllowed method, which takes user, resource, and action as the input parameters, the request and response should look like -

Request - 

<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
xmlns:soap="http://soap.listener.pdp.securent.net">

   <soapenv:Header/>

   <soapenv:Body>

      <soap:isUserAccessAllowed 
soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">

         <subject xsi:type="xsd:string">test22</subject>

         <resource xsi:type="xsd:string">Application 
Group1:Application1:TestResource100</resource>

         <action xsi:type="xsd:string">any</action>

      </soap:isUserAccessAllowed>

   </soapenv:Body>

</soapenv:Envelope>

Response - 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

   <soapenv:Body>

      <ns1:isUserAccessAllowedResponse 
soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" 
xmlns:ns1="http://soap.listener.pdp.securent.net">

         <isUserAccessAllowedReturn 
xsi:type="xsd:boolean">true</isUserAccessAllowedReturn>

      </ns1:isUserAccessAllowedResponse>

   </soapenv:Body>

</soapenv:Envelope>

getPermissibleResourcesForUser Method

If you select getPermissibleResourcesForUser method, which takes user, resource, role bundle, and context as the input parameters, the request and response should look like -

Request - 

<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
xmlns:soap="http://soap.listener.pdp.securent.net">

   <soapenv:Header/>

   <soapenv:Body>

      <soap:getPermissibleResourcesForUser 
soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">

         <subject xsi:type="xsd:string">test22</subject>

         <resourceName xsi:type="xsd:string">Application 
Group1:Application1:TestResource100</resourceName>

         <roleBundles xsi:type="xsd:string">Global:Default</roleBundles>

         <context xsi:type="xsd:string">Global Context:Global Context</context>

      </soap:getPermissibleResourcesForUser>

   </soapenv:Body>

</soapenv:Envelope>

Response - 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

   <soapenv:Body>

      <ns1:getPermissibleResourcesForUserResponse 
soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" 
xmlns:ns1="http://soap.listener.pdp.securent.net">

         <getPermissibleResourcesForUserReturn soapenc:arrayType="xsd:string[4]" 
xsi:type="soapenc:Array" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">

            <getPermissibleResourcesForUserReturn 
xsi:type="xsd:string">res101:res102:res103</getPermissibleResourcesForUserReturn>

            <getPermissibleResourcesForUserReturn 
xsi:type="xsd:string">res101:res102<</getPermissibleResourcesForUserReturn>

            <getPermissibleResourcesForUserReturn 
xsi:type="xsd:string">res101</getPermissibleResourcesForUserReturn>

         </getPermissibleResourcesForUserReturn>

      </ns1:getPermissibleResourcesForUserResponse>

   </soapenv:Body>

</soapenv:Envelope>