source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/full_system/request-filter.xml @ 7414

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/full_system/request-filter.xml@7414
Revision 7414, 1.4 KB checked in by pjkersha, 10 years ago (diff)

Incomplete - task 2: XACML-Security Integration

  • Tested local PDP with integration tests. ndg.security.test.integration.full_system. This completes the functionality for the XACML integration - now preparing a new release.
  • Property svn:keywords set to Id
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<Policy PolicyId="urn:ndg:security:1.0:authz:test:policy"
3    xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:cd:04"
4    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
5    xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:cd:04 http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-cd-04.xsd"
6    RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
7    <Description>
8        Policy used by a PDP local to the PEP to filter out some requests from
9        being passed on to the main authorisation service
10    </Description>
11   
12    <!--
13        The Policy target(s) define which requests apply to the whole policy
14    -->
15    <Target>
16        <Resources>
17            <Resource>
18                <!-- Pattern match all request URIs beginning with / -->
19                <ResourceMatch MatchId="urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match">
20                    <ResourceAttributeDesignator
21                        AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
22                        DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
23                    <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">^http://localhost:7080/(?!layout).*$</AttributeValue>
24                </ResourceMatch>
25            </Resource>
26        </Resources>
27    </Target>   
28    <Rule RuleId="Catch all" Effect="Deny"></Rule>
29</Policy>
Note: See TracBrowser for help on using the repository browser.