Problems with Getting started

[zhaizhonghao]

As you conduct,I follow the "Getting Started".Then I created the JavaProject in my eclipse with authzforce-ce-core-pdp-engine-8.0.0.jar.In the Main.java, I writes following codes:

		try {
			BasePdpEngine basePdpEngine=BasePdpEngine.getInstance("D:/1.xml");
		} catch (IllegalArgumentException | IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		System.out.println("hello world");
	}

But I comed accros the following error:

14:01:00.862 [main] DEBUG org.ow2.authzforce.core.pdp.api.HashCollections - System property 'org.ow2.authzforce.core.pdp.api.HashCollectionFactoryClass' not set -> using class org.ow2.authzforce.core.pdp.api.DefaultHashCollectionFactory as (default) implementation of interface org.ow2.authzforce.core.pdp.api.HashCollectionFactory
Exception in thread "main" java.util.ServiceConfigurationError: org.ow2.authzforce.core.pdp.api.PdpExtension: Provider org.ow2.authzforce.core.pdp.testutil.ext.TestXACMLPolicyAttributeValue$Factory could not be instantiated
	at java.util.ServiceLoader.fail(Unknown Source)
	at java.util.ServiceLoader.access$100(Unknown Source)
	at java.util.ServiceLoader$LazyIterator.nextService(Unknown Source)
	at java.util.ServiceLoader$LazyIterator.next(Unknown Source)
	at java.util.ServiceLoader$1.next(Unknown Source)
	at org.ow2.authzforce.core.pdp.impl.PdpExtensionLoader.<clinit>(PdpExtensionLoader.java:80)
	at org.ow2.authzforce.core.pdp.impl.PdpModelHandler.<init>(PdpModelHandler.java:130)
	at org.ow2.authzforce.core.pdp.impl.BasePdpEngine.getInstance(BasePdpEngine.java:876)
	at org.ow2.authzforce.core.pdp.impl.BasePdpEngine.getInstance(BasePdpEngine.java:893)
	at Main.main(Main.java:9)
Caused by: java.lang.NoClassDefFoundError: com/google/common/reflect/TypeToken
	at java.lang.Class.getDeclaredConstructors0(Native Method)
	at java.lang.Class.privateGetDeclaredConstructors(Unknown Source)
	at java.lang.Class.getConstructor0(Unknown Source)
	at java.lang.Class.newInstance(Unknown Source)
	... 8 more
Caused by: java.lang.ClassNotFoundException: com.google.common.reflect.TypeToken
	at java.net.URLClassLoader.findClass(Unknown Source)
	at java.lang.ClassLoader.loadClass(Unknown Source)
	at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
	at java.lang.ClassLoader.loadClass(Unknown Source)
	... 12 more

Can you help me
Thanks
Zhai

[zhaizhonghao]

I solved this issue by setting JVM argument with -Djavax.xml.accessExternalSchema=http.
However,I met other error,it is descriped as following:

Exception in thread "main" java.lang.NoSuchMethodError: org.ow2.authzforce.core.pdp.api.AttributeGUID.<init>(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)V
	at org.ow2.authzforce.core.pdp.impl.expression.AttributeDesignatorExpression.<init>(AttributeDesignatorExpression.java:120)
	at org.ow2.authzforce.core.pdp.impl.expression.ExpressionFactoryImpl.getInstance(ExpressionFactoryImpl.java:570)
	at org.ow2.authzforce.core.pdp.impl.MatchEvaluator.<init>(MatchEvaluator.java:96)
	at org.ow2.authzforce.core.pdp.impl.AllOfEvaluator.<init>(AllOfEvaluator.java:81)
	at org.ow2.authzforce.core.pdp.impl.AnyOfEvaluator.<init>(AnyOfEvaluator.java:84)
	at org.ow2.authzforce.core.pdp.impl.TargetEvaluators$NonEmptyTargetEvaluator.<init>(TargetEvaluators.java:80)
	at org.ow2.authzforce.core.pdp.impl.TargetEvaluators$NonEmptyTargetEvaluator.<init>(TargetEvaluators.java:61)
	at org.ow2.authzforce.core.pdp.impl.TargetEvaluators.getInstance(TargetEvaluators.java:212)
	at org.ow2.authzforce.core.pdp.impl.rule.RuleEvaluator.<init>(RuleEvaluator.java:372)
	at org.ow2.authzforce.core.pdp.impl.policy.PolicyEvaluators.getInstance(PolicyEvaluators.java:1627)
	at org.ow2.authzforce.core.pdp.impl.policy.CoreRootPolicyProviderModule.<init>(CoreRootPolicyProviderModule.java:116)
	at org.ow2.authzforce.core.pdp.impl.policy.CoreRootPolicyProviderModule.getInstance(CoreRootPolicyProviderModule.java:252)
	at org.ow2.authzforce.core.pdp.impl.policy.CoreRootPolicyProviderModule$Factory.getInstance(CoreRootPolicyProviderModule.java:88)
	at org.ow2.authzforce.core.pdp.impl.policy.CoreRootPolicyProviderModule$Factory.getInstance(CoreRootPolicyProviderModule.java:62)
	at org.ow2.authzforce.core.pdp.impl.policy.RootPolicyEvaluators$Base.<init>(RootPolicyEvaluators.java:171)
	at org.ow2.authzforce.core.pdp.impl.BasePdpEngine.<init>(BasePdpEngine.java:480)
	at org.ow2.authzforce.core.pdp.impl.BasePdpEngine.getInstance(BasePdpEngine.java:687)
	at org.ow2.authzforce.core.pdp.impl.BasePdpEngine.getInstance(BasePdpEngine.java:737)
	at org.ow2.authzforce.core.pdp.impl.BasePdpEngine.getInstance(BasePdpEngine.java:770)
	at org.ow2.authzforce.core.pdp.impl.BasePdpEngine.getInstance(BasePdpEngine.java:876)
	at org.ow2.authzforce.core.pdp.impl.BasePdpEngine.getInstance(BasePdpEngine.java:893)
	at Main.main(Main.java:9)

By the way,I use the authzfoce-ce-core-pdp-api-9.1.0.jar.

[cdanger]

Hello,
the fix for your first issue (setting javax.xml.accessExternalSchema) is mentioned at the very end of the Getting Started section actually.
For the other error, I am a bit confused because for instance the line number AttributeDesignatorExpression.java:120 mentioned in your stack trace does not match the source code of authzforce-ce-core-pdp-engine in release 8.0.0 (AttributeDesignatorExpression.java, line 120).

Are you using Maven to build your Java project ?

[zhaizhonghao]

Thanks for your attention.
I have compile the project by Run as->Maven build.But it existed following error:

[INFO] Scanning for projects...
[INFO]                                                                         
[INFO] ------------------------------------------------------------------------
[INFO] Building org.ow2.authzforce:authzforce-ce-core-pdp-engine 8.0.1-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[WARNING] The POM for com.sun.xml.bind:jaxb-xjc-openengsb:jar:2.2.1 is missing, no dependency information available
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 0.463 s
[INFO] Finished at: 2017-04-01T21:35:46+08:00
[INFO] Final Memory: 8M/155M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project authzforce-ce-core-pdp-engine: Could not resolve dependencies for project org.ow2.authzforce:authzforce-ce-core-pdp-engine:jar:8.0.1-SNAPSHOT: Failure to find com.sun.xml.bind:jaxb-xjc-openengsb:jar:2.2.1 in https://repo.maven.apache.org/maven2 was cached in the local repository, resolution will not be reattempted until the update interval of central has elapsed or updates are forced -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException

[cdanger]

I did not mean to rebuild the authzforce-ce-core project with Maven by yourself. I meant that you should use Maven to build your own Java project which depends on authzforce-ce-core-pdp-engine (or other authzforce module). So, in the Maven pom.xml file of your Java project, you should have something like this (this is just an excerpt of the relevant parts, not the full thing):

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 <modelVersion>4.0.0</modelVersion>
...
<artifactId>my-own-project</artifactId>
<version>XXX</version>
...
<dependencies>
      ...
      <dependency>
         <groupId>org.ow2.authzforce</groupId>
         <artifactId>authzforce-ce-core-pdp-engine</artifactId>
         <version>8.0.0</version>
      </dependency>
...
</dependencies>
...
</project>

Sorry if there was a misunderstanding.

[zhaizhonghao]

sorry, I am a student who uses the maven for the first time.Thanks for your patience.
I follow your conduct, use Maven to build my own Java Project. And I add the dependency as follow:

However, it still existed error:
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building myproject 0.0.1-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO] Downloading: https://repo.maven.apache.org/maven2/org/ow2/authzforce/authzforce-ce-core-pdp-engine/8.0.0/authzforce-ce-core-pdp-engine-8.0.0.pom
[INFO] Downloaded: https://repo.maven.apache.org/maven2/org/ow2/authzforce/authzforce-ce-core-pdp-engine/8.0.0/authzforce-ce-core-pdp-engine-8.0.0.pom (10 KB at 4.3 KB/sec)
[INFO] Downloading: https://repo.maven.apache.org/maven2/org/ow2/authzforce/authzforce-ce-core/8.0.0/authzforce-ce-core-8.0.0.pom
[INFO] Downloaded: https://repo.maven.apache.org/maven2/org/ow2/authzforce/authzforce-ce-core/8.0.0/authzforce-ce-core-8.0.0.pom (2 KB at 2.7 KB/sec)
[INFO] Downloading: https://repo.maven.apache.org/maven2/org/ow2/authzforce/authzforce-ce-core-pdp-engine/8.0.0/authzforce-ce-core-pdp-engine-8.0.0.jar
[WARNING] Checksum validation failed: Checksum validation failed, expected f0a1c689ede70fd5b88f5dc5ab45f50b2f2c9a79 but is 7374bdaf2b3feaf4ea243d81d63ff2016baf2102 for https://repo.maven.apache.org/maven2/org/ow2/authzforce/authzforce-ce-core-pdp-engine/8.0.0/authzforce-ce-core-pdp-engine-8.0.0.jar
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 7.391 s
[INFO] Finished at: 2017-04-01T22:19:07+08:00
[INFO] Final Memory: 9M/155M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project myproject: Could not resolve dependencies for project MyAuthzforce:myproject:jar:0.0.1-SNAPSHOT: Could not transfer artifact org.ow2.authzforce:authzforce-ce-core-pdp-engine:jar:8.0.0 from/to central (https://repo.maven.apache.org/maven2): C:\Users\zhai.m2\repository\org\ow2\authzforce\authzforce-ce-core-pdp-engine\8.0.0\aether-fd5f07aa-46db-45dd-8511-8e85554f23fb-authzforce-ce-core-pdp-engine-8.0.0.jar-in-progress (系统找不到指定的文件。) -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException

[cdanger]

The issue that matters here is: [WARNING] Checksum validation failed: Checksum validation failed, expected ...
This is usually an issue with your environment. For instance your maven repository was corrupted somehow, or a network error occurred during the download from Maven central (issue with Internet connection, firewall/proxy...). Check this error on the web to find possible solutions. If nothing works for you, you can try to force maven to download the artifact again by deleting the folder C:\Users\zhai.m2\repository\org\ow2\authzforce in your repository manually, and try again maven clean package or maven clean install.

[zhaizhonghao]

It works! Thank your very much.
Bother again, Where can I find the JavaDoc of the Authzforce-ce core or some user cases.

[cdanger]

If you use Eclipse, it should automatically get the javadoc and sources with the binary when you try to go/click on some class from authzforce JAR. If not, try setting Download Artifact Javadoc in Window > Preferences > Maven menu. If still not working, you may get it manually with maven command line: http://tedwise.com/2010/01/27/maven-micro-tip-get-sources-and-javadocs.
You can also set maven to always download javadoc in Maven settings: http://stackoverflow.com/questions/5780758/maven-always-download-sources-and-javadocs
Anyway, everything is on Maven Central, e.g. for release 8.0.0: http://repo1.maven.org/maven2/org/ow2/authzforce/authzforce-ce-core-pdp-engine/8.0.0/

As for a use case, you can find one on the README, applied to a web service access authorization: https://github.com/authzforce/core#example-of-usage-and-pep-code-with-a-web-service-authorization-module

[zhaizhonghao]

Hello cdanger. I tried to use the pdp refered to org.ow2.authzforce.core.pdp.testutil#PdpTest.java, and I send the request.xml like following,but I modified the Julius Hibbert to Jlius Hibbert

<?xml version="1.0" encoding="utf-8"?>
<Request  ReturnPolicyIdList="false" CombinedDecision="true" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
    <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
      <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Jlius Hibbert</AttributeValue>
    </Attribute>
  </Attributes>
  <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
    <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id">
      <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
    </Attribute>
  </Attributes>
  <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
    <Attribute IncludeInResult="true" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id">
      <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
    </Attribute>
  </Attributes>
  <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
    <Attribute IncludeInResult="true" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id">
      <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
    </Attribute>
  </Attributes>
  <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" />
</Request>

the policy like this:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" 
		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
		PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIE302:policy" 
		RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" 
		Version="1.0" >
    <Description>
        Policy for Conformance Test IIIE302.
        Purpose: test Multiple Decisions with The use of multiple instances of an Attributes element with the same category ID
    </Description>
    <Target/>
    <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIE302:rule">
        <Description>
            Julius Hibbert can read or write Bart Simpson's medical record.
        </Description>
        <Target>
            <AnyOf>
                <AllOf>
                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
                        <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
                    </Match>
                </AllOf>
            </AnyOf>
            <AnyOf>
                <AllOf>
                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
                        <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#anyURI" MustBePresent="false"/>
                    </Match>
                </AllOf>
            </AnyOf>
            <AnyOf>
                <AllOf>
                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
                        <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
                    </Match>
                </AllOf>
                <AllOf>
                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
                        <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
                    </Match>
                </AllOf>
            </AnyOf>
        </Target>
    </Rule>
</Policy>

when I run the code, error occured:

Exception in thread "main" java.lang.NullPointerException
	at org.ow2.authzforce.core.pdp.testutil.ext.TestCombinedDecisionResultFilter$ResultCollector.addResult(TestCombinedDecisionResultFilter.java:73)
	at org.ow2.authzforce.core.pdp.impl.BasePdpEngine$NonCachingIndividualDecisionRequestEvaluator.evaluateToJAXB(BasePdpEngine.java:261)
	at org.ow2.authzforce.core.pdp.impl.BasePdpEngine.evaluate(BasePdpEngine.java:975)
	at MyAuthzforce.myproject.App.main(App.java:160)

I debuged for this, and I found the pepActions is null. So I am confused.
By the way, pepAction is not null when I use Julius Hibbert in the request.

[cdanger]

pepActions = result.getPepActions();
So, as the javadoc of DecisionResult.getPepActions() says, it is null if the decision is neither Permit nor Deny. Since the other possible results are Indeterminate and NotApplicable, and Indeterminate is handled a few lines before, I guess the result is NotApplicable. Indeed because you changed to Jlius Hibbert. It seems the policy evaluation result has changed to NotApplicable now.
And it seems the class TestCombinedDecisionResultFilter (of the testutils package) - developed specifically for conformance test IIIE302 that you are reusing here - does not handle NotApplicable decision properly :( (it was not expected from IIE303 test, I guess). I would agree this is still a kind of bug, so if you want this fixed, you can create an issue for it.

Anyway, I think the fix is quite simple, in TestCombinedDecisionResultFilter.java, line 73, replace:

if (!pepActions.getObligatory().isEmpty() || !pepActions.getAdvisory().isEmpty())

with

if (pepActions != null && (!pepActions.getObligatory().isEmpty() || !pepActions.getAdvisory().isEmpty()))

[zhaizhonghao]

Hello cdanger, I want to do some use case on my own. But I don't know how to start.
Is there some standards or constraints of request.xml and policy.xml? And how can I find the specifications?

[cdanger]

Yes, it's the OASIS XACML 3.0 standard, as stated in the README, and as you can guess from the namespaces in those XML files. If you are talking about the files named request.xml and policy.xml used in the unit tests of pdp-testutils module, request.xml files are XACML 3.0 Request elements, and policy.xml files are XACML 3.0 Policy or PolicySet documents, depending on the test case.