Code Review / policy / drools-applications.git / blob
? search:


5d31730dbfa1387d94fcd1d56f58c2469c449797
[policy/drools-applications.git] / controlloop / templates / template.demo / src / main / resources / blacklist_template.xml
1 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
2 <Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:att:xacml:policy:id:25e12b06-11d5-4895-b2a2-6f6c594de069" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny">
3         <Description>Policy for frequency limiter.</Description>
4         <Target>
5             <AnyOf>
6                 <AllOf>
7                         <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
8                         <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">.*</AttributeValue>-->
9                         <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${clname}</AttributeValue>
10                         <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:clname:clname-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
11                         </Match>
12              
13                         <!--  <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">-->
14                         <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
15                         <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue>
16                         <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:actor:actor-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
17                     </Match>
18                     <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
19                         <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue>
20                         <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:operation:operation-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
21                     </Match>
22                 </AllOf>
23             </AnyOf>
24         </Target>
25         <Rule RuleId="urn:com:att:xacml:rule:id:e1e8c5c0-e2ba-47d5-9289-6c015305ed21" Effect="Deny">
26             <Description>DENY -  only if target is in black list and guard is active.</Description>
27             <Condition>
28                 <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
29                         <VariableReference VariableId="isGuardActive"/>
30                         <VariableReference VariableId="isInBlackList"/>
31                 </Apply>
32             </Condition>
33         </Rule>
34          <VariableDefinition VariableId="isInBlackList">
35                         <Apply FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of">
36                                 <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
37                                         <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
38                                                 <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:target:target-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
39                                         </Apply>
40                                         <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag">
41                                                 ${blackListElement}
42                                                 <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">vserver.vserver-name</AttributeValue>-->
43                                         </Apply>
44                    </Apply>
45                 </VariableDefinition>
46         <VariableDefinition VariableId="isGuardActive"> 
47                 <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range">
48                         <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
49                         <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" MustBePresent="false"/>
50                                 </Apply>
51                                 <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue>
52                                 <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue>
53                 </Apply>
54         </VariableDefinition> 
55 </Policy>
Code for building policies/rules for the Drools PDP engine.