.. http://creativecommons.org/licenses/by/4.0
************************
-Using guard in the PDP-D
+Using guard in the PDP-D
************************
.. contents::
:depth: 2
-This guide will help configure and test guard connection from PDP-D to PDP-X. This guide assumes that the PDP-D is installed and running policy properly with other properties being set properly.
+This guide will help configure and test the guard connection from PDP-D (drools-pdp) to PDP-X (xacml-pdp). This guide assumes that the PDP-D is installed and running policy properly with other properties being set properly.
Configuration
-^^^^^^^^^^^^^
+^^^^^^^^^^^^^
Prerequisites
-------------
Stop Policy, open, and verify the config:
-- Stop policy with *policy stop*
+- Stop policy with **policy stop**
- Open *$POLICY_HOME/config/controlloop.properties.environment*
- Make sure the *sql.db.host*, *sql.db.username* and *sql.db.password* are set correctly
**guard.disabled** - For enabling / disabling guard functionality.
- For example, to enable set it to false.
- - When this is set to true, the previous two properties will be ignored.
+ - When this is set to true, the previous two properties (guard.url and guard.jdbc.url) will be ignored.
- If guard is enabled, then the following PDP-X properties must also be set.
**pdpx.client.password** - Client password
-
Verification
-^^^^^^^^^^^^
+^^^^^^^^^^^^
It is recommended to test using CLI tools before running since changing bash command parameters are faster than restarting policy.
Logs Verification
-----------------
-Checking the logs is straight forward. Check the *$POLICY_HOME/logs/error.log* file for the word "*callRESTfulPDP*" for any exceptions thrown. If they are thrown then there was a problem with the connection.
-You can also check the *$POLICY_HOME/logs/network.log* file for the word "*Indeterminate*" which implies the connection failed or got a non 200 response code.
+Checking the logs is straight forward. Check the **$POLICY_HOME/logs/error.log** file for the word "*callRESTfulPDP*" for any exceptions thrown. If they are thrown then there was a problem with the connection.
+You can also check the **$POLICY_HOME/logs/network.log** file for the word "*Indeterminate*" which implies the connection failed or got a non 200 response code.
+
CLI Verification
----------------
It can be helpful to test the PDP-X connection using bash commands to make sure that the PDP-X properties are correct and the guard.url property is correct before running policy.
**Method 1: httpie - CLI, cURL-like tool for humans**
-
+
Using the http command we can make a request directly to PDP-X from the command line. Use the following form:
.. code-block:: bash
-
+
http
POST pdp:8081/pdp/api/getDecision
Authorization:<yourAuth> ClientAuth:<yourClientAuth>
Environment:<environment> Content-Type:application/json < guard_request.json
-
+
| where:
| *<yourAuth>* is the string generated from user:pass converted to base64 encoding
| (a conversion tool is available at https://www.base64encode.org/)
| *<yourClientAuth>* is generated the same way but from the client user and pass.
| *<environment>* is the context of the request. For example: TEST
| *pdp* is the host of the PDP-X
-
+
The guard_request.json should be in the form of the following:
-
+
.. code-block:: json
:caption: guard_request.json
-
+
{
"decisionAttributes": {
"actor": "APPC",
Code Review / policy / parent.git / blobdiff