Installing MELCOE XAMCL PDP
Our extension to the Sun XACML PDP adds the following features:
- XML database back-end for storing policies (DB XML 2.3.10 from Oracle)
- Web service interface for the XML database so that new policies can be added/deleted to/from the database for immediate effect.
- PDP can query the XML database to retrieve the applicable policies for a given request.
- Added web services interface to the PDP so that it can be queried remotely.
Prerequisites
- You need to have a working Tomcat (> 5.x.x) deployment and both your shell environments $TOMCAT_HOME, and $CATALINA_HOME set to that directory.
- Java JDK 1.5.x
- Ant
- axis2.war (v1.2)
- DB XML 2.3.10
- melcoe-pdp Download
Instructions
- Download DB XML 2.3.10 from Oracle.
- Unzip and build it. Make sure to enable the java driver. Eg.
./buildall.sh --prefix=/usr/local/dbxml-2.3.10 --enable-java
- Note: the build process will take some time.
- Set your shell profile to have the following variables set: (assuming bash shell)
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/dbxml-2.3.10/lib export MELCOEPDP_HOME=/usr/local/melcoe-pdp export DBXML_HOME=/usr/local/dbxml-2.3.10
- Download axis2.war (v1.2 NOT 1.3!) from apache website and deploy it into $TOMCAT_HOME/webapps.
- Download the latest MELCOE-PDP code, unzip and run:
$ant install $ant load-policies
- The second command loads a list of policies that can be used to bootstrap your system. By default they allow users with administrator role, and "admin" and "fedoraAdmin" users to do everything. They also allow anonymous users (ie. with role "public"), as well as people with role "student" or "staff" to connect to the repository and perform search operation. Naturally, if there are no policies to allow either public, student or staff roles to view a particular collection or resource, those collections or resources will not show up in the search results.
- Restart Tomcat
- Check that your deployment is successful by going to this URL http://<yourhost:8080>/axis2. Under Services, you should see MelcoePDP and PolicyDataManagerService. Please note the URL of the PolicyDataManagerService service since you will need it when deploying mura.
- NOTE: To uninstall melcoe-pdp, you can use the ant script: "ant uninstall".
MELCOE XACML PDP Configuration Files
- config-pdp.xml
This is the dynamic configuration file for the Sun XACML PDP Evaluation Engine. This file is used to register PolicyFinder modules, AttributeFinder modules and ResourceFinder modules
- config-policy-manager.xml
This file configures the Policy Manager. This components specifies which which PolicyDataManager (component that stores/searches/retrieves policies) to use. The default one that is used with the MELCOE XACML PDP is the DbXmlPolicyDataManager. This uses Oracle DBXML as a back-end policy management system. In addition, this configuration file is used to specify which policy combination algorithm to use when multiple policies are retrieved.
- config-dbxml.xml
These settings are for the Oracle DBXML database. They specify where the database is to e located and what it is to be called. It also specifies whether to validate policies against a schema when they are being added or not. In addition you can specify a custom index map. This lets you select which attributs in an XACML Policy Target you are going to be indexing your policies on.
- config-attribute-finder.xml
This config file is for the Fedora RISearch Attribute finder. When policies need additional information from Fedora that was not provided in the XACML Request, they can be retrieved by custom AttributeFinders. This module uses the Fedora RISearch interface to fetch additional attributes for policies. You can specify which attributes to look for in this file as well as what URL, username and password to use for the RISearch.
Detailed configuration information here.
Back to Deployment Guides