Initial commit.

src/eu.aniketos.securebpmn.xacml.pdp/src/main/webapp/WEB-INF/policies/test4.xacml

@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	PolicySetId="breakglass.prototype.MedicalRecord"
+	PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:first-applicable">
+  <Target>
+    <Resources>
+      <Resource> 
+        <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+          <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">breakglass.prototype.MedicalRecord</AttributeValue>
+          <ResourceAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#anyURI"
+                                       AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"/>
+        </ResourceMatch>
+      </Resource>
+    </Resources>
+  </Target>
+  <Policy PolicyId="breakglass.prototype.MedicalRecord_default"
+        RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+    <Description>
+      Default policy (no exception level) for MedicalRecord
+    </Description>
+    <Target>
+    </Target>
+
+    <Rule RuleId="breakglass.prototype.MedicalRecord_default_rud_OCL1" Effect="Deny">
+    <Target/>
+    </Rule>
+
+    <Rule RuleId="breakglass.prototype.MedicalRecord_default_rud_OCL2" Effect="Permit">
+    <Target>
+      <Actions>
+          <Action>
+            <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+              <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">update</AttributeValue>
+              <ActionAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string"
+                                       AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"/>
+            </ActionMatch>
+          </Action>
+          <Action>
+            <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+              <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+              <ActionAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string"
+                                       AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"/>
+            </ActionMatch>
+          </Action>
+          <Action>
+            <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+              <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">delete</AttributeValue>
+              <ActionAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string"
+                                       AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"/>
+            </ActionMatch>
+          </Action>
+      </Actions>
+    </Target>
+
+    <Condition> 
+     <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+      <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range">
+       <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
+        <EnvironmentAttributeDesignator  DataType="http://www.w3.org/2001/XMLSchema#time"
+         AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time"/>
+       </Apply>
+       <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">00:00:00Z</AttributeValue>
+       <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">23:59:59Z</AttributeValue>
+      </Apply>
+	  <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or">
+       <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+        <Apply  FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+         <SubjectAttributeDesignator  DataType="http://www.w3.org/2001/XMLSchema#string"
+                                   AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"/>
+        </Apply> 
+        <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+          <ResourceAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string"
+                                   AttributeId="urn:owner"/>
+        </Apply>
+       </Apply>
+       <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+        <Apply  FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+          <ResourceAttributeDesignator  DataType="http://www.w3.org/2001/XMLSchema#string"
+                                   AttributeId="urn:owner"/>
+        </Apply> 
+	    <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">helmut</AttributeValue>        
+       </Apply>
+      </Apply>  
+     </Apply>
+     <!-- Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of-all">
+      <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than"/>
+      <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-bag">
+       <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">3</AttributeValue>
+       <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">5</AttributeValue>
+      </Apply>
+      <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-bag">
+       <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">1</AttributeValue>
+       <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">2</AttributeValue>
+       <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">3</AttributeValue>
+       <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">4</AttributeValue>
+      </Apply>
+     </Apply -->
+    </Condition>
+   </Rule>
+  </Policy>
+
+
+  <Policy PolicyId="breakglass.prototype.MedicalRecord_FinalPolicy"
+        RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+
+    <Target>
+
+    </Target>
+
+
+    <Rule RuleId="breakglass.prototype.MedicalRecord_FinalRule" Effect="Deny"/>
+  </Policy>
+</PolicySet>