authzforce / restful-pdp Goto Github PK

View Code? Open in Web Editor NEW

15.0 5.0 4.0 315 KB

AuthzForce RESTful XACML PDP service (compliant with XACML REST & JSON Profiles)

Home Page: https://authzforce.ow2.org

License: GNU General Public License v3.0

Java 76.15% Shell 20.71% Dockerfile 3.14%

xacml authorization access-control rest-api restful-api jax-rs cxf pdp spring-boot json

restful-pdp's Introduction

AuthzForce RESTful PDP

RESTful PDP API implementation, compliant with REST Profile of XACML 3.0. This is minimalist compared to AuthzForce server project as it does not provide multi-tenant PDP/PAP but only a single PDP (per instance). Therefore, this is more suitable for microservices, or, more generally, simple applications requiring only one PDP per instance.

In particular, the project provides the following (Maven groupId:artifactId):

org.ow2.authzforce:authzforce-ce-restful-pdp-cxf-spring-boot-server: a fully executable RESTful XACML PDP server (runnable from the command-line), packaged as a Spring Boot application or Docker image (see the Docker Compose example for usage).
org.ow2.authzforce:authzforce-ce-restful-pdp-jaxrs: pure JAX-RS implementation of a PDP service, that you can reuse as a library with any JAX-RS framework, especially other than Apache CXF, to provide your own custom RESTful PDP service.

Go to the releases page for specific release info: downloads (Linux packages), Docker image, release notes

Features

XACML PDP engine

See AuthzForce Core features for the XACML PDP engine's features.

REST API

Conformance with REST Profile of XACML v3.0 Version 1.0
Supported data formats, aka content types:
- application/xacml+xml: XACML 3.0/XML content, as defined by RFC 7061, for XACML Request/Response only;
- application/xml: same as application/xacml+xml;
- application/xacml+json: XACML 3.0/JSON Request/Response, as defined by XACML v3.0 - JSON Profile Version 1.0;
- application/json: same as application/xacml+json.

Limitations

See AuthzForce Core limitations.

System requirements

Java (JRE) 17 or later.

Versions

See the change log following the Keep a CHANGELOG conventions.

License

See the license file.

Getting started

Launch the PDP with either Docker or the executable JAR as described in the next sections.

Using Docker

Git clone this github repository or download the Source code ZIP from the latest release and unzip it, then from the git clone / unzipped folder, go to the docker directory.

If you wish to use a different XACML Policy from the one provided, change the policyLocation parameter in the pdp/conf/pdp.xml (PDP configuration) file in that directory accordingly.

Then run: docker compose up -d, then docker compose logs to check the PDP is up and running.

(You can change the logging verbosity by modifying the Logback configuration file pdp/conf/logback.xml.)

Using the executable JAR

Get the latest executable jar from Maven Central with groupId/artifactId = org.ow2.authzforce/authzforce-ce-restful-pdp-cxf-spring-boot-server. The name of the JAR is authzforce-ce-restful-pdp-cxf-spring-boot-server-M.m.p.jar (replace M.m.p with the latest version).

Make sure it is executable (replace M.m.p with the current version):

chmod u+x authzforce-ce-restful-pdp-cxf-spring-boot-server-M.m.p.jar

Copy the content of that folder to the same directory.

If you wish to use a different XACML Policy from the one provided, change the policyLocation parameter in the pdp.xml (PDP configuration) file in that directory accordingly.

Then run the executable from that directory as follows (replace M.m.p with the current version):

$ ./authzforce-ce-restful-pdp-cxf-spring-boot-server-M.m.p.jar

If it refuses to start because the TCP listening port is already used (by some other server on the system), you can change that port in file application.yml copied previously: uncomment and change server.port property value to something else (default is 8080).

You know the embedded server is up and running when you see something like this (if and only if the logger for Spring classes is at least in INFO level, according to Logback configuration file mentioned down below) :

... Tomcat started on port(s): 8080 (http)

(You can change the logging verbosity by modifying the Logback configuration file logback.xml copied previously.)

Send an XACML Request to the PDP

Once the PDP is up and running, you can make a XACML request from a different terminal, for example using the XACML/JSON request in that folder (install curl tool if you don't have it already on your system):

$ curl --include --header "Content-Type: application/xacml+json" --data @IIA001/Request.json http://localhost:8080/services/pdp

Add --verbose option for more details. You should get a XACML/JSON response such as:

{"Response":[{"Decision":"Permit"}]}

Extensions

If you are missing features in AuthzForce, you can extend it with various types of plugins (without changing the existing code), as described on AuthzForce Core's wiki.

In order to use them, put the extension JAR(s) into an extensions folder in the same directory as the executable jar, already present if you followed the previous Getting started section. If the extension(s) use XML configuration (e.g. AttributeProvider), add the schema import into pdp-ext.xsd (import namespace only, do not specify schema location) and schema namespace-to-location mapping into catalog.xml. Then run the executable as follows (replace M.m.p with the current version):

$ java -Dloader.path=extensions -jar authzforce-ce-restful-pdp-cxf-spring-boot-server-M.m.p.jar

Example with MongoDBPolicyProvider extension

To use the Policy Provider for policies stored in MongoDB, please make sure the JAR with the MongoDB policy provider, i.e. the authzforce-ce-core-pdp-testutils module (in the same version as authzforce-ce-core-pdp-engine that is already included in AuthzForce RESTful PDP) is on the classpath, eg. in the extensions folder mentioned above, with and all its required dependencies. The main dependencies (looking at the pom of pdp-testutils module) in Maven terms are:

<dependency>
         <groupId>org.jongo</groupId>
         <artifactId>jongo</artifactId>
	 <!-- Set the version to whatever version is specified in authzforce-ce-core-pdp-testutils Maven POM.  -->
         <version>${jongo.version}</version>
</dependency>
<dependency>
         <groupId>org.mongodb</groupId>
         <artifactId>mongodb-driver-legacy</artifactId>
	<!-- Set the version to whatever version is specified in authzforce-ce-core-pdp-testutils Maven POM. -->
         <version>${mongodb-driver-legacy.version}</version>
</dependency>

These dependencies have dependencies as well, so make sure to include them all, if not already on the classpath. (There is a way to assemble all jars in a dependency tree automatically with Maven.)

Then do steps 2 to 4 of Using Policy Providers, that is to say:

Add this import to PDP extensions schema (pdp-ext.xsd) to allow using the extension(s) from the authzforce-ce-core-pdp-testutils module in PDP configuration:
```
<xs:import namespace="http://authzforce.github.io/core/xmlns/test/3" />
```

Add an entry to the XML catalog (catalog.xml) to locate the schema corresponding to this namespace:

<uri name="http://authzforce.github.io/core/xmlns/test/3" uri="classpath:org.ow2.authzforce.core.pdp.testutil.ext.xsd" />

Add the policyProvider element to the PDP configuration (pdp.xml), using the new namespace above, like in this example (follow the link).

More info.

Vulnerability reporting

If you want to report a vulnerability, please follow the GitHub procedure for private vulnerability reporting.

Support

If you are experiencing any issue with this project except for vulnerabilities mentioned previously, please report it on the GitHub Issue Tracker. Please include as much information as possible; the more we know, the better the chance of a quicker resolution:

Software version
Platform (OS and JDK)
Stack traces generally really help! If in doubt include the whole thing; often exceptions get wrapped in other exceptions and the exception right near the bottom explains the actual error, not the first few lines at the top. It's very easy for us to skim-read past unnecessary parts of a stack trace.
Log output can be useful too; sometimes enabling DEBUG logging can help;
Your code & configuration files are often useful.

If you wish to contact the developers for other reasons, use AuthzForce contact mailing list.

Contributing

See CONTRIBUTING.md.

restful-pdp's People

Contributors

Stargazers

Watchers

Forkers

fossabot chakra-coder pat-st yehiaelrakaiby

restful-pdp's Issues

java 11 dependency problems

Following the "Getting Started" section fails with OpenJDK-11. OpenJDK-8 is working fine.
System: Ubuntu 18.04, Debian testing. fails. works.

Reason:
Exception in thread "main" java.lang.reflect.InvocationTargetException
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:564)
	at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:54)
	at org.springframework.boot.loader.Launcher.launch(Launcher.java:104)
	at org.springframework.boot.loader.Launcher.launch(Launcher.java:61)
	at org.springframework.boot.loader.PropertiesLauncher.main(PropertiesLauncher.java:621)
Caused by: java.lang.NoClassDefFoundError: org/springframework/boot/SpringApplication
	at org.ow2.authzforce.rest.pdp.cxf.springboot.CxfJaxrsPdpSpringBootApp.main(CxfJaxrsPdpSpringBootApp.java:50)
	... 8 more
Caused by: java.lang.ClassNotFoundException: org.springframework.boot.SpringApplication
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:582)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:190)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:499)
	... 9 more
java.lang.RuntimeException: java.lang.reflect.InvocationTargetException
	at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:62)
	at org.springframework.boot.loader.Launcher.launch(Launcher.java:104)
	at org.springframework.boot.loader.Launcher.launch(Launcher.java:61)
	at org.springframework.boot.loader.PropertiesLauncher.main(PropertiesLauncher.java:621)
Caused by: java.lang.reflect.InvocationTargetException
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:564)
	at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:54)
	... 3 more
Caused by: java.lang.NoClassDefFoundError: org/springframework/boot/SpringApplication

Running 'mvn package' fails with:

-------------------------------------------------------
Running org.ow2.authzforce.rest.pdp.jaxrs.test.XacmlRestProfileJaxRsTest
Tests run: 3, Failures: 1, Errors: 0, Skipped: 2, Time elapsed: 0.206 sec <<< FAILURE! - in org.ow2.authzforce.rest.pdp.jaxrs.test.XacmlRestProfileJaxRsTest
initialize(org.ow2.authzforce.rest.pdp.jaxrs.test.XacmlRestProfileJaxRsTest)  Time elapsed: 0.119 sec  <<< FAILURE!
java.lang.NoClassDefFoundError: javax/xml/bind/JAXBException
	at org.ow2.authzforce.rest.pdp.jaxrs.test.XacmlRestProfileJaxRsTest.startServer(XacmlRestProfileJaxRsTest.java:65)
	at org.ow2.authzforce.rest.pdp.jaxrs.test.XacmlRestProfileJaxRsTest.initialize(XacmlRestProfileJaxRsTest.java:86)
Caused by: java.lang.ClassNotFoundException: javax.xml.bind.JAXBException
	at org.ow2.authzforce.rest.pdp.jaxrs.test.XacmlRestProfileJaxRsTest.startServer(XacmlRestProfileJaxRsTest.java:65)
	at org.ow2.authzforce.rest.pdp.jaxrs.test.XacmlRestProfileJaxRsTest.initialize(XacmlRestProfileJaxRsTest.java:86)


Results :

Failed tests: 
  XacmlRestProfileJaxRsTest.initialize:86->startServer:65 NoClassDefFound javax/...

Which might be the problem addressed here.

Adding to the pom.xml of jaxrs:

<!-- Java 6 = JAX-B Version 2.0   -->
		<!-- Java 7 = JAX-B Version 2.2.3 -->
		<!-- Java 8 = JAX-B Version 2.2.8 -->
		<dependency>
		    <groupId>javax.xml.bind</groupId>
		    <artifactId>jaxb-api</artifactId>
		    <version>2.2.11</version>
		</dependency>
		<dependency>
		    <groupId>com.sun.xml.bind</groupId>
		    <artifactId>jaxb-core</artifactId>
		    <version>2.2.11</version>
		</dependency>
		<dependency>
		    <groupId>com.sun.xml.bind</groupId>
		    <artifactId>jaxb-impl</artifactId>
		    <version>2.2.11</version>
		</dependency>
		<dependency>
	        <groupId>javax.activation</groupId>
	        	<artifactId>activation</artifactId>
	        <version>1.1.1</version>
        </dependency>

leads to mvn package failing with

[INFO] Building org.ow2.authzforce:authzforce-ce-restful-pdp-jaxrs 1.3.0
[INFO] ------------------------------------------------------------------------
[WARNING] The POM for com.sun.xml.bind:jaxb-core:jar:2.2.11 is invalid, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] The POM for com.sun.xml.bind:jaxb-impl:jar:2.2.11 is invalid, transitive dependencies (if any) will not be available, enable debug logging for more details
[INFO] 
[INFO] --- license-maven-plugin:3.0:format (format-sources-license) @ authzforce-ce-restful-pdp-jaxrs ---
[INFO] Updating license headers...
[INFO] 
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ authzforce-ce-restful-pdp-jaxrs ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory /home/stepo/workspace/restful-pdp/jaxrs/src/main/resources
[INFO] 
[INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ authzforce-ce-restful-pdp-jaxrs ---
[INFO] Nothing to compile - all classes are up to date
[INFO] 
[INFO] --- license-maven-plugin:3.0:format (format-test-sources-license) @ authzforce-ce-restful-pdp-jaxrs ---
[INFO] Updating license headers...
[INFO] 
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ authzforce-ce-restful-pdp-jaxrs ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 8 resources
[INFO] 
[INFO] --- maven-compiler-plugin:2.3.2:testCompile (default-testCompile) @ authzforce-ce-restful-pdp-jaxrs ---
[INFO] Nothing to compile - all classes are up to date
[INFO] 
[INFO] --- maven-surefire-plugin:2.19.1:test (default-test) @ authzforce-ce-restful-pdp-jaxrs ---

-------------------------------------------------------
 T E S T S
-------------------------------------------------------
Running org.ow2.authzforce.rest.pdp.jaxrs.test.XacmlRestProfileJaxRsTest
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector (file:/home/stepo/.m2/repository/com/sun/xml/bind/jaxb-impl/2.2.11/jaxb-impl-2.2.11.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int)
WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Tests run: 3, Failures: 1, Errors: 0, Skipped: 2, Time elapsed: 0.899 sec <<< FAILURE! - in org.ow2.authzforce.rest.pdp.jaxrs.test.XacmlRestProfileJaxRsTest
initialize(org.ow2.authzforce.rest.pdp.jaxrs.test.XacmlRestProfileJaxRsTest)  Time elapsed: 0.84 sec  <<< FAILURE!
java.lang.NoClassDefFoundError: javax/xml/ws/WebServiceFeature
	at org.ow2.authzforce.rest.pdp.jaxrs.test.XacmlRestProfileJaxRsTest.startServer(XacmlRestProfileJaxRsTest.java:74)
	at org.ow2.authzforce.rest.pdp.jaxrs.test.XacmlRestProfileJaxRsTest.initialize(XacmlRestProfileJaxRsTest.java:86)
Caused by: java.lang.ClassNotFoundException: javax.xml.ws.WebServiceFeature
	at
org.ow2.authzforce.rest.pdp.jaxrs.test.XacmlRestProfileJaxRsTest.startServer(XacmlRestProfileJaxRsTest.java:74)
	at org.ow2.authzforce.rest.pdp.jaxrs.test.XacmlRestProfileJaxRsTest.initialize(XacmlRestProfileJaxRsTest.java:86)

At which point I'm stuck. I'm guessing resolving [WARNING] The POM for com.sun.xml.bind:jaxb-core:jar:2.2.11 is invalid, transitive dependencies (if any) will not be available, enable debug logging for more details is the next step?

CXF dependency tomcat-embed-core:8.5.27 identified with CVE-2018-1305, CVE-2018-1304

OWASP dependency check error on module cxf-spring-boot-server:

One or more dependencies were identified with known vulnerabilities in org.ow2.authzforce:authzforce-ce-restful-pdp-cxf-spring-boot-server:

tomcat-embed-core-8.5.27.jar (cpe:/a:apache_tomcat:apache_tomcat:8.5.27, cpe:/a:apache:tomcat:8.5.27, org.apache.tomcat.embed:tomcat-embed-core:8.5.27, cpe:/a:apache_software_foundation:tomcat:8.5.27) : CVE-2018-1305, CVE-2018-1304

This is caused by cxf-spring-boot-starter-jaxrs:3.2.4 depending on spring-boot-starter-web:1.5.10 depending on spring-boot-starter-tomcat:1.5.10 depending on affecter tomcat-embed-core version.

TODO: report this issue on CXF project recommending to upgrade to spring-boot-starter-web:1.5.11.RELEASE or later

Publish docker image for new release 4.0.0

Reload PDP Configuration after change (without JVM restart)

http://www.tothenew.com/blog/loading-and-removing-bean-at-run-time-in-spring-application/

Problem configuring PDP to use StaticRefPolicyProvider

I am using the springboot example in this repo to experiment with a microservice-based PDP.

I am running into trouble when I try to modify the pdp.xml file to load additional policies and use the PolicySetIdReference feature.
I have tried following the documentation here: https://github.com/authzforce/core/wiki/Policy-Providers

I note that the example pdp.xml says, "You may customize this PDP configuration except 'rootPolicyProvider' and 'refPolicyProvider' elements." but I don't know why or what exactly that means (there is no refPolicyProvider element in the example).

The configuration I am trying to use looks like the following:

   <refPolicyProvider id="refPolicyProvider" xsi:type="StaticRefPolicyProvider" policyLocation="policies/*.xml" />
   <rootPolicyProvider id="rootPolicyProvider" xsi:type="StaticRefBasedRootPolicyProvider">
      <policyRef>root</policyRef>
   </rootPolicyProvider>

The error I am getting is the following:

org.springframework.beans.factory.BeanCreationException: 
Error creating bean with name 'pdpEngineConf' defined in class path resource [cxf-pdp-service.xml]: 
Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: 
Failed to instantiate [org.ow2.authzforce.core.pdp.impl.PdpEngineConfiguration]: 
Factory method 'getInstance' threw exception; nested exception is java.lang.IllegalArgumentException: 
Invalid PDP configuration file
...
Caused by: org.xml.sax.SAXParseException; 
systemId: file:/opt/authzforce/pdp.xml; lineNumber: 3; columnNumber: 115; 
cvc-complex-type.3.2.2: 
Attribute 'policyLocation' is not allowed to appear in element 'refPolicyProvider'.

I'm sure I'm missing some configuration setting and would love your insight.

MongoDB PolicyProvider: Root PolicySet not Found

I'm looking to fix an issue where the restful-pdp won't recognize the existence of the root policy in a local MongoDB Database. Previously, I was able to run the restful-pdp successfully using a previous version of the root policy. However, I had to make an edit to the root policy, and now AuthzForce won't recognize the existence of any root policy.

I have attempted to use the root policy from https://github.com/authzforce/restful-pdp/blob/develop/cxf-spring-boot-server/src/main/resources/policy.xml but to no avail.

The Root Policy

<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicySetId="root" Version="001" PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-unless-permit">
<Target/>
</PolicySet>

The MongoDB Document

{
    "id": "root",
    "version": "001",
    "type": "{urn:oasis:names:tc:xacml:3.0:core:schema:wd-17} PolicySet",
    "content": "<PolicySet xmlns=\"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" PolicySetId=\"root\" Version=\"001\" PolicyCombiningAlgId=\"urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-unless-permit\"><Target/></PolicySet>",
    "_id": {"$oid": "6195890387ea4e108b7e9ab4"}
}

The Error Stack Trace

2021-11-17 17:23:20.391  INFO 7280 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 8080 (http)
2021-11-17 17:23:20.630  INFO 7280 --- [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 5024 ms
2021-11-17 17:23:23.420  WARN 7280 --- [           main] ConfigServletWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'tazService': Cannot create inner bean 'org.ow2.authzforce.rest.pdp.jaxrs.XacmlPdpResource#20bd8be5' of type [org.ow2.authzforce.rest.pdp.jaxrs.XacmlPdpResource] while setting bean property 'serviceBeans' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.ow2.authzforce.rest.pdp.jaxrs.XacmlPdpResource#20bd8be5' defined in URL [file:./spring-beans.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.ow2.authzforce.rest.pdp.jaxrs.XacmlPdpResource]: Constructor threw exception; nested exception is java.lang.IllegalArgumentException: No such Policy(Set) found: ID = 'root', version pattern = Version=*,EarliestVersion=*,LatestVersion=*
2021-11-17 17:23:23.584  INFO 7280 --- [           main] ConditionEvaluationReportLoggingListener : 

Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2021-11-17 17:23:23.589 ERROR 7280 --- [           main] o.s.boot.SpringApplication               : Application run failed

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'tazService': Cannot create inner bean 'org.ow2.authzforce.rest.pdp.jaxrs.XacmlPdpResource#20bd8be5' of type [org.ow2.authzforce.rest.pdp.jaxrs.XacmlPdpResource] while setting bean property 'serviceBeans' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.ow2.authzforce.rest.pdp.jaxrs.XacmlPdpResource#20bd8be5' defined in URL [file:./spring-beans.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.ow2.authzforce.rest.pdp.jaxrs.XacmlPdpResource]: Constructor threw exception; nested exception is java.lang.IllegalArgumentException: No such Policy(Set) found: ID = 'root', version pattern = Version=*,EarliestVersion=*,LatestVersion=*
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:389)
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:127)
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:428)
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:173)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1697)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1442)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:593)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:516)
        at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:324)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:322)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:897)
        at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:879)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:551)
        at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:143)
        at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:758)
        at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:750)
        at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:405)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:315)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:1237)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226)
        at org.ow2.authzforce.rest.pdp.cxf.springboot.CxfJaxrsPdpSpringBootApp.main(CxfJaxrsPdpSpringBootApp.java:56)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:567)
        at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49)
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:107)
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:58)
        at org.springframework.boot.loader.PropertiesLauncher.main(PropertiesLauncher.java:467)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.ow2.authzforce.rest.pdp.jaxrs.XacmlPdpResource#20bd8be5' defined in URL [file:./spring-beans.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.ow2.authzforce.rest.pdp.jaxrs.XacmlPdpResource]: Constructor threw exception; nested exception is java.lang.IllegalArgumentException: No such Policy(Set) found: ID = 'root', version pattern = Version=*,EarliestVersion=*,LatestVersion=*
        at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:313)
        at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:294)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1356)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1203)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:556)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:516)
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:374)
        ... 30 common frames omitted
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.ow2.authzforce.rest.pdp.jaxrs.XacmlPdpResource]: Constructor threw exception; nested exception is java.lang.IllegalArgumentException: No such Policy(Set) found: ID = 'root', version pattern = Version=*,EarliestVersion=*,LatestVersion=*
        at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:217)
        at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:117)
        at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:309)
        ... 36 common frames omitted
Caused by: java.lang.IllegalArgumentException: No such Policy(Set) found: ID = 'root', version pattern = Version=*,EarliestVersion=*,LatestVersion=*
        at org.ow2.authzforce.core.pdp.impl.policy.RootPolicyEvaluators$StaticView.<init>(RootPolicyEvaluators.java:236)
        at org.ow2.authzforce.core.pdp.impl.policy.RootPolicyEvaluators$Base.toStatic(RootPolicyEvaluators.java:206)
        at org.ow2.authzforce.core.pdp.impl.BasePdpEngine.<init>(BasePdpEngine.java:618)
        at org.ow2.authzforce.core.pdp.impl.BasePdpEngine.<init>(BasePdpEngine.java:658)
        at org.ow2.authzforce.rest.pdp.jaxrs.PdpBundle.<init>(PdpBundle.java:66)
        at org.ow2.authzforce.rest.pdp.jaxrs.XacmlPdpResource.<init>(XacmlPdpResource.java:56)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500)
        at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:481)
        at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:204)
        ... 38 common frames omitted

Do a new release with latest authzforce Core version

bugfixes and features enhancements added to authzforce core since 20.0.0

Tomcat bug in Spring dependency of restful-pdp

We are using this image https://hub.docker.com/r/authzforce/restful-pdp/tags (3.0.0) which has a dependency on spring boot 1.5.14.RELEASE which in turn has a dependency on tomcat 8.5.31. We are affected by the following bug in this version of tomcat: https://stackoverflow.com/a/51202547 and an upgrade to Spring boot 1.5.15 or higher would fix the issue for us – would you consider updating the JAR + docker image with updated dependencies to fix?

Regards
Severin

PolicyProvider for restful-pdp

I'd like to run the restful-pdp as a standalone service. But I don't want to have static policies. I'd like to have many polices.

Use Case is the following:
I want to protect some files. Before Reading and Writing I want to check either the person is allowed or not.
But if a file is new created I need a new policy. And maybe later one I want to share the file with someone else, so the policies shall be adaptable as well.

I found in authzforce/core PolicyProviders and was wondering if and how I can use these in the restful-pdp ?
Maybe it's pretty easy and obvious, but I don't get it yet ;)

As I understood, there is a MongoDB Policy Provider. So I can feed the mongoDB with Policies and the PDP always extracts the policies from the mongoDB. And the PolicyProvider is carrying about the communication between the PDP engine and the DB. If it works like that it would be amazing.

So how can I get the restful-pdp to use the MongoDBBasedPolicyProvider ?

Thanks in advance.