JiscMail Logo
Email discussion lists for the UK Education and Research communities

Help for PERMIS-USERS Archives


PERMIS-USERS Archives

PERMIS-USERS Archives


PERMIS-USERS@JISCMAIL.AC.UK


View:

Message:

[

First

|

Previous

|

Next

|

Last

]

By Topic:

[

First

|

Previous

|

Next

|

Last

]

By Author:

[

First

|

Previous

|

Next

|

Last

]

Font:

Proportional Font

LISTSERV Archives

LISTSERV Archives

PERMIS-USERS Home

PERMIS-USERS Home

PERMIS-USERS  June 2011

PERMIS-USERS June 2011

Options

Subscribe or Unsubscribe

Subscribe or Unsubscribe

Log In

Log In

Get Password

Get Password

Subject:

Re: [SOLVED] Ownership problem

From:

Stijn Lievens <[log in to unmask]>

Reply-To:

For users/administrators of the PERMIS authorisation software <[log in to unmask]>

Date:

Fri, 10 Jun 2011 10:35:42 +0100

Content-Type:

text/plain

Parts/Attachments:

Parts/Attachments

text/plain (164 lines)

On 10/06/11 09:16, Eliana Lazzeri wrote:
> Hi Stijn,
>
> On 09/06/11 16:21, Eliana Lazzeri wrote:
>> Hi Stijin,
>>
>> thanks again for your help and for your patience!!!!!
>>
>> I hope that this is the last time that I must disturb to you.
>>
>> On 09/06/11 10:49, Eliana Lazzeri wrote:
>>> Hi Stijn,
>>>
>>>>      From your log file I could see that the certificate wasn't being parsed
>>>> and was treated as a validated attribute.
>>>
>>>> Unfortunately, the code you are using is a bit outdated and no longer
>>>> maintained.
>>>
>>>> However, there is newer software (which we still maintain and develop)
>>>> that allows you to use XACML request contexts as well, it is basically
>>>> the code that powers the authorization web service, but you could use it
>>>> as an API as well.
>>>
>>>> I have tried your request/policy and I can get it to work using this
>>>> software. I attach the 'correct' request for your convenience.
>>>
>>>
>>> Thanks! Unfortunately, if I use "your" request I obain again this error:
>>>
>>> <Response>
>>>      <Result ResourceId="cn=drug,ou=medication,o=permisv5,c=IT">
>>>        <Decision>Indeterminate</Decision>
>>>        <Status>
>>>          <StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:processing-error"/>
>>>        </Status>
>>>      </Result>
>>> </Response>
>>>
>>> and in my log file I can see this line:
>>>
>>> 2011-06-09 11:36:31,276 [main] DEBUG issrg.utils.handler.Handler - wrong subject attribute data type
>>>
>>> I can remove this error by modifying DataType from http://www.w3.org/2001/XMLSchema#base64Binary to http://www.w3.org/2001/XMLSchema#String but so the interface doesn't check my certificate.
>>>
>>> How can I solve my problem? I'm sorry but I don't find any solution by myself.
>>>
>>
>>> As I have said before, the code you are using is a bit buggy and we no
>>> longer maintain it really.
>>
>>> I have verified myself that your policy works with the request I've sent
>>> you when using the newer software. Is there any reason in particular
>>> that you insist on using the software you are using now.
>>
>> I'm sorry. You are right. I have tried to use the old software but this is not a good idea.
>>
>>> I can run your example as follows (from within containing standalone.jar
>>> when you downloaded the authz server):
>>
>>> java -cp
>>> standalone.jar:lib/log4j-1.2.15.jar:lib/XBeans-packaged.jar:lib/xmlbeans-2.3.0.jar
>>> issrg.xmlhandling.xacml.Xacmlv2Handler
>>> /home/sfl/work/tmp/permisconfig.txt
>>> /home/sfl/work/tmp/eliana-request-correct.xml
>>
>>> And then I get (after ignoring all the OpenSAML debug output):
>>> The response is
>>> <Response xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os">
>>>      <Result>
>>>       <Decision>Permit</Decision>
>>>       <Status>
>>>         <StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
>>>        </Status>
>>>      </Result>
>>> </Response>
>>
>>
>>> You have done all the hard work and are nearly there. Why don't you try
>>> the newer software?
>>
>> Now, I'm trying the newer software.
>>
>> I'm using this command:
>>
>> java -cp
>> standalone.jar:log4j-1.2.15.jar:xmlbeans-2.3.0.jar:XBeans-packaged.jar:iaik_jce.jar:opensaml-2.2.3.jar:xmltooling-1.0.1.jar:joda-time-1.6.jar:slf4j-api-1.6.1.jar:slf4j-log4j12-1.6.1.jar:xmlsec-1.4.1.jar:xmlsec-1.4.1-commons-logging.jar:velocity-dep-1.5.jar:. -Dlog4j.debug=true -Dlog4j.configuration=file:///home/eliana/Documenti/dis/log4j.config
>> issrg.xmlhandling.xacml.Xacmlv2Handler
>> permisConfig.txt
>> eliana-request-correct.xml
>>
>> I have added jar files to the classpath because I had to solve some java error.
>>
>> permisConfig.txt is equal to:
>>
>> <PERMISConfiguration isDefault="true">
>>        <PolicyLocation>/home/eliana/Documenti/dis/pba_sample_5_0_3/TreC/TreC_policy.xml</PolicyLocation>
>>        <PolicyIssuer>cn=A Permis Test User,o=permisV5,c=gb</PolicyIssuer>
>>        <PolicyIdentifier>TreC_policy</PolicyIdentifier>
>> </PERMISConfiguration>
>>
>> My command gives me this error:
>> -------------------------------------------------------------------------------------------------------------------
>>    Exception in thread "main" java.lang.ExceptionInInitializerError
>> 	at issrg.pba.TokenType$2.getParser(Unknown Source)
>> 	at issrg.pba.MultiAuthzTokenParser.<init>(Unknown Source)
>> 	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>> 	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
>> 	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
>> 	at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
>> 	at java.lang.Class.newInstance0(Class.java:355)
>> 	at java.lang.Class.newInstance(Class.java:308)
>> 	at issrg.pba.rbac.CustomisePERMIS.getAuthzTokenParser(Unknown Source)
>> 	at issrg.pba.rbac.PermisRBAC.<init>(Unknown Source)
>> 	at issrg.pba.rbac.PermisRBAC.<init>(Unknown Source)
>> 	at issrg.standalone.configuration.CreateRBAC.<init>(Unknown Source)
>> 	at issrg.xmlhandling.xacml.Xacmlv2Handler.main(Unknown Source)
>> Caused by: java.lang.IllegalArgumentException: InputStream cannot be null
>> 	at javax.xml.parsers.DocumentBuilder.parse(Unknown Source)
>> 	at org.opensaml.xml.parse.BasicParserPool$DocumentBuilderProxy.parse(BasicParserPool.java:607)
>> 	at org.opensaml.xml.parse.BasicParserPool.parse(BasicParserPool.java:210)
>> 	at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:124)
>> 	at org.opensaml.DefaultBootstrap.initializeXMLTooling(DefaultBootstrap.java:143)
>> 	at org.opensaml.DefaultBootstrap.bootstrap(DefaultBootstrap.java:83)
>> 	at issrg.saml2.RoleBasedSAML2AssertionParser.<clinit>(Unknown Source)
>> 	... 13 more
>> -------------------------------------------------------------------------------------------------------------------
>>
>> Can you give me any suggestion?
>>
>
>> My guess is that this is because you need to endorse the XML libraries.
>
>> So, follow the process described in the user guide to endorse the XML
>> libraries when you would use the authz server as a standalone program.
>
> I have followed that user guide some time ago, so I have already copy the endorsed files in my JAVA_HOME and I have set up the classpath with JAVA_HOME. (I'm attaching my log file).
>

I still think it points to a library problem.

The standalone.jar has a manifest in it which points to the required 
libraries but they are expected to be in the 'lib' folder where the 
standalone.jar file is. So, in my previous example the additional 
libraries were not needed.

Please try again follows:

In the folder where you unzip the standalone_0_2_5.zip file do

java -cp standalone.jar /path/to/permisconfig.txt 
/path/to/eliana-request-correct.xml

This should then work I think. If it does then it is simply a matter of 
pointing to the right libraries later.

Regards,

Stijn.


> Thanks
>
> Eliana

Top of Message | Previous Page | Permalink

JiscMail Tools


RSS Feeds and Sharing


Advanced Options


Archives

September 2017
May 2014
June 2013
April 2013
November 2012
September 2012
July 2012
February 2012
November 2011
October 2011
September 2011
June 2011
May 2011
April 2011
March 2011
February 2011
November 2010
October 2010
August 2010
July 2010
April 2010
March 2010
February 2010
January 2010
December 2009
October 2009
August 2009
June 2009
March 2009
February 2009
January 2009
November 2008
October 2008
May 2008
April 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
May 2007
March 2007
February 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006


JiscMail is a Jisc service.

View our service policies at https://www.jiscmail.ac.uk/policyandsecurity/ and Jisc's privacy policy at https://www.jisc.ac.uk/website/privacy-notice

Secured by F-Secure Anti-Virus CataList Email List Search Powered by the LISTSERV Email List Manager