Google Site Search


Sunday, July 22, 2007

JBoss XACML v2.0.1-BETA released

NOTE: JBossXACML v2.0.3.CR1 <==========

Official Blog Entry is here:
JBoss Blog Notice

It gives me pleasure to inform the community about the release of JBoss XACML v2.0.1-BETA. The license is LGPL.

You can download it from

The Javadoc link is here:

The User Guide is here:
JBoss XACML User Guide

Why is XACML Important?
- Unlike Authentication, AccessControl/Authorization is a complex area where Role Based Access Control (RBAC) is inadequate in many enterprise situations. XACML is a specification that tries to mitigate this with complex policies that can be woven around a combination of subjects (users/user-agents etc), resources (on which the access control is desired) and Environment (IPAddress, Date, Time etc). You should be able to declaratively (via XML or construct policies) to say things like "Allow this portion of the web site to 18 year olds when the time is between 9am and 5pm", "You should update your own payroll information and can do it when you are employed and on Fridays only" etc.
- Enterprises have been doing this via ACLs and other proprietary mechanisms. Now they can use a standard way.

JDK 5 and later (Need JAXBv2)

Sun JAXB v2.0 and later ( I used v2.1.4).
You can use the one from here:

Sun XACML v2.0
Use the one from here:

JBoss v5.0 JavaEE Jar ( support. You can get this from JDK6 or any EE distibution).
JBoss JavaEE

Hal Lockhart, Bill Parducci, Anne Anderson (of the Oasis XACML TC for the specification), Rich Levinson, Dennis Pilipchuck (Oasis XACML Interoperability) and Seth Proctor (SunXACML Implementation)

We use the SunXACML implementation for the business logic, policy evaluation etc. It is an implementation detail. The users of JBossXACML will have to concern themselves with its interfaces and object model.

Please also refer to JBossXACML v2.0.1.GA release.