Google Site Search

Google
 

Monday, May 10, 2010

Tip: Debugging JBossXACML/PicketBox XACML

JBossXACML Debugging

If you are looking at getting debug information for the rule evaluation:


JBoss AS Environment :

Add a TRACE level logging category in conf/jboss-log4j.xml(AS5+) or deploy/jboss-logging.xml (AS6+)

<category name="org.jboss.security.xacml">
<priority value="TRACE"/>
</category>



Non-JBoss AS Environment such as Apache Tomcat :

Try to create a logging.properties file
============================
# Specify the handlers to create in the root logger
# (all loggers are children of the root logger)
# The following creates two handlers
handlers = java.util.logging.ConsoleHandler, java.util.logging.FileHandler

# Set the default logging level for the root logger
.level = ALL

# Set the default logging level for new ConsoleHandler instances
java.util.logging.ConsoleHandler.level = ALL

# Set the default logging level for new FileHandler instances
java.util.logging.FileHandler.level = ALL

# Set the default formatter for new ConsoleHandler instances
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
java.util.logging.FileHandler.formatter=java.util.logging.SimpleFormatter

# Set the default logging level for the logger named org.jboss
org.jboss.security.xacml.sunxacml.level = FINEST
com.sun.xml.bind.level = OFF
=====================================================

Now pass the system property with the location of this file such as:
-Djava.util.logging.config.file=src/test/resources/logging.properties

Then you should see something like:
=========================================
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.combine.StandardCombiningAlgFactory initAlgorithms
CONFIG: Initializing standard combining algorithms
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.StandardFunctionFactory initGeneralFunctions
CONFIG: Initializing standard General functions
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.StandardFunctionFactory initConditionFunctions
CONFIG: Initializing standard Condition functions
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.StandardFunctionFactory initTargetFunctions
CONFIG: Initializing standard Target functions
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.PDP
FINE: creating a PDP
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.finder.PolicyFinder init
FINER: Initializing PolicyFinder
Resource must contain resource-id attr
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:string-bag-size:
:::result=2
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:integer-equal:


::org.jboss.security.xacml.sunxacml.attr.IntegerAttribute@0:::result=false
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:not:



0

:::result=true
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:string-subset:
::
:::result=true
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:not:



:::result=false
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:and:

0
::

:::result=false
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.combine.DenyOverridesRuleAlg combine
FINE: Rule id:urn:oasis:names:tc:xspa:1.0:org:allowed:organizations:deny:result=3
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:time-one-and-only:
:::result=15:38:25.553000000-05:00
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:time-one-and-only:
:::result=00:00:00-08:00
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:time-greater-than-or-equal:
::
:::result=true
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:not:
:::result=false
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:time-one-and-only:
:::result=15:38:25.553000000-05:00
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:time-one-and-only:
:::result=23:59:00-08:00
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:time-less-than-or-equal:

::

:::result=false
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:not:


:::result=true
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.cond.Apply evaluate
FINE: Function:urn:oasis:names:tc:xacml:1.0:function:or:


::


:::result=true
Mar 30, 2009 3:38:25 PM org.jboss.security.xacml.sunxacml.combine.DenyOverridesRuleAlg combine
FINE: Rule id:urn:oasis:names:tc:xspa:1.0:org:hoursofoperation:deny:result=1
=============================

This is very good debug information.
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)