According to the XACML specification, there are lot of extension points that provide the flexibility to extend a XACML engine. Balana XACML 3.0 implementation supports most of those extension points. Such as
1. Attribute finders
2. Policy finders
3. custom XACML function
4. custom combining algorithms
5. custom datatypes.
In this blog post, I will explain to configure a new custom rule combining algorithm with Balana. i.e called “Highest Effect” let assume its functionality as follows
-> Evaluate all the rules in the policy
-> If “Permit” is the highest number of resultant effects in the policy, Policy effect would be “Permit”
-> If else Policy effect would be “Deny”
Let see how you can implement this.
Step 1. As we are implementing rule combining algorithm, you want to extend abstract class called “RuleCombiningAlgorithm”
Step 2. You only need to implement the “combine” method and introduce a new default constructor
Step 3. Compile your class and add in to the class path.
Step 4. Update the configuration file of Balana with new rule combining algorithm. As follows
<combiningAlgFactory name="comb" useStandardAlgorithms="true"> <algorithm class="org.wso2.balana.samples.custom.algo.HighestEffectRuleAlg"/> </combiningAlgFactory>
Please find the sample project from here.