Getting start with Balana

Balana is one of open sourceXACML implementation that supports XACML 3.0.  If you need to do some testing on Balana or integrate the Balana with any other component, this blog post would be useful. Here i am going to explain how we can get start of Balana.

Approach 1. This is the easiest way. Just create Balana instance and create PDP instance from the configuration of Balana

Balana balana = Balana.getInstance();
PDP pdp = new PDP(balana.getPdpConfig());
pdp.evaluate(xacmlRequest);

Here Balana instance is created with following default configurations

-> with all standard attribute types
-> with all standard combining algorithms
-> with all standard functions
-> current environment module that supports following attribute Ids

urn:oasis:names:tc:xacml:1.0:environment:current-time
urn:oasis:names:tc:xacml:1.0:environment:current-date
urn:oasis:names:tc:xacml:1.0:environment:current-dateTime

-> attribute selector module to support xpath evaluations
-> file based policy finder module
-> disable multiple decisions

Approach 2. Creating Balana instance by reading configuration file with default configurations

System.setProperty(ConfigurationStore.PDP_CONFIG_PROPERTY, configFileLocation);
Balana balana = Balana.getInstance();
PDP pdp = new PDP(balana.getPdpConfig());
pdp.evaluate(xacmlRequest);

Here before you are creating the Balana instance, you want to specify the configuration file location.

Default configuration file would be as follows.

<config defaultPDP="pdp" defaultAttributeFactory="attr"
 defaultCombiningAlgFactory="comb" defaultFunctionFactory="func">
 <pdp name="pdp">
 <attributeFinderModule class="org.wso2.balana.finder.impl.CurrentEnvModule"/>
 <attributeFinderModule class="org.wso2.balana.finder.impl.SelectorModule"/>
 <attributeFinderModule class="org.wso2.balana.finder.impl.SelectorModule"/>
 <policyFinderModule class="org.wso2.balana.finder.impl.FileBasedPolicyFinderModule"/>
 </pdp>
 <attributeFactory name="attr" useStandardDatatypes="true"/>
 <functionFactory name="func" useStandardFunctions="true"/>
 <combiningAlgFactory name="comb" useStandardAlgorithms="true"/>
</config>

If you want to add new extension points, you can do it modifying this configuration file.

As an example, if you are defining new condition function called “TimeInRangeFunction” you can do it as follows,

 <functionFactory name="func" useStandardFunctions="true">
 <condition>
 <function class="org.wso2.balana.cond.TimeInRangeFunction"/>
 </condition>
 </functionFactory>

Approach 3. Creating Balana instance by reading configuration file with specified configurations.

There may be use cases, where you want to have multiple Balana configurations for different application. Then you can create Balana instance by specifying it using a identifier

System.setProperty(ConfigurationStore.PDP_CONFIG_PROPERTY, configFileLocation);
Balana balana = Balana.getInstance(identifier);
PDP pdp = new PDP(balana.getPdpConfig());
pdp.evaluate(xacmlRequest);

Your configuration file would look as follows.

<config defaultPDP="pdp" defaultAttributeFactory="attr"
 defaultCombiningAlgFactory="comb" defaultFunctionFactory="func">
 <pdp name="pdp">
 <attributeFinderModule class="org.wso2.balana.finder.impl.CurrentEnvModule"/>
 <attributeFinderModule class="org.wso2.balana.finder.impl.SelectorModule"/>
 <policyFinderModule class="org.wso2.balana.finder.impl.FileBasedPolicyFinderModule"/>
 </pdp>
 <pdp name="myApp">
 <policyFinderModule class="com.my.app.PolicyFinderModule"/>
 </pdp>
 <attributeFactory name="attr" useStandardDatatypes="true"/>
 <functionFactory name="func" useStandardFunctions="true"/>
 <combiningAlgFactory name="comb" useStandardAlgorithms="true"/>
 <combiningAlgFactory name="myApp" useStandardAlgorithms="true">
 <algorithm class="com.my.app.RuleAlg"/>
 </combiningAlgFactory>
 <combiningAlgFactory name="mySecondApp" useStandardAlgorithms="true">
 <algorithm class="com.my.app.SecondRuleAlg"/>
 </combiningAlgFactory>
</config>

There is a configuration called “myApp” So you can init Balana as

Balana.getInstance("myApp");

If you wan to use different configurations for one application, you can init Balana as following

Balana.getInstance(pdpConfigName, attributeFactoryName, functionFactoryName, combiningAlgFactoryName);

So if you are init Balana with “myApp” PDP config and “mySecondApp” combining Algo factory, then it would look as follows

Balana.getInstance("myApp", null, null, "mySecondApp");

Also if you are using default policy store, i.e “FileBasedPolicyFinderModule” you can specify the file path for your policy collection (directory that contains policy files).

Therefore before init the Balana instance you can specify it as following

System.setProperty(FileBasedPolicyFinderModule.POLICY_DIR_PROPERTY, policyDirectoryLocation);

I guess this blog post would be a good start point for Balana.