Closed lmartellotto closed 5 years ago
cdanger
commented
5 years ago Maybe JAXB does not find the declaration of the xml type MyRootPolicyProviderDescriptor for some reason. So we first need to make sure nothing wrong happens when loading the schemas. Could you create a logback.xml like this one on your classpath if you don't have one already, and change the level of logger 'org.ow2.authzforce' to DEBUG? Then reproduce the error and post the logs here please.
lmartellotto
commented
5 years ago Hi cdanger,
Yes of course. All my logs:
07:57:22.880 [main] DEBUG org.ow2.authzforce.core.pdp.api.HashCollections - System property 'org.ow2.authzforce.core.pdp.api.HashCollectionFactoryClass' not set -> using class org.ow2.authzforce.core.pdp.api.DefaultHashCollectionFactory as (default) implementation of interface org.ow2.authzforce.core.pdp.api.HashCollectionFactory
07:57:23.029 [main] DEBUG org.ow2.authzforce.core.pdp.impl.PdpModelHandler - Final list of loaded extension models (JAXB classes): [class org.ow2.authzforce.core.xmlns.pdp.StaticRefBasedRootPolicyProvider, class com.mycompany.authzforce.MyRootPolicyProviderDescriptor, class org.ow2.authzforce.core.xmlns.pdp.StaticRootPolicyProvider, class org.ow2.authzforce.core.xmlns.pdp.StaticRefPolicyProvider]
07:57:23.196 [main] DEBUG org.ow2.authzforce.core.pdp.impl.PdpModelHandler - JAXB context for PDP configuration (un)marshalling: jar:file:/usr/lib/jvm/java-8-oracle/jre/lib/rt.jar!/com/sun/xml/internal/bind/v2/runtime/JAXBContextImpl.class Build-Id: 1.8.0_191
Classes known to this context:
[B
boolean
byte
char
com.mycompany.authzforce.MyRootPolicyProviderDescriptor
com.sun.xml.internal.bind.api.CompositeStructure
double
float
int
java.awt.Image
java.io.File
java.lang.Boolean
java.lang.Byte
java.lang.Character
java.lang.Class
java.lang.Double
java.lang.Float
java.lang.Integer
java.lang.Long
java.lang.Object
java.lang.Short
java.lang.String
java.lang.Void
java.math.BigDecimal
java.math.BigInteger
java.net.URI
java.net.URL
java.util.Calendar
java.util.Date
java.util.GregorianCalendar
java.util.UUID
javax.activation.DataHandler
javax.xml.bind.JAXBElement
javax.xml.datatype.Duration
javax.xml.datatype.XMLGregorianCalendar
javax.xml.namespace.QName
javax.xml.transform.Source
long
oasis.names.tc.xacml._3_0.core.schema.wd_17.IdReferenceType
org.ow2.authzforce.core.xmlns.pdp.InOutProcChain
org.ow2.authzforce.core.xmlns.pdp.Pdp
org.ow2.authzforce.core.xmlns.pdp.StandardEnvironmentAttributeSource
org.ow2.authzforce.core.xmlns.pdp.StaticRefBasedRootPolicyProvider
org.ow2.authzforce.core.xmlns.pdp.StaticRefPolicyProvider
org.ow2.authzforce.core.xmlns.pdp.StaticRootPolicyProvider
org.ow2.authzforce.xmlns.pdp.ext.AbstractAttributeProvider
org.ow2.authzforce.xmlns.pdp.ext.AbstractDecisionCache
org.ow2.authzforce.xmlns.pdp.ext.AbstractPdpExtension
org.ow2.authzforce.xmlns.pdp.ext.AbstractPolicyProvider
short
void
07:57:23.201 [main] DEBUG org.ow2.authzforce.core.pdp.impl.PdpModelHandler - XML catalog location specified for PDP schema handler: file:///home/lmartellotto/WorkspaceGit/myproject/src/main/resources/jaxb/catalog.xml
07:57:23.311 [main] DEBUG org.ow2.authzforce.core.pdp.impl.SchemaHandler$XmlSchemaResourceResolver - resolveResource(type = http://www.w3.org/2001/XMLSchema, namespaceURI = http://com.mycompany/authzforce, publicId = null, systemId = null, baseURI = file:/home/lmartellotto/WorkspaceGit/myproject/src/main/resources/jaxb/pdp-ext.xsd) -> {}
07:57:23.311 [main] DEBUG org.ow2.authzforce.core.pdp.impl.SchemaHandler$XmlSchemaResourceResolver - resolveURI(namespaceURI = http://com.mycompany/authzforce) -> file:/home/lmartellotto/WorkspaceGit/myproject/src/main/resources/com/mycompany/authzforce/myRootPolicyProvider.xsd
07:57:23.319 [main] DEBUG org.ow2.authzforce.core.pdp.impl.SchemaHandler$XmlSchemaResourceResolver - resolveResource(type = http://www.w3.org/2001/XMLSchema, namespaceURI = urn:oasis:names:tc:xacml:3.0:core:schema:wd-17, publicId = null, systemId = null, baseURI = null) -> {}
07:57:23.319 [main] DEBUG org.ow2.authzforce.core.pdp.impl.SchemaHandler$XmlSchemaResourceResolver - resolveURI(namespaceURI = urn:oasis:names:tc:xacml:3.0:core:schema:wd-17) -> classpath:xacml-core-v3-schema-wd-17.xsd
07:57:23.345 [main] DEBUG org.ow2.authzforce.core.pdp.impl.SchemaHandler$XmlSchemaResourceResolver - resolveResource(type = http://www.w3.org/2001/XMLSchema, namespaceURI = http://www.w3.org/XML/1998/namespace, publicId = null, systemId = http://www.w3.org/2001/xml.xsd, baseURI = null) -> {}
07:57:23.346 [main] DEBUG org.ow2.authzforce.core.pdp.impl.SchemaHandler$XmlSchemaResourceResolver - resolveSystem(systemId = http://www.w3.org/2001/xml.xsd) -> classpath:xml.xsd
07:57:23.351 [main] DEBUG org.ow2.authzforce.core.pdp.impl.SchemaHandler$XmlSchemaResourceResolver - resolveResource(type = http://www.w3.org/2001/XMLSchema, namespaceURI = http://authzforce.github.io/xmlns/pdp/ext/3, publicId = null, systemId = null, baseURI = null) -> {}
07:57:23.352 [main] DEBUG org.ow2.authzforce.core.pdp.impl.SchemaHandler$XmlSchemaResourceResolver - resolveURI(namespaceURI = http://authzforce.github.io/xmlns/pdp/ext/3) -> classpath:pdp-ext-base.xsd
07:57:23.396 [main] DEBUG org.ow2.authzforce.core.pdp.impl.BasePdpEngine - Config file's location - absolute path: /opt/hosting/run/sample/conf/authzforce/pdp.xml
07:57:23.411 [main] DEBUG org.ow2.authzforce.core.pdp.impl.BasePdpEngine - Config file's parent directory: /opt/hosting/run/sample/conf/authzforce
07:57:23.413 [main] DEBUG org.ow2.authzforce.core.pdp.impl.BasePdpEngine - Property PARENT_DIR = file:/opt/hosting/run/sample/conf/authzforce/
Exception in thread "main" java.lang.IllegalArgumentException: Invalid PDP configuration file
at org.ow2.authzforce.core.pdp.impl.PdpEngineConfiguration.getInstance(PdpEngineConfiguration.java:469)
at org.ow2.authzforce.core.pdp.impl.PdpEngineConfiguration.getInstance(PdpEngineConfiguration.java:516)
at org.ow2.authzforce.core.pdp.impl.PdpEngineConfiguration.getInstance(PdpEngineConfiguration.java:548)
at org.ow2.authzforce.core.pdp.impl.PdpEngineConfiguration.getInstance(PdpEngineConfiguration.java:682)
at com.mycompany.authzforce.AuthzForce.main(AuthzForce.java:34)
Caused by: javax.xml.bind.UnmarshalException: Unable to create an instance of org.ow2.authzforce.xmlns.pdp.ext.AbstractPolicyProvider
- with linked exception:
[java.lang.InstantiationException]
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallingContext.handleEvent(UnmarshallingContext.java:726)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.Loader.reportError(Loader.java:247)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallingContext.createInstance(UnmarshallingContext.java:690)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.StructureLoader.startElement(StructureLoader.java:171)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.XsiTypeLoader.startElement(XsiTypeLoader.java:65)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallingContext._startElement(UnmarshallingContext.java:559)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallingContext.startElement(UnmarshallingContext.java:538)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.ValidatingUnmarshaller.startElement(ValidatingUnmarshaller.java:87)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.SAXConnector.startElement(SAXConnector.java:153)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:509)
at com.sun.org.apache.xerces.internal.parsers.AbstractXMLDocumentParser.emptyElement(AbstractXMLDocumentParser.java:182)
at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:351)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2784)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:602)
at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:112)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:505)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:842)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:643)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0(UnmarshallerImpl.java:243)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal(UnmarshallerImpl.java:221)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal(UnmarshallerImpl.java:276)
at org.ow2.authzforce.core.pdp.impl.PdpModelHandler.unmarshal(PdpModelHandler.java:185)
at org.ow2.authzforce.core.pdp.impl.PdpEngineConfiguration.getInstance(PdpEngineConfiguration.java:466)
... 4 more
Caused by: java.lang.InstantiationException
at sun.reflect.InstantiationExceptionConstructorAccessorImpl.newInstance(InstantiationExceptionConstructorAccessorImpl.java:48)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at com.sun.xml.internal.bind.v2.ClassFactory.create0(ClassFactory.java:118)
at com.sun.xml.internal.bind.v2.runtime.ClassBeanInfoImpl.createInstance(ClassBeanInfoImpl.java:270)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallingContext.createInstance(UnmarshallingContext.java:684)
... 27 moreI think XSD are correctly loaded because if I make a mistake in the XSD namespace for example, I get another error about missing XSD definition. Or if I remove the tag <xs:extension base="authz-ext:AbstractPolicyProvider"> in my XSD, I get an error saying that rootPolicyProvider must extend AbstractPolicyProvider.
But I probably forgot something...
Thanks for your time!
cdanger
commented
5 years ago Indeed, I see nothing wrong at this point. Could you provide your project source code so that I can reproduce on my side (or a simplified version if anything confidential) ? on github or attached to your comment or whatever works.
lmartellotto
commented
5 years ago Found it! :slightly_smiling_face: My team mate found the problem during an intense debugging session (Thanks S. ! :-D ):
For unmarshalling the XML, the com.sun.xml.internal.bind.v2.runtime.JAXBContextImpl (managed by JAXB) contains a Map<QName,JaxBeanInfo>. In my case, this map contains a mapping QName (localpart=MyRootPolicyProviderDescriptor, namespaceURI="", prefix="") to my class MyRootPolicyProviderDescriptor.
However, from my pdp.xml, the built instance QName is QName (localPart=MyRootPolicyProviderDescriptor, namespaceURI=http://com.mycompany/authzforce, prefix=ext) (the namespaceURI is given!). So JAXBContextImpl doesn't succeed to find a matching QName in its map.
The solution: add the namespace name in the Java POJO corresponding to the XML Schema:
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "MyRootPolicyProviderDescriptor", namespace = "http://com.mycompany/authzforce")
public class MyRootPolicyProviderDescriptor extends AbstractPolicyProvider {... and all works fine!
In fact, I don't succeed to generate with Maven, the Java POJO from XSD due to following error in XSD:
src-resolve: Cannot resolve the name 'authz-ext:AbstractPolicyProvider' to a(n) 'type definition' component.
when extending my provider from AbstractPolicyProvider:
<xs:extension base="authz-ext:AbstractPolicyProvider">
I think Maven doesn't succeed to get the XSD from imports:
<xs:import namespace="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" />
<xs:import namespace="http://authzforce.github.io/xmlns/pdp/ext/3" />So, I wrote the POJO Java and... I forgot the namespace in @XmlType. My bad!
Maybe you have a solution to fix the error in my XSD? I think the defined namespaces in catalog.xml are not enough for Maven, it must not have these XSD in the classpath:
<uri name="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" uri="classpath:xacml-core-v3-schema-wd-17.xsd" />
<uri name="http://authzforce.github.io/xmlns/pdp/ext/3" uri="classpath:pdp-ext-base.xsd" />If we find the solution, it will be helpful for others who would like to write their custom providers :-)
Thanks for your time cdanger ! And well done for the Authzforce lib :wink:
cdanger
commented
5 years ago In fact, I don't succeed to generate with Maven, the Java POJO from XSD due to following error in XSD:
src-resolve: Cannot resolve the name 'authz-ext:AbstractPolicyProvider' to a(n) 'type definition' component.when extending my provider from AbstractPolicyProvider:<xs:extension base="authz-ext:AbstractPolicyProvider">
Well, I was missing this information! Since you wrote The Java class from the XSD: ...(xsd)... I assumed it was succesfully generated from the XSD as told in AuthzForce doc, so I didn't check this step. Anyway, you should not have to either write the JAXB-annotated class manually (it is quite error-prone) or modify it afterwards, it should be all generated by maven-jaxb2-plugin.
So if the generation fails, I see two things that can cause trouble:
Something wrong in the xsd regarding the schema import:
<xs:import namespace="http://authzforce.github.io/xmlns/pdp/ext/3" schemaLocation="classpath:pdp-ext-base.xsd"/>You should not have any schemaLocation there - only the namespace - because it is handled by the catalog.xml. If you follow the doc carefully, you'll see in the org.ow2.authzforce.core.pdp.testutil.ext.xsd mentioned as example there that there is no schemaLocation (maybe I should make that more obvious in the doc). So please remove it:
<xs:import namespace="http://authzforce.github.io/xmlns/pdp/ext/3"/>You are missing the catalog.xml (typically in src/main/jaxb if you follow the naming convention in the doc) with maven: uris, i.e. this one, used specifically by maven-jaxb2-plugin for the JAXB class generation from XSD (see step 2 of Making new Policy Providers section). Do you have this catalog.xml? It is different from the catalog.xml (using classpath uris) you posted here, which is also needed but for unmarshalling at runtime (therefore should be on the classpath, on the contrary to the other one).
If this does not fix it, then send to me your maven project with at least the xsd, pom so that I can verify the setup and reproduce. We apply this process successfully for our attributefinders with much more complex xsd.
cdanger
commented
5 years ago To make things easier, I created a sample project based on your input here in order to reproduce: https://github.com/cdanger/authzforce-core-issues-39 It works for me. So you can compare with what you have.
For testing, run in the project: $ mvn clean test
The test code that instantiates the PDP config is in src/test/java/PdpTest.java
lmartellotto
commented
5 years ago Wahoo, thanks for the time and for the sample project.
1. Something wrong in the xsd regarding the schema import:<xs:import namespace="http://authzforce.github.io/xmlns/pdp/ext/3" schemaLocation="classpath:pdp-ext-base.xsd"/>
Yes sorry, it's a bad copy paste on this gitlab issue. Your warning in catalog.xml is pretty clear and I had no schemaLocation at the beginning. But, the time past and I tried a lot of things ... x)
- You are missing the catalog.xml (typically in
src/main/jaxbif you follow the naming convention in the doc) withmaven:uris, i.e. this one, used specifically by maven-jaxb2-plugin for the JAXB class generation from XSD (see step 2 of Making new Policy Providers section). Do you have this catalog.xml? It is different from the catalog.xml (using classpath uris) you posted here, which is also needed but for unmarshalling at runtime (therefore should be on the classpath, on the contrary to the other one).
Ok!!! This was my problem! I didn't catch the difference between catalog.xml files and I used the same for building POJO and running PDP. I used this example file https://github.com/cdanger/authzforce-core-issues-39/blob/master/src/test/resources/catalog.xml. Sorry, I should have been more attentive.
Thanks a lot cdanger, all works fine! :slightly_smiling_face:
cdanger
commented
5 years ago No problem :-) I realize it will be a good example anyway for others to get started when trying to implement Policy Providers as well, since the wiki documentation is a bit hard to follow.
Hello,
Software version (AuthzForce Core)
13.3.1
Platform JRE
Java 8
Platform OS
Ubuntu 18.04
Your code and/or AuthzForce-specific configuration file(s)
My issue seems to be very similar to this one: https://github.com/authzforce/core/issues/22 but this issue has been closed without resolving the first problem. So, here my problem:
I tried to create a new RootPolicyProvider, following the instructions from https://github.com/authzforce/core/wiki/Policy-Providers. Here, my files:
The catalog.xml:
The pdp-ext.xsd:
The bindings.xjb:
com.mycompany.authzforce.MyRootPolicyProvider$FactoryAnd finally, my pdp.xml :
My new RootPolicyProvider seems to be loaded, I can find in logs:
But I still have an issue:
Error stack trace
It seems that JAXB tried to instantiate AbstractPolicyProvider whereas my pdp.xml file describes that my root policy provider must be a instance of MyRootPolicyProviderDescriptor. Any idea ? Thanks in advance.