How to send a XACML request using Perl

In a previous post, I mention how I used cURL to send a XACML request to an Axiomatics XACML Policy Decision Point (PDP). My goal, however, wasn’t to use cURL but rather whip up a sample in Perl.
Perl is perhaps my third love in terms of programming languages. As a kid, I learned programming with Pascal. Later, as a teen, I went across to web programming and PHP. In my first uni. student placement I was tasked with writing Perl code which opened up a whole new world of scripting.
These days, most of what I do revolves around XACML, the eXtensible Access Control Markup Language. XACML defines an architecture to apply fine-grained, externalized authorization to any type of application. Typically, the customers I deal with at Axiomatics want to apply XACML to Java or C#. This entails writing policy enforcement points (PEP) in Java or .NET. Occasionally though, we do get requests for Perl. And so, on a flight back from a customer visit, I googled around for the latest in Perl and hacked a very simple example together.
To get running, I used

It was actually very quick and easy to test out the Perl PEP. This is what it looks like:

#!/usr/bin/perl -w

use strict;

use LWP::UserAgent;
use HTTP::Request::Common;

my $userAgent = LWP::UserAgent->new(agent => 'perl post');
$userAgent->credentials("localhost:8280","Axiomatics PDP",'pdp-user','password');
my $soapStartElement = "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>
<soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">
<soap:Body>
<irc:AccessQuery3 xmlns:irc=\"http://axiomatics.com/delegent/pdpsimple/v5/AccessQuery3\">
";
my $soapCloseElement = "</irc:AccessQuery3>
</soap:Body>
</soap:Envelope>";
my $xacmlRequest = "<xacml-ctx:Request ReturnPolicyIdList=\"true\" CombinedDecision=\"false\" xmlns:xacml-ctx=\"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17\">
   <xacml-ctx:Attributes Category=\"urn:oasis:names:tc:xacml:3.0:attribute-category:resource\" >
   </xacml-ctx:Attributes>
   <xacml-ctx:Attributes Category=\"urn:oasis:names:tc:xacml:3.0:attribute-category:action\" >
   </xacml-ctx:Attributes>
   <xacml-ctx:Attributes Category=\"urn:oasis:names:tc:xacml:3.0:attribute-category:environment\" >
   </xacml-ctx:Attributes>
   <xacml-ctx:Attributes Category=\"urn:oasis:names:tc:xacml:1.0:subject-category:access-subject\" >
      <xacml-ctx:Attribute AttributeId=\"urn:oasis:names:tc:xacml:1.0:subject:subject-id\" IncludeInResult=\"true\">
         <xacml-ctx:AttributeValue DataType=\"http://www.w3.org/2001/XMLSchema#string\">alice</xacml-ctx:AttributeValue>
      </xacml-ctx:Attribute>
   </xacml-ctx:Attributes>
</xacml-ctx:Request>";

my $response = $userAgent->request(POST 'http://localhost:8280/asm-pdp/pdp',
Content_Type => 'text/xml',
Content => ($soapStartElement.$xacmlRequest.$soapCloseElement));

print $response->error_as_HTML unless $response->is_success;

print $response->as_string;

Enjoy!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.