How to send a XACML request using Perl
In a previous post, I mention how I used cURL to send a XACML request to an Axiomatics XACML Policy Decision Point (PDP). My goal, however, wasn’t to use cURL but rather whip up a sample in Perl.
Perl is perhaps my third love in terms of programming languages. As a kid, I learned programming with Pascal. Later, as a teen, I went across to web programming and PHP. In my first uni. student placement I was tasked with writing Perl code which opened up a whole new world of scripting.
These days, most of what I do revolves around XACML, the eXtensible Access Control Markup Language. XACML defines an architecture to apply fine-grained, externalized authorization to any type of application. Typically, the customers I deal with at Axiomatics want to apply XACML to Java or C#. This entails writing policy enforcement points (PEP) in Java or .NET. Occasionally though, we do get requests for Perl. And so, on a flight back from a customer visit, I googled around for the latest in Perl and hacked a very simple example together.
To get running, I used
- Eclipse IDE along with
- ActiveState Perl,
- EPIC – Perl Editor and IDE for Eclipse, and
- a sample courtesy of Pascal Botte.
It was actually very quick and easy to test out the Perl PEP. This is what it looks like:
#!/usr/bin/perl -w use strict; use LWP::UserAgent; use HTTP::Request::Common; my $userAgent = LWP::UserAgent->new(agent => 'perl post'); $userAgent->credentials("localhost:8280","Axiomatics PDP",'pdp-user','password'); my $soapStartElement = "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?> <soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\"> <soap:Body> <irc:AccessQuery3 xmlns:irc=\"http://axiomatics.com/delegent/pdpsimple/v5/AccessQuery3\"> "; my $soapCloseElement = "</irc:AccessQuery3> </soap:Body> </soap:Envelope>"; my $xacmlRequest = "<xacml-ctx:Request ReturnPolicyIdList=\"true\" CombinedDecision=\"false\" xmlns:xacml-ctx=\"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17\"> <xacml-ctx:Attributes Category=\"urn:oasis:names:tc:xacml:3.0:attribute-category:resource\" > </xacml-ctx:Attributes> <xacml-ctx:Attributes Category=\"urn:oasis:names:tc:xacml:3.0:attribute-category:action\" > </xacml-ctx:Attributes> <xacml-ctx:Attributes Category=\"urn:oasis:names:tc:xacml:3.0:attribute-category:environment\" > </xacml-ctx:Attributes> <xacml-ctx:Attributes Category=\"urn:oasis:names:tc:xacml:1.0:subject-category:access-subject\" > <xacml-ctx:Attribute AttributeId=\"urn:oasis:names:tc:xacml:1.0:subject:subject-id\" IncludeInResult=\"true\"> <xacml-ctx:AttributeValue DataType=\"http://www.w3.org/2001/XMLSchema#string\">alice</xacml-ctx:AttributeValue> </xacml-ctx:Attribute> </xacml-ctx:Attributes> </xacml-ctx:Request>"; my $response = $userAgent->request(POST 'http://localhost:8280/asm-pdp/pdp', Content_Type => 'text/xml', Content => ($soapStartElement.$xacmlRequest.$soapCloseElement)); print $response->error_as_HTML unless $response->is_success; print $response->as_string;
Enjoy!