I want to implement ABAC access control model using the Policy Machine or Next Generation Access Control(NGAC), that provide a general and unified framework to support different types of attribute-based policies with its different Components ( PEP, PDP, PAP, PIP). I'm using JAVA as language and i'm seeking for documentation or Github repositories that can help me.
If your primary requirement is to implement an ABAC model and not to specifically use
Policy Machine or NGAC, I can point you to the open source ABAC engine SAPL.
https://sapl.io
On the website you can find full documentation, and links to the github repository with the engine and a wide range of primarily Spring-based demo applications in Java. SAPL implements all the ABAC componets you are looking for (PEP, PDP, PAP, PIP). The engine is extensible and you can plug-in custom domain-specific PIPs. You can use embedded PDPs for performance or remote PDPs for central administration. Disclaimer, I am the lead developer of the engine.
Direct links to:
Engine: https://github.com/heutelbeck/sapl-policy-engine
Example Code: https://github.com/heutelbeck/sapl-demos
Documentation: https://sapl.io/sapl-reference.html
The PM-Master project linked by #c12simple began as a standalone Java project out of NIST called Harmonia.
The implementation here may have some helpful components for you in java.
https://github.com/PM-Master/Harmonia-1.6
As for documentation to help you model ABAC in NGAC, there are some heavy technical documents from the NGAC specifications that may be of some use. They can be pretty dense and dry though.
There were a number of documents that were all consolidated/replaced by INCITS 565. Below is a link to the draft that went out for public comment.
https://standards.incits.org/apps/group_public/download.php/112076/livelink
You can visit https://github.com/PM-Master
You will find out the implementation of policy machine in java as well as in golang.
Related
Today, reading Servlet 3.0 specification, I've come across a sentence:
We emphasize that this specification is not a user’s guide for servlet developers and
is not intended to be used as such.
I've started reading it because I felt like most of the books, websites about servlets and JSP are very old. I wanted to be up-to-date after several troubles with Tomcat 7.0 configuration.
Are JSRs specs good learning resources from the developer's point of view? I'm mean the intermediate Java web developer. If so, what is the good strategy for dealing with them?
Thanks in advance.
No, they aren't. They are too detailed and are targeted at companies that implement the standard, rather than at developers trying to learn it.
They are a good reference for after you have become familiar with the technology.
Some JSRs have one version for developers and another for implementors. They are more suitable, but are still better used as references rather than as learning material. Note that most JSR-specified technologies have official tutorials, so go there first.
The Servlet specification is a technical document that address the servlet technology details that are mostly usefull to a web container vendor. It tells you which are the rules to follow if you want to develop a compatible implementation of servlets.
However, from the servlet developer standpoint, it is better to learn from a book or samples on the Internet. You will not find sample applications, or how to build a web app tutorials on the spec.
I find myself reading the spec whenever I want to know particular details about the standard behavior, so I dare to say that you may learn from it too.
My qustion is: How would you go on implementing simple DMS(document management) based on following requirements?
DMS shouls be distributed web application.
Support for document versioning.
Support for document locking.
Document search.
Im already clear on what technologies I want to use. I will use Sring MVC, Hibernate and relational (most likely MYSQL) database.
One thing Im not very clear on is if I need to use webdav, since I could just upload or download documets. I thing I have to because I need to acomplish point 2. and especially point 3. somehow. Is this the right way to go?
Any examples or experience with this would come very handy :). May be Milton is not the best library to pick for webdav?
#Eduard, regarding dependencies on 3rd parties - are you doing this as a college/university exercise or something that will affect real users in a production environment?
At the risk of sounding very pretentious; don't reimplement the wheel! I'd definitely 2nd the call to use JCR, this way you are depending a standard and not a 3rd party implementation.
JCR is a well defined standard (that means a lot of people invested commercial effort (i.e. cash and expertise in huge amounts) into this). I would seriously reconsider looking into JCR - think of it as an API where 3rd parties provide the implementation (no vendor lockin).
Have a look at the features you'll get out-of-the-box, I believe 99 - 110% of the functionality you require is available through a JCR implementation. Plus you'll benefit from the fact the code you'll be using has been tested by hundreds of people in real world situations.
Where I'd differ from bmscomp is in suggesting JackRabbit http://jackrabbit.apache.org/
Option 1:
I am not sure about webdav, no real experience on it. But I would highly recommend you using a Document database like MongoDB.
With mongodb, you can:
1. Handle document versions
2. MongoDB has atomic operations, you can add your logic of document locking.
This will give you some awesome added benefits of search your documents store.
Option 2:
Apache Jackrabbit: A Content repository
A content repository is a hierarchical
content store with support for
structured and unstructured content,
full text search, versioning,
transactions, observation, and more.
Think about using JCR Java content Repository
http://en.wikipedia.org/wiki/Content_repository_API_for_Java or you can have a look at the job done on Alfresco or and Exo framework they did a good job
You can use these open source projects to meet your requirements:
http://sourceforge.net/projects/logicaldoc/ -
LogicalDOC is a modern document management system with a nice interface, easy to use and very fast. It uses open source Java technologies such as GWT, Spring, Lucene in order to provide a flexible and scalable DMS platform. http://www.logicaldoc.com
http://sourceforge.net/projects/openkm/ -
OpenKM Document Management - DMS Updated 2011-05-25
OpenKM is powerful scalable Document Management System (DMS). OpenKM uses Jboss + J2EE + Ajax web (GWT) + Jackrabbit (lucene) Open Source technologies. http://www.openkm.com/
Spring MVC is a good choice. If you want to use a relational database then can also check out Datanucleus. At least the JDO layer (plus maybe the JPA layer) provides versioning support. For search I recommend apache solr, based on lucene, wich has excellent and powerful fulltext search capabilites.
Although webdav seems like the natural choice as a simple and cross plattform file transfer protocol I never had good experiences. Either the Client or the Server didn't work well (konqueror, internet explorer, zope 2, ...). So abstract from the protocol and provide multiple ways to access the file.
I am successful in working with Open Office via UNO. Now I want to embed the Open Office library into my Java application, is it possible?
Yes you can. You need the OpenOffice SDK.
Find examples here: (you'll see it speaks about the StarOffice SDK but it's the same, remember StarOffice was just the Sun-branded build of OpenOffice.org with the addition of commercial fonts and clip-art)
If you just want to manipulate ODF files from a Java app without actually loading up openoffice.org, check this lib.
FC
I had a similar question. I've found some documentation about Using the Desktop in the Apache OpenOffice Developer's Guide. With regards to compatibility of examples from StarOffice, perhaps some of the StarOffice examples would be viable? The guide mentions a certain matter, a "redesign of the OpenOffice.org GUI in StarOffice 5.x".
The guide's examples are provided alternately in StarOffice Basic and in Java, in using the UNO Development Kit. There's also a convenient tutorial, earlier in the Developer's Guide. UNO IDL is introduced under the section, Writing UNO Components. The UNO component model perhaps might seem similar to OMG CORBA or Microsoft's COM -- I'm not aware of how it might be interfaced in C#
Failing to find an exact solution to the question, the following represents my "Best guess" as far as "how to".
Though I've been unable to find any exacting items of documentation if towards embedding an OpenOffice component within an external Java application, but -- towards a view of the UNO API -- referencing the Using the Desktop article, there's an UNO interface, XFrame, introduced. The XFrame interface publishes a method, getComponentWindow moreover - returning an object of type ::com::sun::star::awt::XWindow, an UNO IDL interface. Sure, in the interface methods published by XWindow, I don't see any methods for obtaining a native window object. Of course, there would be a native window object, accessed somewhere in the application. Personally, I'm not immediately familiar with the OpenOffice source tree.
Perhaps it may be a simpler task, if to embed an application as an extension within OpenOffice, alternate to embedding OpenOffice within an application? Towards extending OpenOffice, there's a tutorial at DZone, How Fast Can OpenOffice.org Be Extended? Also, the "First contact" tutorial provides some additional information, if towards extending OpenOffice. In the latter, the author is using Ant for the build process. Surely that would be easy enough to convert to use Apache Maven, if needed, such as to apply Maven's JAR builder in a similar regards.
HTH
I'm working on a web app that will need to process DITA documents from persistent storage (likely a JCR). The DITA Open Toolkit is the only DITA implementation I'm aware of, but it requires all of your documents to exist on the filesystem. Ideally, I'd like something that works like the DITA OT, but allows you to provide a resolver (much like an XSLT URIResolver) to pull referenced content from other sources.
If people have other ideas, such as using a virtual filesystem to trick the DITA OT into working, I'd love to hear those too. Thanks!
Edit: I forgot to mention in the original post that I'm looking for an open-source solution, as this is for a project released under the Educational Community License.
After some evaluation, the newest version of the XMLMind Dita Converter (ditac) is really up to the job. Performance is at least double that of the Open Toolkit for building identical projects: http://www.xmlmind.com/ditac/
One thing to note about XMLMind Dita Converter (ditac) is that it's released under the Mozilla Public License, which according to http://www.gnu.org/licenses/license-list.html#GPLIncompatibleLicenses is not compatible with GPL.
Look at Arbortext (specifically Arbortext Content Manager). Arbortext supports xinclude, catalog files, and it also has a production-ready PDF and digital media publishing tool that you don't get with the OTK. The OTK isn't really meant to be for production.
Yes, I'm a vendor (now), but I started as an implementer more than a decade ago. I answer a lot of community questions and sponsor two dozen resources for getting people's questions answered. The best of which is the SF Bay PTC Arbortext User Group (Virtual).
Are you looking to do something like what Juniper is doing? (I can only post one link, so it's going to be mine..) go to juniper dot net, choose support, technical documentation, ex-series platforms, any of the ex series docs. They're showing topics on the web directly (it's also inside the source code on the router and in the pdf books). It would help if I understood what you're trying to do.
Feel free to reach out to me offline.
This new set of DITA XProc pipelines on the EMC Developer Network might be worth looking into. It can be downloaded free for development (and there's an XProc engine there as well).
This package appeared at the end of October 2010.
Quote: "The aim of the project is to provide an alternative to the DITA Open Toolkit (DITA-OT) that does not rely on file system-based processing, has no direct dependency on Java and Ant, and makes use of the XML processing capabilities of XProc to offer greater flexibility, extensibility, portability, and ultimately also better performance. The pipelines use standard XProc features as much as possible, so with little or no effort, users should be able to use them with any compliant XProc implementation. The pipelines have been tested with EMC Documentum XProc Engine (Calumet) version 1.0.12."
My coworker just talk to me about DITA Compiler. Apparently it's part of xml mind.
According to him, the implementation isn't quite complete.
Maybe DITA2Go can help:
http://www.dita2go.com/
DITA2Go allows your files to be anyplace you please, as you requested. It also has numerous extensions beyond what the OT provides, such as scoped keydefs and ditavals, which are under consideration for DITA 1.3. It was created with intense collaboration of two TC members working on major live projects, and is used by hundreds of people currently.
It is also about ten times as fast as the OT, thanks to C++, and requires no programming skills at all to use.
It is free, but it is not Open Source. It is fully supported and the developers fix bugs immediately and often add new features in a day or two on request. It shares a large part of its code with a commercial product, Mif2Go, which is the tool used by about 25% of FrameMaker users who are moving to DITA, according to a recent survey.
I don't see a requirement for the tools used to create a freely-licensed document to be Open Source themselves. There are absolutely no restrictions on use of the output, which obviously belongs to the user, not to Omni Systems.
HTH!
Greetings,
Is there any open source graph database available other than Neo4J??
NOTE: Why not Neo4J?
Neo4J is opensource, but counts primitives (number of nodes,relationships & properties). If you are using it for commercial use. And does not have any straight forward information of pricing on official website. so there can be potential vendor lock-in (Although I have just started my company, and don't have budget to spent money on software anyway.) so It is out of option.
Regards,
OrientDB (old link) appears to support graph storage in much the same was as Neo4j
As RobV said, if your graphs can be represented in just about any custom format such as RDF or DOT language, you're in luck! Here's various options you have:
RDF: Jena - Considered to be the de facto implementation of RDF for Java, however it has it's oddities such as heavy usage of Iterators.
RDF: Protégé - If you don't use Jena (and even if you would) but would like to use RDF, Protégé is the tool for you. It's basically a really well done ontology editor which makes handling the graph data a breeze. It also uses a plugin hierarchy similar to Eclipse and there's loads of plugins available so you can plugin stuff like OWL ontologies easily.
DOT: GraphViz - Another very popular tool, GraphViz can generate graphs from DOT language. Very powerful, a bit tricky to learn but also potentially all you need.
Of course if it fits your company's profile, you could develop your own and start selling it as a product.
Wikipedia lists some other alternatives: http://en.wikipedia.org/wiki/Graph_database
I suggest you to use Blueprints from tinkerpop, they allow you to use a graphDB of your choice (also from Neo4j and OrientDB). And they also provide an extension to use the db as rdf repository (using Sesame Sail).
Well,
Neo4j is Open Source under the GPLv3 for the Community Edition and AGPL for the Advanced and Enterprise editions.
For more info, please look at http://neo4j.org/licensing-guide/
/peter neubauer, part of the Neo4j team.
If your Graphs could be represented as RDF graphs then you could use Jena since that is entirely free and open source
http://jena.sourceforge.net
Whether that's in any way useful to you depends on why you need a Graph database and what type of Graphs you need to store in it.
Also take a look at ArrangoDB. A lovely multi-model database.
https://www.arangodb.com/
EDIT : Must say that I'm falling more and more in love with Arrango :)
I know, it's been a while, but, today, I was asking myself the same question, and I found OhmDB
Seems to be for lightweight purposes.