Introducing ‘XACML Development Tool’-A New Policy Editor for XACML

This blog post is about XACML Development Tool which is the new policy editor for XACML and this post continues with my previous blog post on “XACML Editors Today and How They Should Be?”. The tooling editor is the fruitful outcome of my internship at WSO2 Identity Server Team.

The most valuable gain from this project was the proper association of a software development project from the scratch towards its development. It was not really an easy task. Behind me there were a number of hands helped me from the time of clarifying the project requirements to the current development stage. WSO2 Identity Server Team and Ballerina Team holds credits of this implementation. Now let’s start reading the story on XACML Development Tool.

Firstly, in the requirement gathering stage of the XACML Development Tool, it was identified three approaches in which a tooling editor can be developed.

1. Deploying the tool as an IntelliJ Plugin

2. Using Eclipse and WSO2 Developer Studio

3. Following UI based approach using ReactJs implementation.

At this point it was able to gather many ideas, views and suggestions from many professionals regarding the best option that should be chosen for the development. Finally it was suggested to follow the web UI based approach using ReactJs implementation.

It was initialized to develop a tool that could reduce the complexity of business users in dealing with XACML. It was also identified that the tool should guide the business users with the given template to write the policy thinking in the given directions and should make it less error prone for business users. The step towards the development was taken through designing and finalizing user stories and wire frames.

The initial development of the XACML Development Tool can be found at: https://github.com/ballerinalang/composer/tree/xacmal-editor.

Follow the following steps for the setup of the tool.

1. Clone(git clone) and build the ballerinalang/composer project using mvn clean install.

2. Clone(git clone) and build ballerinalang/tools-distribution project using mvn clean install. Find the distribution in tools-distribution/modules/ballerina-tools/target folder.

The Composer is included in the full distribution of Ballerina Tools Distribution, which can be downloaded from www.ballerinalang.org. After unzipping it, navigate to its /bin directory in the command line, and enter the following command:

For Windows

composer.bat

For Unix/Linux

./composer

The command line will display the URL you can use to access the Composer in your browser.

1. Checkout to the xacmal-editor branch in the ballerinalang/composer project.

2. Navigate to the <BALLERINA_COMPOSER>/modules/web directory.

3. Enter the development command npm run dev to start development server with hot deployment. Then go to http://localhost:8080 or http://127.0.0.1:8080 afterwards.

The prototype version of the XACML Development Tool can be found at: https://github.com/ChathurangiShyalika/xacml-development-tool.

Follow the installation instructions under README if you prefer to setup the prototype deployment.

The design of the developing tool is much inlined with the layout of the Ballerina Composer. Following is the layout of ballerina composer which was used as an initial layout sample for the XACML tool.

Figure: Ballerina Composer Layout

The initial development of the XACML tool has reused components from the Ballerina composer. File explorer, Header, Menu bar, Console window, Tab view components were able to be reused. File opening, Directory Opening, File Saving, Creating new files, Toggling views are the functionalities that were able to be achieved through the ballerina composer. If you are interested on writing plugins for ballerina composer, just go through this site.

Here react rc-tabs library was deployed in developing the Tab view of the tool. For developing the file explorer react-bootstrap was used.

The following figure is a snapshot of the welcome window of the XACML Development Tool.

Figure: Welcome window of XACML Development Tool

The welcome window provides options to create new policy, open policy, open directory, trying out the templates, open recent policies, navigate to the file explorer and access with XACML tutorials, questions and support. Some of these functionalities have been discussed below.

1. Creating a New Policy

A new XACML Policy can be created by clicking “Create New Policy” in the welcome window or by clicking File-New in the main menu.

2. Open Policy

A new XACML Policy can be opened by clicking “Open Policy” in the welcome window or by clicking File-Open in the main menu. The opened XACML policy is viewed in the editor window as a new tab. The opened policy name is listed in the file explorer too.

3. Open a Directory

A new directory can be opened by clicking “Open Directory” in the welcome window or by clicking File-Open in the main menu. The opened directory name is listed in the file explorer.

4. Viewing file contents from the project file explorer

When the filename is clicked in the file explorer the contents of the file can be viewed in the policy creation window.

The editor tab of the XACML tool includes three main sections as Tools panel, Categories and attributes panel and Policy Creating panel. Tool panel contains the draggable XACML policy elements; Target, Rule, Condition and Obligation. The categories and attributes panel lists the default categories and attributes and from here users can add, edit and delete categories and attributes according to their use cases. The policy creating panel is the window where the policy is actually being created. The design of the policy creating panel follows a block approach as shown in below figure. Here the XACML policy elements; target, rules, conditions, obligations in the Tools panel can be dragged and dropped in the policy creation window. The attributes required to write the policy can be dragged from the categories and attributes panel and dropped in the respective input fields for attributes.

The categories and attributes panel was developed using the npm library react-sortable tree. The drag and drop of the attributes in to the policy creating panel is also done using react-sortable tree. Following is a snapshot that displays when the user edit the categories and attributes details. Here react-skylight library was used in rendering the configuring window as a modal.

The drag and drop of policy elements from the Tools panel in to the policy creation panel has been developed using react-dnd. Read this blog post where I have explained more on how react-dnd is used in the developed tool.

The user can enter the respective fields and continue with the XACML policy creation process. React-select has been used in the drop down fields of the form components. As per now, the created XACML Policy can be downloaded as a XML document. To achieve this functionalities xml2js library and react-file-download has been used. It is proposed to switch the view to XML view when the policy is created through the UI view of the policy creating window.

The developing tool will provide capability to create XACML policies based on predefined UI templates. It will be enriched with policy management features too. The current implementation has functionality to create and view the XACML policy contents. This will be further developed to evaluate the created policy using the WSO2 Balana XACML engine.

My next blog post will continue with more information on the development aspect of the tool. Hope you got a clear understanding on the tool through this blog post. If you have any issues or comments on this blog post please leave a comment below.