{"id":24475372,"url":"https://github.com/authzforce/restful-pdp","last_synced_at":"2026-03-09T01:03:52.559Z","repository":{"id":56028393,"uuid":"112011480","full_name":"authzforce/restful-pdp","owner":"authzforce","description":"AuthzForce RESTful XACML PDP service (compliant with XACML REST \u0026 JSON Profiles)","archived":false,"fork":false,"pushed_at":"2024-05-22T09:36:17.000Z","size":315,"stargazers_count":16,"open_issues_count":2,"forks_count":4,"subscribers_count":4,"default_branch":"develop","last_synced_at":"2025-04-13T13:07:09.220Z","etag":null,"topics":["abac","access-control","authorization","cxf","jax-rs","json","pdp","rest-api","restful-api","spring-boot","xacml"],"latest_commit_sha":null,"homepage":"https://authzforce.ow2.org","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/authzforce.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-11-25T14:52:59.000Z","updated_at":"2024-11-27T12:35:36.000Z","dependencies_parsed_at":"2024-02-18T03:28:45.909Z","dependency_job_id":"4c66fd9f-0638-4ca5-9f98-e0d6b7ecc81e","html_url":"https://github.com/authzforce/restful-pdp","commit_stats":null,"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authzforce%2Frestful-pdp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authzforce%2Frestful-pdp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authzforce%2Frestful-pdp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authzforce%2Frestful-pdp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/authzforce","download_url":"https://codeload.github.com/authzforce/restful-pdp/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248717242,"owners_count":21150389,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["abac","access-control","authorization","cxf","jax-rs","json","pdp","rest-api","restful-api","spring-boot","xacml"],"created_at":"2025-01-21T09:14:35.720Z","updated_at":"2026-03-09T01:03:46.025Z","avatar_url":"https://github.com/authzforce.png","language":"Java","readme":"[![](https://img.shields.io/badge/tag-authzforce-orange.svg?logo=stackoverflow)](http://stackoverflow.com/questions/tagged/authzforce)\n[![Docker badge](https://img.shields.io/docker/pulls/authzforce/restful-pdp.svg)](https://hub.docker.com/r/authzforce/restful-pdp/)\n[![Build Status](https://github.com/authzforce/restful-pdp/actions/workflows/maven.yml/badge.svg?branch=develop)](https://github.com/authzforce/restful-pdp/actions/workflows/maven.yml)\n[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauthzforce%2Frestful-pdp.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauthzforce%2Frestful-pdp?ref=badge_shield)\n\n\n# AuthzForce RESTful PDP\nRESTful PDP API implementation, compliant with REST Profile of XACML 3.0. This is minimalist compared to [AuthzForce server project](http://github.com/authzforce/server) as it does not provide multi-tenant PDP/PAP but only a single PDP (per instance). Therefore, this is more suitable for microservices, or, more generally, simple applications requiring only one PDP per instance.\n\nIn particular, the project provides the following (Maven groupId:artifactId):\n* `org.ow2.authzforce:authzforce-ce-restful-pdp-cxf-spring-boot-server`: a fully executable RESTful XACML PDP server (runnable from the command-line), packaged as a [Spring Boot application](https://docs.spring.io/spring-boot/docs/current/reference/html/deployment-install.html) or [Docker image](https://hub.docker.com/repository/docker/authzforce/restful-pdp) (see the [Docker Compose example](docker) for usage).\n* `org.ow2.authzforce:authzforce-ce-restful-pdp-jaxrs`: pure JAX-RS implementation of a PDP service, that you can reuse as a library with any JAX-RS framework, especially other than Apache CXF, to provide your own custom RESTful PDP service.\n\n**Go to the [releases](https://github.com/authzforce/restful-pdp/releases) page for\nspecific release info: downloads (Linux packages), Docker image,\n[release notes](CHANGELOG.md)**\n\n## Features\n### XACML PDP engine\nSee [AuthzForce Core features](https://github.com/authzforce/core#features) for the XACML PDP engine's features.\n\n### REST API\n* Conformance with [REST Profile of XACML v3.0 Version 1.0](http://docs.oasis-open.org/xacml/xacml-rest/v1.0/xacml-rest-v1.0.html)\n* Supported data formats, aka content types: \n\t\n\t* `application/xacml+xml`: XACML 3.0/XML content, as defined by [RFC 7061](https://tools.ietf.org/html/rfc7061), for XACML Request/Response only;\n\t* `application/xml`: same as `application/xacml+xml`;\n\t* `application/xacml+json`: XACML 3.0/JSON Request/Response, as defined by [XACML v3.0 - JSON Profile Version 1.0](http://docs.oasis-open.org/xacml/xacml-json-http/v1.0/xacml-json-http-v1.0.html);\n\t* `application/json`: same as `application/xacml+json`.\n\n## Limitations\nSee [AuthzForce Core limitations](https://github.com/authzforce/core#limitations).\n\n## System requirements \nJava (JRE) 17 or later.\n\n\n## Versions\nSee the [change log](CHANGELOG.md) following the *Keep a CHANGELOG* [conventions](http://keepachangelog.com/).\n\n## License\nSee the [license file](LICENSE).\n\n## Getting started\n\nLaunch the PDP with either Docker or the executable JAR as described in the next sections.\n\n### Using Docker\n\nGit clone this github repository or download the Source code ZIP from the [latest release](https://github.com/authzforce/restful-pdp/releases) and unzip it, then from the git clone / unzipped folder, go to the [`docker`](docker) directory.\n\nIf you wish to use a different XACML Policy from the one provided, change the `policyLocation` parameter in the `pdp/conf/pdp.xml` (PDP configuration) file in that directory accordingly.\n\nThen run: `docker compose up -d`, then `docker compose logs` to check the PDP is up and running.\n\n(You can change the logging verbosity by modifying the Logback configuration file `pdp/conf/logback.xml`.)\n\n### Using the executable JAR\n\nGet the [latest executable jar](https://repo1.maven.org/maven2/org/ow2/authzforce/authzforce-ce-restful-pdp-cxf-spring-boot-server/) from Maven Central with groupId/artifactId = `org.ow2.authzforce`/`authzforce-ce-restful-pdp-cxf-spring-boot-server`. The name of the JAR is `authzforce-ce-restful-pdp-cxf-spring-boot-server-M.m.p.jar` (replace `M.m.p` with the latest version).\n\nMake sure it is executable (replace `M.m.p` with the current version):\n\n```sh\nchmod u+x authzforce-ce-restful-pdp-cxf-spring-boot-server-M.m.p.jar\n```\n\nCopy the content of [that folder](cxf-spring-boot-server/src/test/resources/server) to the same directory.\n\nIf you wish to use a different XACML Policy from the one provided, change the `policyLocation` parameter in the `pdp.xml` (PDP configuration) file in that directory accordingly.\n\nThen run the executable from that directory as follows (replace `M.m.p` with the current version):\n\n```sh\n$ ./authzforce-ce-restful-pdp-cxf-spring-boot-server-M.m.p.jar\n```\n\nIf it refuses to start because the TCP listening port is already used (by some other server on the system), you can change that port in file `application.yml` copied previously: uncomment and change `server.port` property value to something else (default is 8080).\n\nYou know the embedded server is up and running when you see something like this (if and only if the logger for Spring classes is at least in INFO level, according to Logback configuration file mentioned down below) :\n```\n... Tomcat started on port(s): 8080 (http)\n```\n\n(You can change the logging verbosity by modifying the Logback configuration file `logback.xml` copied previously.)\n\n### Send an XACML Request to the PDP\n\nOnce the PDP is up and running, you can make a XACML request from a different terminal, for example using the XACML/JSON request in [that folder](cxf-spring-boot-server/src/test/resources/server/IIA001) (install `curl` tool if you don't have it already on your system):\n\n```sh\n$ curl --include --header \"Content-Type: application/xacml+json\" --data @IIA001/Request.json http://localhost:8080/services/pdp\n```\n*Add --verbose option for more details.*\nYou should get a XACML/JSON response such as:\n\n```\n{\"Response\":[{\"Decision\":\"Permit\"}]}\n```\n\n\n## Extensions\nIf you are missing features in AuthzForce, you can extend it with various types of plugins (without changing the existing code), as described on AuthzForce Core's [wiki](https://github.com/authzforce/core/wiki/Extensions).\n\nIn order to use them, put the extension JAR(s) into an `extensions` folder in the same directory as the executable jar, already present if you followed the previous *Getting started* section. If the extension(s) use XML configuration (e.g. AttributeProvider), add the schema import into `pdp-ext.xsd` (import namespace only, do not specify schema location) and schema namespace-to-location mapping into `catalog.xml`. Then run the executable as follows (replace `M.m.p` with the current version):\n\n```sh\n$ java -Dloader.path=extensions -jar authzforce-ce-restful-pdp-cxf-spring-boot-server-M.m.p.jar\n```\n\n### Example with MongoDBPolicyProvider extension\nTo use the Policy Provider for policies stored in MongoDB, please make sure the JAR with the MongoDB policy provider, i.e. the `authzforce-ce-core-pdp-testutils` module (in the **same version** as `authzforce-ce-core-pdp-engine` that is already included in AuthzForce RESTful PDP) is on the classpath, eg. in the *extensions* folder mentioned above, with *and all its required dependencies*. The main dependencies (looking at the pom of `pdp-testutils` module) in Maven terms are:\n\n```xml\n\u003cdependency\u003e\n         \u003cgroupId\u003eorg.jongo\u003c/groupId\u003e\n         \u003cartifactId\u003ejongo\u003c/artifactId\u003e\n\t \u003c!-- Set the version to whatever version is specified in authzforce-ce-core-pdp-testutils Maven POM.  --\u003e\n         \u003cversion\u003e${jongo.version}\u003c/version\u003e\n\u003c/dependency\u003e\n\u003cdependency\u003e\n         \u003cgroupId\u003eorg.mongodb\u003c/groupId\u003e\n         \u003cartifactId\u003emongodb-driver-legacy\u003c/artifactId\u003e\n\t\u003c!-- Set the version to whatever version is specified in authzforce-ce-core-pdp-testutils Maven POM. --\u003e\n         \u003cversion\u003e${mongodb-driver-legacy.version}\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\nThese dependencies have dependencies as well, so make sure to include them all, if not already on the classpath. (There is a way to assemble all jars in a dependency tree automatically with Maven.)\n\nThen do steps 2 to 4 of [Using Policy Providers](https://github.com/authzforce/core/wiki/Policy-Providers#using-policy-providers), that is to say:\n1. Add this import to PDP extensions schema (`pdp-ext.xsd`) to allow using the extension(s) from the `authzforce-ce-core-pdp-testutils` module in PDP configuration:\n    ```xml\n    \u003cxs:import namespace=\"http://authzforce.github.io/core/xmlns/test/3\" /\u003e\n    ```\n1. Add an entry to the XML catalog (`catalog.xml`) to locate the schema corresponding to this namespace:\n    ```xml\n    \u003curi name=\"http://authzforce.github.io/core/xmlns/test/3\" uri=\"classpath:org.ow2.authzforce.core.pdp.testutil.ext.xsd\" /\u003e\n    ```\n1. Add the `policyProvider` element to the PDP configuration (`pdp.xml`), using the new namespace above, like in [this example](https://github.com/authzforce/core/blob/master/pdp-testutils/src/test/resources/org/ow2/authzforce/core/pdp/testutil/test/pdp.xml) (follow the link).\n\n[More info](https://github.com/authzforce/core/wiki/Policy-Providers#more-info-on-the-mongodbpolicyprovider).\n\n## Vulnerability reporting\nIf you want to report a vulnerability, please follow the [GitHub procedure for private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability).\n\n## Support\nIf you are experiencing any issue with this project except for vulnerabilities mentioned previously, please report it on the [GitHub Issue Tracker](https://github.com/authzforce/restful-pdp/issues).\nPlease include as much information as possible; the more we know, the better the chance of a quicker resolution:\n\n* Software version\n* Platform (OS and JDK)\n* Stack traces generally really help! If in doubt include the whole thing; often exceptions get wrapped in other exceptions and the exception right near the bottom explains the actual error, not the first few lines at the top. It's very easy for us to skim-read past unnecessary parts of a stack trace.\n* Log output can be useful too; sometimes enabling DEBUG logging can help;\n* Your code \u0026 configuration files are often useful.\n\nIf you wish to contact the developers for other reasons, use [AuthzForce contact mailing list](http://scr.im/azteam).\n\n## Contributing\nSee [CONTRIBUTING.md](CONTRIBUTING.md).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauthzforce%2Frestful-pdp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fauthzforce%2Frestful-pdp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauthzforce%2Frestful-pdp/lists"}