Tools

FACPL is supported by a Java-based toolchain that allows developers to use practical, effective tools for the specification, analysis and enforcement of attribute-based access control policies.

The FACPL ToolChain 

The FACPL Integrated Development Environment (IDE) supports developers in the specification of FACPL policies with graphical features, e.g. auto-completion and auto-generation of evaluable code. The IDE can automatically create FACPL code starting from XACML policies and

By exploiting some translation rules, written using the Xtend language, the IDE generates the corresponding runnable policies both in Java and in XML. The latter format obeys the XACML 3.0 syntax and can be used to connect our toolchain to external XACML tools. The former format relies on the FACPL Java library specifically designed for compile- and run-time supporting of FACPL code.

The complete user’s guide for programming in FACPL with the Eclipse plugin and the FACPL library is at the following link FACPL-User’sGuide. In addition, various FACPL  examples can be found in the Try FACPL application.

Java-evaluation Library

The FACPL code is executable through a Java library. The library is designed by exploiting Java reflection and best-practice software engineering techniques  to achieve a flexible and extendible framework.

public class PolicySet_P1 extends PolicySet {
  public PolicySet_P1(){
    addId("P1");
    //Algorithm Combining
    addCombiningAlg(PermitOverrides.class);
    //PolElements
    addPolicyElement(new Rule_write());
    addPolicyElement(new Rule_read());
    //Obligation
    addObligation(
       new Obligation("log",Effect.PERMIT,ObligationType.M,new AttributeName("system","time")));
    }
 
   private class Rule_write extends Rule {
     Rule_write (){
        addId("write");
        //Effect
        addEffect(Effect.PERMIT);
        //Target
        addTarget(...)
      }	
   }
...
}

Each language element corresponds to an abstract class of the library, which provides a dedicate method for its evaluation. Therefore, as in the above example, a FACPL policy is rendered as a Java class that extends the corresponding abstract class. The policy elements, i.e. combining algorithm, target, rules and obligations, are then added by the class constructor using specific methods, e.g. addTarget.

The binaries of the released Java library are available in the FACPL repository on sourceforge, the whole code can be found in this git repository.

Eclipse Plugin

The FACPL plugin can be added to Eclipse via the command Help -> Install New Software… and by inserting the following update site

http://facpl.sourceforge.net/release/2.0.2/

when the installation process completes by installing all the dependencies, the FACPL environment can be used.

Very short User guide for FACPL IDE
  • Install FACPL Eclipse Plugin
  • Create a new Java project (and use the “Package Explorer” View)
  • Add to build path FACPL’s library and mail configuration file
  • Create a new file with .fpl as extension
  • After writing your policies create the generated java code with the command from Facpl -> Generate Java Code From FACPL
  • Run class “MainFACPL.java”

Full-detailed instructions on the FACPL Eclipse plug-in can be found in the User’s Guide.