Legacy domain version 1
With the release of Access Decision Service (ADS) 1.4, Axiomatics introduced the authorization domain configuration version 2. This is the format currently supported by all Axiomatics products and provides the following benefits over version 1:
- Human-readable: The document is easy to analyze and maintain due to its human-readable nature.
- No specialized tools required: Documents can be created and edited using a regular text editor, eliminating the need for specialized software.
- Concise syntax and embedded data: The document structure follows a concise syntax, allowing for easy inline embedding of other text-format data within the domain configuration.
- Source control friendly: The document format is well-suited for source control systems.
The authorization domain configuration version 2 is represented in either YAML or JSON unlike version 1 that used XML.
Authorization Domain Converter (DOMCONV)
The DOMCONV tool allows you to convert legacy version 1 XML authorization domains to version 2 YAML domains. The application file is provided separately. Contact the Axiomatics Customer SupportOpens in a new tab to get the ZIP file containing the full distribution.
For further details regarding the DOMCONV tool and its installation, refer to the documentation included in the ZIP file.
Converting an authorization domain
Follow the instructions below to convert a version 1 authorization domain into version 2.
If your domain utilizes attribute connectors, you must first set the
CONNECTORS_CLASSPATHvariable. This should point to the attribute connector implementations and their dependencies, following standard Java classpath conventions. Replace<attribute_connectors_classpath>with the actual classpath.set CONNECTORS_CLASSPATH=<attribute_connectors_classpath>Start the conversion. Replace
<domain_xml_file_path>with the relative file path..\bin\domconv.bat convert <domain_xml_file_path>To ensure your authorization domain includes a fully populated attribute dictionary, you must also extract an attributes XML file from ASM and include it in the conversion process. Use the
-aflag to generate the complete set of attribute definitions:.\bin\domconv.bat convert <domain xml file path> -a <attributes.xml>tipIt is highly recommended to use the
-aflag so that the resulting domain contains a full set of attribute definitions.
Example
In this example, all attribute connector dependencies required to convert sample_domain.xml are located in the ./connector1 and ./connector2 directories:
> set "CONNECTORS_CLASSPATH=connector1/*;connector2/*"
> .\bin\domconv.bat convert sample_domain.xml -a my_attributes.xml
Use a semi-colon (;) to separate multiple paths. Additionally, make sure that the quotation marks ("...") enclose the entire variable assignment expression, not just the path values (connector1/*;connector2/*).
If your domain utilizes attribute connectors, you must first set the
CONNECTORS_CLASSPATHvariable. This should point to the attribute connector implementations and their dependencies, following standard Java classpath conventions. Replace<attribute_connectors_classpath>with the actual classpath.export CONNECTORS_CLASSPATH=<attribute connectors classpath>Start the conversion. Replace
<domain_xml_file_path>with the relative file path../bin/domconv convert <domain xml file path>To ensure your authorization domain includes a fully populated attribute dictionary, you must also extract an attributes XML file from ASM and include it in the conversion process. Use the
-aflag to generate the complete set of attribute definitions:./bin/domconv convert <domain xml file path> -a <attributes.xml>tipIt is highly recommended to use the
-aflag so that the resulting domain contains a full set of attribute definitions.
Example
In this example, all attribute connector dependencies required to convert sample_domain.xml are located in the ./connector1 and ./connector2 directories:
$ export CONNECTORS_CLASSPATH="connector1/*:connector2/*"
$ ./bin/domconv convert sample_domain.xml -a my_attributes.xml
Use a colon (:) to separate multiple paths.