We Keep Coding

Backend Module for Magento 1.9.x

i want to build a new module for Magento 1.9.4 that will be shown in the Admin area (catalog).
I programmed the following code, but i dont know how to show this module in the backend (including form tags). I just get a 404 error.
Here is my code with which i started my first module:
config.xml
<?xml version="1.0"?>
<config>
<modules>
<Eron_ChangePricesPerCategory>
<version>0.1.0</version>
</Eron_ChangePricesPerCategory>
</modules>
<frontend>
<routers>
<changepricespercategory>
<use>standard</use>
<args>
<module>Eron_ChangePricesPerCategory</module>
<frontName>changepricespercategory</frontName>
</args>
</changepricespercategory>
</routers>
</frontend>
<admin>
<routers>
<changepricespercategory>
<use>admin</use>
<args>
<module>Eron_ChangePricesPerCategory</module>
<frontName>admin_changepricespercategory</frontName>
</args>
</changepricespercategory>
</routers>
</admin>
<global>
<helpers>
<changepricespercategory>
<class>Eron_ChangePricesPerCategory_Helper</class>
</changepricespercategory>
</helpers>
</global>
<adminhtml>
<layout>
<updates>
<eron_changepricespercategory>
<file>eron_changepricespercategory.xml</file>
</eron_changepricespercategory>
</updates>
</layout>
</adminhtml>
</config>
adminhtml.xml
<?xml version="1.0"?>
<config>
<acl>
<resources>
<admin>
<children>
<system>
<children>
<config>
<children>
<changepricespercategory_settings translate="title">
<title>Extra Fee Settings</title>
<sort_order>55</sort_order>
</changepricespercategory_settings>
</children>
</config>
</children>
</system>
</children>
</admin>
</resources>
</acl>
</config>
system.xml
<?xml version="1.0"?>
<config>
<sections>
<changepricespercategory translate="label" module="changepricespercategory">
<label>Artikelpreise pro Kategorie ändern</label>
<tab>catalog</tab>
<frontend_type>text</frontend_type>
<sort_order>999</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
<fields>
<active translate="label">
<label>Aktiviert</label>
<frontend_type>select</frontend_type>
<source_model>adminhtml/system_config_source_yesno</source_model>
<sort_order>10</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
</active>
<title translate="label">
<label>Title</label>
<frontend_type>text</frontend_type>
<sort_order>20</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
</title>
<name translate="label">
<label>Name</label>
<frontend_type>text</frontend_type>
<sort_order>30</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
</name>
<showmethod translate="label">
<label>Versandart zeigen, auch wenn nicht möglich</label>
<frontend_type>select</frontend_type>
<sort_order>50</sort_order>
<source_model>adminhtml/system_config_source_yesno</source_model>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
</showmethod>
<specificerrmsg translate="label">
<label>Angezeigte Fehlermeldung</label>
<frontend_type>textarea</frontend_type>
<sort_order>60</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
</specificerrmsg>
<sort_order translate="label">
<label>Reihenfolge</label>
<frontend_type>text</frontend_type>
<sort_order>70</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
</sort_order>
</fields>
</changepricespercategory>
</sections>
</config>
IndexController.php (in controllers/Adminhtml)
<?php
class Eron_ChangePricesPerCategory_Adminhtml_IndexController extends Mage_Adminhtml_Controller_Action {
/**
* Admin controller index action
*
* #access public
* #return void
*/
public function indexAction() {
$Block = $this->getLayout()->createBlock('changepricespercategory/Adminhtml_changepricespercategory');
$this->loadLayout()
->_addContent($Block)
->renderLayout();
}
}
The Module is shown in the backend... But i when i click on it, I get a 404. Can anybody help me? Maybe there is a good documentation - im new to magento module developement.
More Information: I want to build a module for changing all prices of a category by a percentage (e.g 2% increase).

You can get started from this toturial:
https://bsscommerce.com/confluence/3-simple-steps-to-create-admin-grid-in-magento-1/
If you want to try more features check this one:
https://www.codealist.com/magento-1-9-x-create-an-adminhtml-controller/

Access request policy not being invoked in AuthZForce PDP

Ive created this policy in the Domain of the AuthZForce PDP:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<PolicySet
xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
PolicySetId="P1"
Version="1.0"
PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides">
<Description>Reject if the Date is July PolicySet</Description>
<Target />
<Policy PolicyId="urn:oasis:names:tc:xacml:1.0:date-in:july:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides" Version="01">
<Description>Reject if the Date is July Policy</Description>
<Target />
<Rule RuleId="urn:oasis:names:tc:xacml:1.0:date-in:july:rule" Effect="Deny">
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of">
<Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:date-is-in" />
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2017-07-01</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-02</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-03</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-04</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-05</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-06</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-07</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-08</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-09</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-10</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-11</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-12</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-13</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-14</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-15</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-16</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-17</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-18</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-19</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-20</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-21</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-22</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-23</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-24</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-25</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-26</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-27</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-28</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-29</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-30</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-31</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:date-in:july:current-date"
DataType="http://www.w3.org/2001/XMLSchema#date"
MustBePresent="true"
Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"/>
</Apply>
</Condition>
</Rule>
</Policy>
</PolicySet>
and the response is:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<link xmlns="http://www.w3.org/2005/Atom" xmlns:ns2="http://authzforce.github.io/rest-api-model/xmlns/authz/5" xmlns:ns3="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:ns4="http://authzforce.github.io/pap-dao-flat-file/xmlns/properties/3.6" xmlns:ns5="http://authzforce.github.io/core/xmlns/pdp/5.0" rel="item" href="P1/1.0" title="Policy 'P1' v1.0"/>
So I know that the policy is defined in the PDP.
However, when I run this request against the PDP domain, The policy is not evaluated, only the default allow-all:
<Request xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
CombinedDecision="false" ReturnPolicyIdList="true">
<Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
<Attribute IncludeInResult="false"
AttributeId="urn:oasis:names:tc:xacml:1.0:date-in:july:current-date">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2017-07-01</AttributeValue>
</Attribute>
</Attributes>
</Request>
response:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns3:Response xmlns="http://www.w3.org/2005/Atom" xmlns:ns2="http://authzforce.github.io/rest-api-model/xmlns/authz/5" xmlns:ns3="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:ns4="http://authzforce.github.io/pap-dao-flat-file/xmlns/properties/3.6" xmlns:ns5="http://authzforce.github.io/core/xmlns/pdp/5.0">
<ns3:Result>
<ns3:Decision>Permit</ns3:Decision>
<ns3:PolicyIdentifierList>
<ns3:PolicyIdReference Version="0.1.0">permit-all</ns3:PolicyIdReference>
<ns3:PolicySetIdReference Version="0.1.0">root</ns3:PolicySetIdReference>
</ns3:PolicyIdentifierList>
</ns3:Result>
</ns3:Response>
why is this?

Similar to question #15 on AuthzForce GitHub.
The PDP is still using policy with PolicySetId = 'root' as root policy, i.e. the policy where the PDP starts the evaluation. You can verify what the current root policy is (and related applicable policies used by it) at anytime, and change it if necessary, as told in the doc.
Only the root policy (specified by the PDP property rootPolicyRefExpression) or policies referenced by it (via PolicySetIdReference) are used actually by the PDP for evaluation. Therefore, if you want the PDP to evaluate your policy (P1 in your case), either you change the rootPolicyRefExpression value to P1 (the version is optional, the latest is used by default), or you can update the default policy root directly by re-uploading your policy with PolicySetId root instead of P1, and Version greater than the current version of policy root on the server.
Also your policy is not valid because date-is-in only takes 2 arguments, and the rule combining algorithm is deprecated and not supported by AuthzForce any longer. I understand you want to check whether your custom current-date is in a list of dates, here is a fixed version of the policy:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicySetId="P1" Version="1.0" PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides">
<Description>Reject if the Date is July PolicySet</Description>
<Target />
<Policy PolicyId="urn:oasis:names:tc:xacml:1.0:date-in:july:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="01">
<Description>Reject if the Date is July Policy</Description>
<Target />
<Rule RuleId="urn:oasis:names:tc:xacml:1.0:date-in:july:rule" Effect="Deny">
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:date-is-in">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:date-one-and-only">
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:date-in:july:current-date" DataType="http://www.w3.org/2001/XMLSchema#date" MustBePresent="true"
Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" />
</Apply>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:date-bag">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2017-07-01</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-02</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-03</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-04</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-05</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-06</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-07</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-08</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-09</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-10</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-11</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-12</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-13</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-14</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-15</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-16</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-17</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-18</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-19</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-20</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-21</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-22</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-23</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-24</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-25</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-26</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-27</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-28</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-29</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-30</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-31</AttributeValue>
</Apply>
</Apply>
</Condition>
</Rule>
</Policy>
</PolicySet>

FIWARE AuthZForce doesn't check the second rule inside the same PolicySet

I have created two roles, on the KeyRock, and for each of them I have linked a different permission
User1->Role1->Perm1(access to Res1)
User2->Role2->Perm2(access to Res2)
After saved, I see on AuthZforce's file system a new domain that it has 3 policies.
The first policy is cm9vdA/. It has a <PolicySet> , a <Policy> and a <Rule Effect="Permit" RuleId="permit-all" />
The last policy has a <PolicySet>, two <Policy> and two rules (one for each permission)
The domain's pdp.xml contains a <policyRef> that aims to the last created policy (<policyRef>331409a9-6014-4cfd-9180-f04bb22481f4</policyRef>).
Following there is the policy's xml file.
<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicySetId="331409a9-6014-4cfd-9180-f04bb22481f4" Version="1.0" PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-unless-permit">
<Description>Policy Set for application 3829292cdc25477dace68f376ef79d8b</Description>
<Target/>
<Policy PolicyId="" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-unless-permit">
<Description>Role 9d2ebfde53044d2a8c22df3fe753b630 from application 3829292cdc25477dace68f376ef79d8b</Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">3829292cdc25477dace68f376ef79d8b</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Rule RuleId="fe8f4ebb98054feeb26bfc01eb93cce1" Effect="Permit">
<Description>res1</Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">res1</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:thales:xacml:2.0:resource:sub-resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
</Match>
</AllOf>
</AnyOf>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">GET</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of">
<Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">9d2ebfde53044d2a8c22df3fe753b630</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Apply>
</Condition>
</Rule>
</Policy>
<Policy PolicyId="" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-unless-permit">
<Description>Role 729019b1a9d44380b8b74dc788053dde from application 3829292cdc25477dace68f376ef79d8b</Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">3829292cdc25477dace68f376ef79d8b</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Rule RuleId="1d9bce94aaf04127b7ec8cfc63d17622" Effect="Permit">
<Description>res2</Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">res2</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:thales:xacml:2.0:resource:sub-resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
</Match>
</AllOf>
</AnyOf>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">GET</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of">
<Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">729019b1a9d44380b8b74dc788053dde</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Apply>
</Condition>
</Rule>
</Policy>
When the User1 tries to access (by Wilma PeP Proxy) to the res1, the matching is true, the condition is satisfied and the Decision is "Permit".
If User1 tries to access to the res2... the Decision is "Deny".
But....
When the User2 tries to access (by Wilma PeP Proxy) to the res2... the Decision is "Deny".
Looking the AuthZforce's log file, I see that the PolicySetId="331409a9-6014-4cfd-9180-f04bb22481f4" is correctly identified but the check stops to the first rule. Infact, it compares the requested resource "res2" with "res1" and denies because they don't match. The check doesn't continue to evaluate the next rule where there is "res2" and the comparison should be true.
Which is the problem?
Thanks for cooperation.

According to FIWARE issue SEC-1043, this is fixed by upgrading to KeyRock v5.4.1 and AuthzForce Server v5.4.1.

How can I make my enable or disable dropdown box work for my custom extension?

I have made a query extension where you can ask your query, and then get a reply from admin. And I have already managed to get the extension setting tab added as a tab in the admin configuration area, and created "Product Query" menu also.
successfully created this tab
Here are all of my files :)
app/code/local/Vlabs/Productquery/etc/config.xml
<?xml version="1.0"?>
<config>
<modules>
<Vlabs_Productquery>
<version>0.1.0</version>
</Vlabs_Productquery>
</modules>
<frontend>
<routers>
<productquery>
<use>standard</use>
<args>
<module>Vlabs_Productquery</module>
<frontName>productquery</frontName>
</args>
</productquery>
</routers>
<layout>
<updates>
<productquery module="Vlabs_Productquery">
<file>productquery.xml</file>
</productquery>
</updates>
</layout>
</frontend>
<global>
<blocks>
<productquery>
<class>Vlabs_Productquery_Block</class>
</productquery>
</blocks>
<models>
<productquery>
<class>Vlabs_Productquery_Model</class>
<resourceModel>productquery_Resource</resourceModel>
</productquery>
<productquery_Resource>
<class>Vlabs_Productquery_Model_Resource</class>
<entities>
<querybox>
<table>Vlabs_queryBox</table>
</querybox>
</entities>
</productquery_Resource>
</models>
<helpers>
<productquery>
<class>Vlabs_Productquery_Helper</class>
</productquery>
</helpers>
<resources>
<form_setup>
<setup>
<module>Vlabs_Productquery</module>
</setup>
<connection>
<use>core_setup</use>
</connection>
</form_setup>
<form_write>
<connection>
<use>core_write</use>
</connection>
</form_write>
<form_read>
<connection>
<use>core_read</use>
</connection>
</form_read>
</resources>
<template>
<email>
<vlabs_query_email_template translate="label">
<label>Recurring order email</label>
<file>vlabs_querybox_email.html</file>
<type>html</type>
</vlabs_query_email_template>
</email>
</template>
</global>
<admin>
<routers>
<adminhtml>
<use>admin</use>
<args>
<modules>
<Vlabs_Productquery before="Mage_Adminhtml">Vlabs_Productquery_Adminhtml</Vlabs_Productquery>
</modules>
<frontname>productquery</frontname>
</args>
</adminhtml>
</routers>
</admin>
<adminhtml>
<layout>
<updates>
<productquery>
<file>productquery.xml</file>
</productquery>
</updates>
</layout>
</adminhtml>
</config>
app/code/local/Vlabs/Productquery/etc/adminhtml.xml
<config>
<menu>
<productquery>
<title>Product Query</title>
<sort_order>50</sort_order>
<children>
<query>
<title>Query</title>
<sort_order>1</sort_order>
<action>adminhtml/index/</action>
</query>
<settings>
<title>Settings</title>
<sort_order>2</sort_order>
<action>adminhtml/index/settings</action>
</settings>
</children>
</productquery>
</menu>
<acl>
<resources>
<admin>
<children>
<system>
<children>
<config>
<children>
<productquery>
<title>Beckin Drop Down Shipping Extension</title>
</productquery>
</children>
</config>
</children>
</system>
</children>
</admin>
</resources>
</acl>
</config>
app/code/local/Vlabs/Productquery/etc/system.xml
<?xml version="1.0"?>
<config>
<tabs>
<productquery translate="label">
<label>Vyrazu Query Extension</label>
<sort_order>100</sort_order>
</productquery>
</tabs>
<sections>
<productquery translate="label" module="productquery">
<label>Query</label>
<tab>productquery</tab>
<frontend_type>text</frontend_type>
<sort_order>1000</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
<groups>
<settings translate="label" module="productquery">
<label>Settings</label>
<frontend_type>text</frontend_type>
<sort_order>1</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
<fields>
<enable translate="label">
<label>Enable</label>
<comment>
<![CDATA[Enable or Disable this extension.]]>
</comment>
<frontend_type>select</frontend_type>
<source_model>adminhtml/system_config_source_yesno</source_model>
<sort_order>1</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
</enable>
</fields>
</settings>
</groups>
</productquery>
</sections>
</config>
Please guide me, where I should write those code,by this i can disable or enable this extension with this disable/enable dropdown.

I solved the issue.May be someone will be helpfull by this answer. That's why I update my answer.
So,at first write this anywhere to check it is working or not
$enableorDisable = Mage::getStoreConfig('productquery/settings/enable',Mage::app()->getStore());
print_r($enableorDisable); die();
if answer is 0 when your module is disable and answer is 1, when your module is enable. then it is working fine.. And you have to add following line in your block.
<action method="setTitle" translate="value" ifconfig="productquery/settings/enable"><value>Product Query</value></action>
add ifconfig="modulename/group name/field name"
Thank You..

Filtering in WSO2

I want to build one proxy that:
1. Call Service that do Authorize and give result OK or Fail (1st Service)
2. If Result ‘OK’ then call a Service
The Problem is, when The 1st Service give back the Message :
<?xml version='1.0' encoding='utf-8'?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<result>
<status>OK</status>
<message></message>
</result>
</soapenv:Body>
</soapenv:Envelope>
And I give “filtering” at Out Sequence. Here is the XML :
<proxy xmlns="http://ws.apache.org/ns/synapse" name="TestProxy" transports="https,http" statistics="disable" trace="enable" startOnLoad="true">
<target endpoint="AuthorizationService">
<outSequence>
<log level="full" />
<filter xpath="/result/status='OK'">
<then>
<send>
<endpoint>
<address uri="http://192.168.1.140:8080/axis2/services/TaskService.TaskServiceHttpEndpoint/getTask" />
</endpoint>
</send>
</then>
<else>
<makefault version="soap11">
<code xmlns:soap11Env="http://schemas.xmlsoap.org/soap/envelope/" value="soap11Env:VersionMismatch" />
<reason value="1" />
<role>2</role>
<detail>3</detail>
</makefault>
</else>
</filter>
<log level="full" />
</outSequence>
</target>
</proxy>
When I run my Application, the ESB always give the message :
16:08:59,358 [-] [HttpClientWorker-4] INFO Start : Log mediator
16:08:59,361 [-] [HttpClientWorker-4] INFO To: http://www.w3.org/2005/08/addressing/anonymous, WSAction: , SOAPAction: , MessageID: urn:uuid:0bc33821-c4f1-448e-a7dc-be4194be8e99, Direction: response, Envelope: <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body><result><status>OK</status><message></message></result></soapenv:Body></soapenv:Envelope>
16:08:59,361 [-] [HttpClientWorker-4] INFO End : Log mediator
16:08:59,361 [-] [HttpClientWorker-4] INFO Start : Filter mediator
16:08:59,361 [-] [HttpClientWorker-4] INFO XPath expression : /result/status='OK' evaluates to false - executing the else path child mediators
Seems like the condition of the filtering is always false.What is the correct statement for the XPath in the filter?

Your proxy configuration should be look as follows
<proxy xmlns="http://ws.apache.org/ns/synapse" name="TestProxy" transports="https,http" statistics="disable" trace="enable" startOnLoad="true">
<target endpoint="AuthorizationService">
<outSequence>
<log level="full"/>
<filter source="/result/status" regex="ok">
<then>
<send>
<endpoint>
<address uri="http://192.168.1.140:8080/axis2/services/TaskService.TaskServiceHttpEndpoint/getTask"/>
</endpoint>
</send>
</then>
<else>
<makefault version="soap11">
<code xmlns:soap11Env="http://schemas.xmlsoap.org/soap/envelope/" value="soap11Env:VersionMismatch"/>
<reason value="1"/>
<role>2</role>
<detail>3</detail>
</makefault>
<send/>
</else>
</filter>
</outSequence>
</target>
<description></description>
</proxy>

It seems that you may have given a wrong xpath expression. You can't give an xpath and a boolean expression both for the xpath value, i.e. it can't be "/result/status='OK'", but has to be "/result/status". Then, according to your sequence, it would fire the section after then, if this element is present. Since, you need to evaluate a boolean condition as well based on the xpath, I'll present an alternative based on the switch mediator (Same can be done for the filter by setting a property):
<proxy xmlns="http://ws.apache.org/ns/synapse" name="TestProxy" transports="https,http" statistics="disable" trace="enable" startOnLoad="true">
<target endpoint="AuthorizationService">
<outSequence>
<log level="full" />
<switch source="//result/status">
<case regex="OK">
<send>
<endpoint>
<address uri="http://192.168.1.140:8080/axis2/services/TaskService.TaskServiceHttpEndpoint/getTask" />
</endpoint>
</send>
</case>
<default>
<makefault version="soap11">
<code xmlns:soap11Env="http://schemas.xmlsoap.org/soap/envelope/" value="soap11Env:VersionMismatch" />
<reason value="1" />
<role>2</role>
<detail>3</detail>
</makefault>
</default>
</switch>
<log level="full" />
</outSequence>
</target>
</proxy>