...
Note: When an attribute has not value, then the attribute finder needs to return an empty-set. (This is true for all attribute finding.)
A good example of the entire PEP/PDP process can be found in this JBoss test suite.
XACML AuthZ Delegate
This is the implementation of the AuthZ Delegate interface. The delegate functions as a Policy Enforcement Point (PEP) in the XACML orchestration. The delegate will formulate requests for decisions and dispatch them to the JBossPDP. It will interpret the results and return an appropriate response to the hasPermission() method. Most of the work for this component is in building a request context for the PDP.
PolicyFinderModule (w/PolicyLocator for JBossPDP configuration)
...