The XACML authorization service passed configuration files to a JBoss
library to determine if a specific action is allowed for a user given an
XACML file. The configuration itself contained file locations specifying
where the library could load the XACML file. This caused Opencast to
repeatedly load the XACML attachments into the workspace, cleaning them
up again afterwards.
This patch now allows Opencast to directly read those files from the
working file repository by using Opencast's internal parser for rules
and actions instead.