I have been following the guide on how to use the PDP and PEP of the sun's XACML on http://sunxacml.sourceforge.net/guide.html#using-apis, I created a basic PDP component with:

        FilePolicyModule policyModule = new FilePolicyModule();
        policyModule.addPolicy("policy/policy.xml");


        CurrentEnvModule envModule = new CurrentEnvModule();

        PolicyFinder policyFinder = new PolicyFinder();
        Set policyModules = new HashSet();
        policyModules.add(policyModule);
        policyFinder.setModules(policyModules);

        AttributeFinder attrFinder = new AttributeFinder();
        List attrModules = new ArrayList();
        attrModules.add(envModule);
        attrFinder.setModules(attrModules);


        PDP pdp = new PDP(new PDPConfig(attrFinder, policyFinder, null));

Where the policy/policy.xml file has a XACML policy. After that I created the PEP and made a request, obtaining the corresponding access decision, the problem is when I add an obligation to the policy the PEP is still getting a response where the obligation is an empty list.

Do I need to change something to the PDP code to allow obligations?

policy/policy.xml:

<Policy PolicyId="ExamplePolicy"
        RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
    <Target>
       ...
    </Target>
    <Rule RuleId="ReadRule" Effect="Permit">

        <Target>
            ...
        </Target>

        <Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
            ...
        </Condition>

        <ObligationExpressions>
            <ObligationExpression ObligationId="test" FulfillOn="Permit"</ObligationExpression>
            <ObligationExpression ObligationId="test2" FulfillOn="Deny"></ObligationExpression>
        </ObligationExpressions>

   </Rule>
</Policy>