WSO2 Identity XACML - 支持条件语句?
WSO2 Identity XACML - Support for Condition Statement?
WSO2 XML 编辑器中的 XACML 版本 3 语法验证器存在问题,它拒绝插入语句。我计划添加一个属性列表来代替单个属性检查。下面是被 XACML 语法验证器拒绝的语句的打印输出:
这个带有 "string-bag" 的简单条件会引发架构错误:
<xacml3:Condition>
<xacml3:Apply functionid="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of">
<xacml3:Apply functionid="urn:oasis:names:tc:xacml:1.0:function:string-bag">
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Curitiba</xacml3:AttributeValue>
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Bahia</xacml3:AttributeValue>
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Belem</xacml3:AttributeValue>
</xacml3:Apply>
<xacml3:AttributeDesignator Category=" urn:oasis:names:tc:xacml:3.0:attribute-category:environment" AttributeId="urn:oasis:names:tc:xacml:1.0:environment:environment-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></xacml3:AttributeDesignator>
</xacml3:Apply>
</xacml3:Condition>
显示的错误消息是:
Entitlement policy is not updated. Error is :Invalid Entitlement Policy. Policy is not valid according to XACML schema
使用 "or" 逻辑运算符的条件运行良好:
<xacml3:Condition>
<xacml3:Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or">
<xacml3:Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Curitiba</xacml3:AttributeValue>
<xacml3:AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" AttributeId="urn:oasis:names:tc:xacml:1.0:environment:environment-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></xacml3:AttributeDesignator>
</xacml3:Apply>
<xacml3:Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Brasilia</xacml3:AttributeValue>
<xacml3:AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" AttributeId="urn:oasis:names:tc:xacml:1.0:environment:environment-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></xacml3:AttributeDesignator>
</xacml3:Apply>
</xacml3:Apply>
</xacml3:Condition>
如上所示,描述条件的语句插入到该规则的最后一部分之前。
WSO2 PAP 是否支持使用属性列表,如果是,是否可以通过语法结构中的错误来解释此错误?
在 Web 上寻找 public 语法和模式验证器,这是一种实用工具,可以帮助调试 XACML V3 语法合规性方面的类似问题。
我在定义 "string-bag" 元素的语句序列中找出了 XACML 语法错误(请参阅下面的示例代码)。在语法固定的情况下,条件现在正在运行以验证选项列表中的城市名称:
<xacml3:Condition>
<xacml3:Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of">
<xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:environment-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></xacml3:AttributeDesignator>
<xacml3:Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag">
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Brasilia</xacml3:AttributeValue>
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Curitiba</xacml3:AttributeValue>
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Bahia</xacml3:AttributeValue>
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Porto Alegre</xacml3:AttributeValue>
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Rio de Janeiro</xacml3:AttributeValue>
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">São Paulo</xacml3:AttributeValue>
</xacml3:Apply>
</xacml3:Apply>
Axiomatics Policy Administration Point 准确告诉您您的条件错误在哪里:
org.xml.sax.SAXParseException; lineNumber: 13; columnNumber: 99; cvc-complex-type.3.2.2: Attribute 'functionid' is not allowed to appear in element 'xacml3:Apply'.
at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator.reportSchemaError(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator.processAttributes(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator.handleStartElement(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator.startElement(Unknown Source)
at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanStartElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
at javax.xml.parsers.DocumentBuilder.parse(Unknown Source)
at com.axiomatics.delegent.client.commons.importer.PolicyImporter.importInputStream(PolicyImporter.java:285)
at com.axiomatics.delegent.client.commons.importer.PolicyImporter.importFile(PolicyImporter.java:264)
更具体地说:
Attribute 'functionid' is not allowed to appear in element 'xacml3:Apply'.
这是一个 XML 验证错误。 XACML 模式不期望在 XML 元素 Apply
.
中有一个名为 functionid
的 XML 属性
而是期望FunctionId
。您所要做的就是应用正确的大写字母,然后政策就会像魅力一样导入。
顺便说一句,您使用 urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of
的原因是什么?
WSO2 XML 编辑器中的 XACML 版本 3 语法验证器存在问题,它拒绝插入语句。我计划添加一个属性列表来代替单个属性检查。下面是被 XACML 语法验证器拒绝的语句的打印输出:
这个带有 "string-bag" 的简单条件会引发架构错误:
<xacml3:Condition>
<xacml3:Apply functionid="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of">
<xacml3:Apply functionid="urn:oasis:names:tc:xacml:1.0:function:string-bag">
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Curitiba</xacml3:AttributeValue>
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Bahia</xacml3:AttributeValue>
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Belem</xacml3:AttributeValue>
</xacml3:Apply>
<xacml3:AttributeDesignator Category=" urn:oasis:names:tc:xacml:3.0:attribute-category:environment" AttributeId="urn:oasis:names:tc:xacml:1.0:environment:environment-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></xacml3:AttributeDesignator>
</xacml3:Apply>
</xacml3:Condition>
显示的错误消息是:
Entitlement policy is not updated. Error is :Invalid Entitlement Policy. Policy is not valid according to XACML schema
使用 "or" 逻辑运算符的条件运行良好:
<xacml3:Condition>
<xacml3:Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or">
<xacml3:Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Curitiba</xacml3:AttributeValue>
<xacml3:AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" AttributeId="urn:oasis:names:tc:xacml:1.0:environment:environment-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></xacml3:AttributeDesignator>
</xacml3:Apply>
<xacml3:Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Brasilia</xacml3:AttributeValue>
<xacml3:AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" AttributeId="urn:oasis:names:tc:xacml:1.0:environment:environment-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></xacml3:AttributeDesignator>
</xacml3:Apply>
</xacml3:Apply>
</xacml3:Condition>
如上所示,描述条件的语句插入到该规则的最后一部分之前。
WSO2 PAP 是否支持使用属性列表,如果是,是否可以通过语法结构中的错误来解释此错误?
在 Web 上寻找 public 语法和模式验证器,这是一种实用工具,可以帮助调试 XACML V3 语法合规性方面的类似问题。
我在定义 "string-bag" 元素的语句序列中找出了 XACML 语法错误(请参阅下面的示例代码)。在语法固定的情况下,条件现在正在运行以验证选项列表中的城市名称:
<xacml3:Condition>
<xacml3:Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of">
<xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:environment-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></xacml3:AttributeDesignator>
<xacml3:Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag">
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Brasilia</xacml3:AttributeValue>
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Curitiba</xacml3:AttributeValue>
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Bahia</xacml3:AttributeValue>
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Porto Alegre</xacml3:AttributeValue>
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Rio de Janeiro</xacml3:AttributeValue>
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">São Paulo</xacml3:AttributeValue>
</xacml3:Apply>
</xacml3:Apply>
Axiomatics Policy Administration Point 准确告诉您您的条件错误在哪里:
org.xml.sax.SAXParseException; lineNumber: 13; columnNumber: 99; cvc-complex-type.3.2.2: Attribute 'functionid' is not allowed to appear in element 'xacml3:Apply'.
at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator.reportSchemaError(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator.processAttributes(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator.handleStartElement(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator.startElement(Unknown Source)
at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanStartElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
at javax.xml.parsers.DocumentBuilder.parse(Unknown Source)
at com.axiomatics.delegent.client.commons.importer.PolicyImporter.importInputStream(PolicyImporter.java:285)
at com.axiomatics.delegent.client.commons.importer.PolicyImporter.importFile(PolicyImporter.java:264)
更具体地说:
Attribute 'functionid' is not allowed to appear in element 'xacml3:Apply'.
这是一个 XML 验证错误。 XACML 模式不期望在 XML 元素 Apply
.
functionid
的 XML 属性
而是期望FunctionId
。您所要做的就是应用正确的大写字母,然后政策就会像魅力一样导入。
顺便说一句,您使用 urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of
的原因是什么?