2

WSO2 XML 编辑器中的 XACML 版本 3 语法验证器存在问题,它拒绝插入语句。我计划添加一个属性列表来代替单个属性检查。下面是被 XACML 语法验证器拒绝的语句的打印输出:

这个带有“string-bag”的简单条件会引发模式错误:

<xacml3:Condition>
<xacml3:Apply functionid="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of">  
  <xacml3:Apply functionid="urn:oasis:names:tc:xacml:1.0:function:string-bag">
     <xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Curitiba</xacml3:AttributeValue>
     <xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Bahia</xacml3:AttributeValue>
     <xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Belem</xacml3:AttributeValue>
  </xacml3:Apply>
<xacml3:AttributeDesignator Category=" urn:oasis:names:tc:xacml:3.0:attribute-category:environment" AttributeId="urn:oasis:names:tc:xacml:1.0:environment:environment-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></xacml3:AttributeDesignator>
</xacml3:Apply>
</xacml3:Condition>

显示的错误信息是:

Entitlement policy is not updated. Error is :Invalid Entitlement Policy. Policy is not valid according to XACML schema

使用“或”逻辑运算符的这种条件工作正常:

 <xacml3:Condition>
 <xacml3:Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or">
    <xacml3:Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
 <xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Curitiba</xacml3:AttributeValue>
       <xacml3:AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" AttributeId="urn:oasis:names:tc:xacml:1.0:environment:environment-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></xacml3:AttributeDesignator>
    </xacml3:Apply>
    <xacml3:Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
       <xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Brasilia</xacml3:AttributeValue>
       <xacml3:AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" AttributeId="urn:oasis:names:tc:xacml:1.0:environment:environment-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></xacml3:AttributeDesignator>
    </xacml3:Apply>
 </xacml3:Apply>
 </xacml3:Condition>

如上所示,描述条件的语句插入到该规则的最后一部分之前。

WSO2 PAP 是否支持使用属性列表,如果是的话,这个错误是否可以通过语法构造中的错误来解释?

在 Web 上寻找公共语法和模式验证器,这是一种实用工具,有助于调试与 XACML V3 语法合规性类似的问题。

4

2 回答 2

1

Axiomatics Policy Administration Point 会准确地告诉您条件中的错误在哪里:

org.xml.sax.SAXParseException; lineNumber: 13; columnNumber: 99; cvc-complex-type.3.2.2: Attribute 'functionid' is not allowed to appear in element 'xacml3:Apply'.
    at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
    at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source)
    at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
    at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
    at org.apache.xerces.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(Unknown Source)
    at org.apache.xerces.impl.xs.XMLSchemaValidator.reportSchemaError(Unknown Source)
    at org.apache.xerces.impl.xs.XMLSchemaValidator.processAttributes(Unknown Source)
    at org.apache.xerces.impl.xs.XMLSchemaValidator.handleStartElement(Unknown Source)
    at org.apache.xerces.impl.xs.XMLSchemaValidator.startElement(Unknown Source)
    at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanStartElement(Unknown Source)
    at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
    at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
    at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
    at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
    at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
    at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
    at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
    at javax.xml.parsers.DocumentBuilder.parse(Unknown Source)
    at com.axiomatics.delegent.client.commons.importer.PolicyImporter.importInputStream(PolicyImporter.java:285)
    at com.axiomatics.delegent.client.commons.importer.PolicyImporter.importFile(PolicyImporter.java:264)

更具体地说,它说:

属性“functionid”不允许出现在元素“xacml3:Apply”中。

这是一个 XML 验证错误。XACML 模式不期望functionid在 XML 元素内调用 XML 属性Apply

相反,它期望FunctionId. 您所要做的就是应用正确的大小写,然后像魅力一样导入保单。

顺便说一句,您使用的任何原因urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of

于 2015-11-25T03:47:51.327 回答
0

我已经在定义“string-bag”元素的语句序列中隔离了 XACML 语法错误(请参阅下面的示例代码)。固定语法后,条件现在正在执行,以验证选项列表中的城市名称: 

<xacml3:Condition>
 <xacml3:Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of">
    <xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:environment-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></xacml3:AttributeDesignator>
    <xacml3:Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag">
       <xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Brasilia</xacml3:AttributeValue>
       <xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Curitiba</xacml3:AttributeValue>
       <xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Bahia</xacml3:AttributeValue>
       <xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Porto Alegre</xacml3:AttributeValue>
       <xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Rio de Janeiro</xacml3:AttributeValue>
       <xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">São Paulo</xacml3:AttributeValue>
    </xacml3:Apply>
 </xacml3:Apply>

于 2015-11-23T20:27:55.030 回答