0

我尝试运行以下包含 XPath 函数的 XACML 策略:

<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
        xmlns:xacml="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="sample-xpath-policy-1"
        RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"
        Version="1.0">
    <Description>Sample XPath policy. XPath evaluation is done with respect to content element
        and check for a matching value. Here content element has been not bounded with custom namespace and prefix
        So default XACML namespace has been inherited to content element.
    You can use sample requests from request_0008_01.xml to request_0008_03.xml  evaluate this policy using Try-it tool in management console.
        Requests can be found here [1] https://svn.wso2.org/repos/wso2/trunk/commons/balana/modules/balana-core/src/test/resources/basic/3/requests
    </Description>
    <PolicyDefaults>
        <XPathVersion>http://www.w3.org/TR/1999/REC-xpath-19991116</XPathVersion>
    </PolicyDefaults>
    <Target>
        <AnyOf>
            <AllOf>
                <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
                    <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
                    <AttributeDesignator MustBePresent="false"
                                         Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
                                         AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
                                         DataType="http://www.w3.org/2001/XMLSchema#string"/>
                </Match>
            </AllOf>
        </AnyOf>
    </Target>
    <Rule RuleId="rule1" Effect="Permit">
    <Description>Rule to match value in content element using XPath</Description>
        <Condition>
            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
                <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
                <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
                    <AttributeDesignator
                            Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
                            AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
                            DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
                </Apply>
                <AttributeSelector MustBePresent="false"
                                     Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
                                     Path="//xacml:record/xacml:patient/xacml:patientId/text()"
                                     DataType="http://www.w3.org/2001/XMLSchema#string"/>
            </Apply>
        </Condition>
    </Rule>
    <Rule RuleId="rule2" Effect="Deny">
        <Description>Deny rule</Description>
    </Rule>
</Policy>

但是我不能上传到我的WSO2 identity server 4.5

这是服务器返回的消息:

策略上传失败。尝试调用服务方法 addPolicy 时发生异常

请你帮我解决这个问题

这是我尝试上传策略时的日志内容

util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) java.lang.Thread.run(Thread.java:662) TID[-1234] [IS] [2013-11-17 15:58:10,640]错误 {org.wso2.carbon.ui.transports.fileupload.AbstractFileUploadExecutor} - 策略上传失败。尝试调用服务方法 addPolicy 时发生异常

4

1 回答 1

0

您使用的 Identity Server 版本是什么?4.5.0 ? 我猜,您厌倦了使用“Write Policy in XML”选项将此策略添加到 WSO2IS 4.5.0。450 版本中的“Write Policy in XML”存在一个已知问题。因此,您可以将此策略复制到文件中,然后将文件上传到 WSO2IS。我已经用 45o 厌倦了你的保单,它可以作为文件上传。

于 2013-11-17T14:16:18.887 回答