0

我为授权创建了一个 XACML 文件,如下所示:

<?xml version="1.0" encoding="UTF-8"?><PolicySet xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicySetId="mysecurity:security:policyset:testmypolicyapi" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides" xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:oshttp://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-context-schema-os.xsd">
<Policy PolicyId="mytest:security:policy:testcollection" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
<Description>This is a test policy,not for official use</Description>
<Target/>
<Rule Effect="Deny" RuleId="RuleIdrule1">
<Description>This is a test rule</Description>
<Target>
<Subjects>
<Subject>
<SubjectMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ADMIN</AttributeValue>
<SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:ADMIN" DataType="POLICY_ATTRIBUTEDATATYPE"/>
</SubjectMatch>
</Subject>
</Subjects>
<Resources>
<Resource>
<ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TESTRESOURCE1</AttributeValue>
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:TESTRESOURCE1" DataType="http://www.w3.org/2001/XMLSchema#string"/>
</ResourceMatch>
</Resource>
</Resources>
<Actions>
<Action>
<ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TESTACTION</AttributeValue>
<ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:TESTACTION"/>
</ActionMatch>
</Action>
</Actions>
</Target>
</Rule>
</Policy>
</PolicySet>

我正在做基于 balana 的验证,但出现以下错误:

 resource missing resource-id

但我已经提到了资源 ID,相同的代码适用于 balana 测试策略文件,不同之处在于我使用的是策略集而不是“策略”。

4

1 回答 1

0

您能否告诉我们您正在使用的 XACML 请求。如果没有,请尝试更改策略中的以下值并尝试。我想这可能是问题所在。在您的请求中,您可以发送resource-id值作为属性 id

urn:oasis:names:tc:xacml:1.0:resource:TESTRESOURCE1

进入

urn:oasis:names:tc:xacml:1.0:resource:resource-id

于 2014-03-20T11:52:31.510 回答