包的 XACML 类型是什么?
我的条件函数是string-at-least-one-member-of,我string-bag在我的请求中使用该函数。DataType我为包提供什么数据类型AttributeDesignator?
我的条件是:
<xacml3:Condition>
<xacml3:Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of">
<xacml3:AttributeDesignator AttributeId="test:xacml:1.0:county" DataType="http://www.w3.org/2001/XMLSchema#string" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" MustBePresent="false"></xacml3:AttributeDesignator>
<xacml3:AttributeDesignator AttributeId="test:xacml:1.0:counties" DataType="WHAT SHOULD THIS BE?" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" MustBePresent="false"></xacml3:AttributeDesignator>
</xacml3:Apply>
</xacml3:Condition>
我的属性是
<xacml3:Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
<xacml3:Attribute AttributeId="test:xacml:1.0:counties" IncludeInResult="false">
<xacml3:Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag">
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">travis</xacml3:AttributeValue>
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">brazoria</xacml3:AttributeValue>
<xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">dallas</xacml3:AttributeValue>
</xacml3:Apply>
</xacml3:Attribute>
</xacml3:Attributes>
当我在 WSO2 中尝试请求时,我得到
<Response xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
<Result>
<Decision>Deny</Decision>
<Status>
<StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
</Status>
</Result>
</Response>
对于那些对整个文件感兴趣的人,我的要求是:
<Request xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" CombinedDecision="false" ReturnPolicyIdList="true">
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
<Attribute AttributeId="test:xacml:1.0:county" IncludeInResult="true">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">travis</AttributeValue>
</Attribute>
</Attributes>
<Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
<Attribute AttributeId="test:xacml:1.0:counties" IncludeInResult="true">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">travis</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">brazoria</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">dallas</AttributeValue>
</Apply>
</Attribute>
</Attributes>
</Request>
我的政策是:
<xacml3:Policy xmlns:xacml3="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="county-based-3" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" Version="1.0">
<xacml3:Description></xacml3:Description>
<xacml3:Target></xacml3:Target>
<xacml3:Rule Effect="Permit" RuleId="http://axiomatics.com/alfa/identifier/stackoverflow.example.checkGroup">
<xacml3:Description></xacml3:Description>
<xacml3:Target></xacml3:Target>
<xacml3:Condition>
<xacml3:Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of">
<xacml3:AttributeDesignator AttributeId="test:xacml:1.0:county" DataType="http://www.w3.org/2001/XMLSchema#string" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" MustBePresent="false"></xacml3:AttributeDesignator>
<xacml3:AttributeDesignator AttributeId="test:xacml:1.0:counties" DataType="http://www.w3.org/2001/XMLSchema#string" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" MustBePresent="false"></xacml3:AttributeDesignator>
</xacml3:Apply>
</xacml3:Condition>
</xacml3:Rule>
<xacml3:Rule Effect="Deny" RuleId="deny-rule"></xacml3:Rule>
