0

我尝试使用 POSTMAN 向 wso2 授权端点发送 JSON 请求

这是我在身份服务器中发布的策略:

<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="samplePolicy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0">
    <Target>
        <AnyOf>
            <AllOf>
                <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                    <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">
                                             read
                                        </AttributeValue>
                    <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
                </Match>
            </AllOf>
        </AnyOf>
    </Target>
    <Rule Effect="Permit" RuleId="permit"/>

这是我发送的 JSON 请求:

    {
    "Request": {
        "Action": {
            "Attribute": [
                {
                    "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
                    "Value": "read"
                }
            ]
        },
        "Resource": {
            "Attribute": [
                {
                    "AttributeId": "urn:oasis:names:tc:xacml:1.0:resource:resource-id",
                    "Value": "http://127.0.0.1/service/very_secure/"
                }
            ]
        }
    }
}

这两个代码块都来自这个博客 https://medium.com/@gdrdabarera/how-entitlement-management-works-with-rest-api-via-xacml-in-wso2-identity-server-5-3- 0-7a60940d040c#.4lxgiw6tn

但无论我尝试什么,它总是给我“不确定”的回应

邮递员回复截图

我也尝试自己的政策和要求,但我总是得到相同的回应

到底是怎么回事?

4

2 回答 2

2

已修复:删除 xml 策略中“读取”属性值之前和之后的所有空格:

<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"  PolicyId="samplePolicyforJSON" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0">
   <Target>
      <AnyOf>
         <AllOf>
            <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
               <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
               <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
            </Match>
         </AllOf>
      </AnyOf>
   </Target>
   <Rule Effect="Permit" RuleId="permit"></Rule>
</Policy>

经测试:

XACML 请求:

{
    "Request": {
        "Action": {
            "Attribute": [
                {
                    "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
                    "Value": "read"
                }
            ]
        },
        "Resource": {
            "Attribute": [
                {
                    "AttributeId": "urn:oasis:names:tc:xacml:1.0:resource:resource-id",
                    "Value": "http://127.0.0.1/service/very_secure/"
                }
            ]
        }
    }
}

XACML 回应:

{
  "Response": [
    {
      "Decision": "Permit",
      "Status": {
        "StatusCode": {
          "Value": "urn:oasis:names:tc:xacml:1.0:status:ok"
        }
      }
    }
  ]
}

与:

XACML 请求:

<Request xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" CombinedDecision="false" ReturnPolicyIdList="false">
    <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
        <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" IncludeInResult="false">
           <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">http://localhost/secureAccess/resource</AttributeValue>
        </Attribute>
    </Attributes>   
    <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
        <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="false">
            <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
        </Attribute>
    </Attributes>
</Request>

XACML 回应:

<Response xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
    <Result>
        <Decision>Permit</Decision>
        <Status>
            <StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
        </Status>
    </Result>
</Response>
于 2017-03-20T04:29:57.493 回答
0

如果您正确执行了所有步骤,它应该可以工作。添加策略后,请检查策略是否添加正确。例如。删除策略中不必要的空格

将其正确发布到 PDP 并尝试。您也可以在 IS 5.3.0 的策略窗口中尝试“尝试”选项。仅使用 xml 请求,因为它不适用于 JSON

于 2017-03-20T13:06:17.800 回答