我试图运行这个简单的PDP:我输入一个XML作为参数并打印响应。 答复是正确的,但我看不到义务部分的解释/执行。 我做错了什么?
主要:
package run;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.openliberty.openaz.azapi.AzEntity;
import org.openliberty.openaz.azapi.AzRequestContext;
import org.openliberty.openaz.azapi.AzResponseContext;
import org.openliberty.openaz.azapi.AzResult;
import org.openliberty.openaz.azapi.AzService;
import org.openliberty.openaz.azapi.constants.AzCategoryIdAction;
import org.openliberty.openaz.azapi.constants.AzCategoryIdResource;
import org.openliberty.openaz.azapi.constants.AzCategoryIdSubjectAccess;
import org.openliberty.openaz.azapi.constants.AzDataTypeIdString;
import org.openliberty.openaz.azapi.constants.AzXacmlStrings;
import org.wso2.balana.ParsingException;
import org.wso2.balana.UnknownIdentifierException;
import org.wso2.balana.openaz.provider.AzServiceFactory;
import org.wso2.balana.openaz.provider.SimpleConcreteBalanaService;
public class Main_ {
public static void main(String[] args) {
// TODO Auto-generated method stub
SimpleConcreteBalanaService service = null;
try {
service = new SimpleConcreteBalanaService("policy_.xml", "PATHTODAPOLICY");
} catch (ParsingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (UnknownIdentifierException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
AzServiceFactory.registerDefaultProvider(service);
AzService azHandle = AzServiceFactory.getAzService();
AzRequestContext azReqCtx = azHandle.createAzRequestContext();
AzEntity<AzCategoryIdSubjectAccess> accSubj = azReqCtx.createAzEntity(AzCategoryIdSubjectAccess.AZ_CATEGORY_ID_SUBJECT_ACCESS);
accSubj.createAzAttribute("AuthNSystem",AzXacmlStrings.X_ATTR_SUBJECT_ID, accSubj.createAzAttributeValue(AzDataTypeIdString.AZ_DATATYPE_ID_STRING,"alice"));
azReqCtx.addAzEntity(accSubj);
AzEntity<AzCategoryIdResource> azResource = azReqCtx.createAzEntity(AzCategoryIdResource.AZ_CATEGORY_ID_RESOURCE);
azResource.createAzAttribute("applicationName",AzXacmlStrings.X_ATTR_RESOURCE_ID,azResource.createAzAttributeValue(AzDataTypeIdString.AZ_DATATYPE_ID_STRING, "doc"));
azReqCtx.addAzEntity(azResource);
AzEntity<AzCategoryIdAction> azAction = azReqCtx.createAzEntity(AzCategoryIdAction.AZ_CATEGORY_ID_ACTION);
azAction.createAzAttribute("applicationName",AzXacmlStrings.X_ATTR_ACTION_ID, azAction.createAzAttributeValue(AzDataTypeIdString.AZ_DATATYPE_ID_STRING,"read"));
azReqCtx.addAzEntity(azAction);
Set<AzEntity<AzCategoryIdAction>> azActions = new HashSet<AzEntity<AzCategoryIdAction>>();
azActions.add(azAction);
azReqCtx.addResourceActionAssociation(azResource, azActions);
AzResponseContext azRspCtx = azHandle.decide(azReqCtx);
AzResult azResult = null;
Iterator<AzResult> itResults = azRspCtx.getResults().iterator();
while (itResults.hasNext()) {
azResult = itResults.next();
System.out.println(azResult.getAzDecision() );
}
}
}
XML政策
<?xml version="1.0" encoding="UTF-8"?>
<Policy
xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd"
PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA1:policy"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides"
Version="3.0"
>
<Description>
</Description>
<Target/>
<Rule
RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA1:rule"
Effect="Permit">
<Description>
test
</Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Match>
</AllOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">access</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Match>
</AllOf>
</AnyOf>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">alice</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Match>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">doc</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<ObligationExpressions>
<ObligationExpression FulfillOn="Permit" ObligationId="email">
<AttributeAssignmentExpression AttributeId="emailId" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" Issuer="">
<AttributeDesignator AttributeId="manager-email" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</AttributeAssignmentExpression>
</ObligationExpression>
</ObligationExpressions>
</Rule>
</Policy>
结果:
###########################################################################################
Start processing request number: 1
for AzResourceActionAssociation w correlationId = 0
Subject AzEntity.getId: AzEntity(AzCategoryIdSubjectAccess)-0
Resource AzEntity.getId: AzEntity(AzCategoryIdResource)-1
Action AzEntity.getId: AzEntity(AzCategoryIdAction)-2
requestor subject-id: alice
requested resource-id: doc
requested action-id: read
All attributes:
Num subject attrs: 1
Id: urn:oasis:names:tc:xacml:1.0:subject:subject-id
Val: "alice"
Num resource attrs: 1
Id: urn:oasis:names:tc:xacml:1.0:resource:resource-id
Val: "doc"
Num action attrs: 1
Id: urn:oasis:names:tc:xacml:1.0:action:action-id
Val: "read"
Using AzService w azServiceCounter = 1
###########################################################################################
======================== XACML Request ====================
<Request xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" CombinedDecision="false" ReturnPolicyIdList="false">
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">access</AttributeValue>
</Attribute>
</Attributes>
<Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">alice</AttributeValue>
</Attribute>
</Attributes>
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">doc</AttributeValue>
</Attribute>
</Attributes>
</Request>
===========================================================
======================== XACML Response ===================
<Response>
<Result>
<Decision>Permit</Decision>
<Status>
<StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
</Status>
</Result>
</Response>