使用XACML V.3"条件"包含多个语句的逻辑我在保存新策略时收到错误。 WSO2 XML编辑器,以及策略" Upload"函数,拒绝下面附带的源代码,抛出以下错误信息:
错误
Policy uploading failed. Unsupported Entitlement Policy. Policy can not be parsed
或
Entitlement policy is not updated. Error is :Unsupported Entitlement Policy. Policy can not be parsed
下面是一个使用"条件"的策略的示例代码。逻辑。源代码以前使用XACML版本3架构进行了验证,并且被认为是有效的。
源代码示例:
<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="cfatest4" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0">
<Target></Target>
<Rule Effect="Deny" RuleId="Deny-Rule1">
<Target></Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
<Apply FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of">
<Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">myGroup</AttributeValue>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
<AttributeDesignator
AttributeId="http://w3.RED.com/subject/groupsUserBelong"
DataType="http://www.w3.org/2001/XMLSchema#string"
Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
MustBePresent="false"/>
</Apply>
</Apply>
</Apply>
</Condition>
<ObligationExpressions>
<ObligationExpression FulfillOn="Deny" ObligationId="groupscheck">
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:3.0:example:attribute:text">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Rule 1 - The groups validation error</AttributeValue>
</AttributeAssignmentExpression>
</ObligationExpression>
<ObligationExpression ObligationId="debug1" FulfillOn="Deny">
<AttributeAssignmentExpression AttributeId="debug1">
<AttributeDesignator AttributeId="http://w3.RED.com/subject/groupsUserBelong" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"></AttributeDesignator>
</AttributeAssignmentExpression>
</ObligationExpression>
</ObligationExpressions>
</Rule>
<Rule Effect="Permit" RuleId="Permit-Rule1">
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ldap</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
</Match>
</AllOf>
</AnyOf>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
</Match>
</AllOf>
</AnyOf>
</Target>
<ObligationExpressions>
<ObligationExpression FulfillOn="Permit" ObligationId="countrycheck">
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:3.0:example:attribute:text">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Rule 1: The Bluegroups validation passed successfully</AttributeValue>
</AttributeAssignmentExpression>
</ObligationExpression>
</ObligationExpressions>
</Rule>
<ObligationExpressions>
<ObligationExpression FulfillOn="Permit" ObligationId="allchecks">
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:3.0:example:attribute:text">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">The overall validation passed successfully</AttributeValue>
</AttributeAssignmentExpression>
</ObligationExpression>
</ObligationExpressions>
</Policy>
在&#34;条件&#34;中添加额外的解析器逻辑后,错误开始了。块。