【发布时间】:2017-05-01 11:40:07
【问题描述】:
我有一个包含多个决策配置文件 (MDP) 元素的 XML XACML 请求 - 多个相同类型的类别,以及可选的 MultipleRequest 元素。 此请求适用于 Wso2 IS 5.3.0。
但是如果我尝试以 JSON 形式重写这个请求,对应于 XACML JSON Profile,Wso2IS 不会按预期处理它:
- 如果我使用 MultiRequest 对象,服务器返回错误 (40020) "Request Parse Exception"
- 如果我只是将几个类别对象枚举为数组,而没有明确的 MultiRequest,服务器在这些类别中找不到任何属性值
使用 wso2is 5.3.0 正确处理 JSON 中的单决策请求。
由于当前的设计限制,wso2is 的这种行为是预期的,还是我写了错误的 JSON MDP 请求?
我的 XML XACML 请求(显式 MultiRequest 的情况):
<Request xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
CombinedDecision="false"
ReturnPolicyIdList="true">
<Attributes id="res-01" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
<Attribute AttributeId="urn:mytest:testapp:xacml:resource:property-chain:Lesson.Id" IncludeInResult="true">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">lesson_834570716063946</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:mytest:testapp:xacml:resource:property-chain:Lesson.Uot.ResponsiblePersonId" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">person_456454345234353</AttributeValue>
</Attribute>
</Attributes>
<Attributes id="res-02" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
<Attribute AttributeId="urn:mytest:testapp:xacml:resource:property-chain:Lesson.Id" IncludeInResult="true">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">lesson_8345707160639460</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:mytest:testapp:xacml:resource:property-chain:Lesson.Uot.ResponsiblePersonId" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">person_4564543452343530</AttributeValue>
</Attribute>
</Attributes>
<Attributes id="res-03" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
<Attribute AttributeId="urn:mytest:testapp:xacml:resource:property-chain:Lesson.Id" IncludeInResult="true">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">lesson_834570716063947</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:mytest:testapp:xacml:resource:property-chain:Lesson.Uot.ResponsiblePersonId" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">person_456454345234353</AttributeValue>
</Attribute>
</Attributes>
<Attributes id="subj" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">uid_1234567</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:mytest:testapp:xacml:subject:person-id" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">person_456454345234353</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:mytest:testapp:xacml:subject:permissions:LessonOperationsOnMyOwnUots-enabled" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#boolean">true</AttributeValue>
</Attribute>
</Attributes>
<Attributes id="act-01" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="true">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Courses.EditLesson</AttributeValue>
</Attribute>
</Attributes>
<Attributes id="act-02" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="true">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Courses.EditLesson</AttributeValue>
</Attribute>
</Attributes>
<MultiRequests>
<RequestReference>
<AttributesReference ReferenceId="subj"/>
<AttributesReference ReferenceId="act-01"/>
<AttributesReference ReferenceId="res-01"/>
</RequestReference>
<RequestReference>
<AttributesReference ReferenceId="subj"/>
<AttributesReference ReferenceId="act-01"/>
<AttributesReference ReferenceId="res-02"/>
</RequestReference>
<RequestReference>
<AttributesReference ReferenceId="subj"/>
<AttributesReference ReferenceId="act-02"/>
<AttributesReference ReferenceId="res-03"/>
</RequestReference>
</MultiRequests>
</Request>
我的 JSON XACML 请求:
{
"Request": {
"CombinedDecision": false,
"ReturnPolicyIdList": true,
"Category": [
{
"Id": "res-01",
"CategoryId": "urn:oasis:names:tc:xacml:3.0:attribute-category:resource",
"Attribute": [
{
"AttributeId": "urn:mytest:testapp:xacml:resource:property-chain:Lesson.Id",
"Value": "lesson_834570716063946"
},
{
"AttributeId": "urn:mytest:testapp:xacml:resource:property-chain:Lesson.Uot.ResponsiblePersonId",
"Value": "person_456454345234353"
}
]
},
{
"Id": "res-02",
"CategoryId": "urn:oasis:names:tc:xacml:3.0:attribute-category:resource",
"Attribute": [
{
"AttributeId": "urn:mytest:testapp:xacml:resource:property-chain:Lesson.Id",
"Value": "lesson_8345707160639460"
},
{
"AttributeId": "urn:mytest:testapp:xacml:resource:property-chain:Lesson.Uot.ResponsiblePersonId",
"Value": "person_4564543452343530"
}
]
}
],
"AccessSubject": {
"Id": "subj",
"Attribute": [
{
"AttributeId": "urn:oasis:names:tc:xacml:1.0:subject:subject-id",
"Value": "uid_1234567"
},
{
"AttributeId": "urn:mytest:testapp:xacml:subject:person-id",
"Value": "person_456454345234353"
},
{
"AttributeId": "urn:mytest:testapp:xacml:subject:permissions:LessonOperationsOnMyOwnUots-enabled",
"DataType": "boolean",
"Value": true
}
]
},
"Action": {
"Id": "act-01",
"Attribute": [
{
"AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
"Value": "Courses.CreateLesson"
}
]
},
"MultiRequests": {
"RequestReference": [
{
"ReferenceId": ["res-01","act-01","subj"]
},
{
"ReferenceId": ["res-02","act-01","subj"]
}
]
}
}
}
【问题讨论】:
标签: json authorization wso2is xacml abac