上传 xacml 策略不起作用答案

【问题标题】：uploading xacml policy not working上传 xacml 策略不起作用
【发布时间】：2013-11-16 14:55:55
【问题描述】：

我尝试运行以下包含 XPath 函数的 XACML 策略：

<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
        xmlns:xacml="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="sample-xpath-policy-1"
        RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"
        Version="1.0">
    <Description>Sample XPath policy. XPath evaluation is done with respect to content element
        and check for a matching value. Here content element has been not bounded with custom namespace and prefix
        So default XACML namespace has been inherited to content element.
    You can use sample requests from request_0008_01.xml to request_0008_03.xml  evaluate this policy using Try-it tool in management console.
        Requests can be found here [1] https://svn.wso2.org/repos/wso2/trunk/commons/balana/modules/balana-core/src/test/resources/basic/3/requests
    </Description>
    <PolicyDefaults>
        <XPathVersion>http://www.w3.org/TR/1999/REC-xpath-19991116</XPathVersion>
    </PolicyDefaults>
    <Target>
        <AnyOf>
            <AllOf>
                <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
                    <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
                    <AttributeDesignator MustBePresent="false"
                                         Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
                                         AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
                                         DataType="http://www.w3.org/2001/XMLSchema#string"/>
                </Match>
            </AllOf>
        </AnyOf>
    </Target>
    <Rule RuleId="rule1" Effect="Permit">
    <Description>Rule to match value in content element using XPath</Description>
        <Condition>
            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
                <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
                <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
                    <AttributeDesignator
                            Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
                            AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
                            DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
                </Apply>
                <AttributeSelector MustBePresent="false"
                                     Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
                                     Path="//xacml:record/xacml:patient/xacml:patientId/text()"
                                     DataType="http://www.w3.org/2001/XMLSchema#string"/>
            </Apply>
        </Condition>
    </Rule>
    <Rule RuleId="rule2" Effect="Deny">
        <Description>Deny rule</Description>
    </Rule>
</Policy>

但我无法将其上传到我的WSO2 identity server 4.5

这是服务器返回的消息：

策略上传失败。尝试调用时发生异常服务方法 addPolicy

请你帮我解决问题

这是我尝试上传策略时的日志内容

TID[-1234] [IS] [2013-11-17 15:58:10,578] 错误 {org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver} - 异常尝试调用服务方法 addPolicy 时发生 org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:296) org.apache.axiom.om.impl.llom.OMElementImpl.buildNext(OMElementImpl.java:653) org.apache.axiom.om.impl.llom.OMElementImpl.getFirstOMChild(OMElementImpl.java:670) org.apache.axiom.om.impl.llom.OMElementImpl.getText(OMElementImpl.java:781) org.apache.axis2.databinding.typemapping.SimpleTypeMapper.getSimpleTypeObject(SimpleTypeMapper.java:77) org.apache.axis2.databinding.utils.BeanUtil.deserialize(BeanUtil.java:457) org.apache.axis2.databinding.utils.BeanUtil.processObject(BeanUtil.java:827) org.apache.axis2.databinding.utils.BeanUtil.ProcessElement(BeanUtil.java:746) org.apache.axis2.databinding.utils.BeanUtil.deserialize(BeanUtil.java:655) org.apache.axis2.rpc.receivers.RPCUtil.processRequest(RPCUtil.java:153) org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:206) org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver.invokeBusinessLogic(RPCInOnlyMessageReceiver.java:66) org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:110) org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:169) org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:82) org.wso2.carbon.core.transports.local.CarbonLocalTransportSender.finalizeSendWithToAddress(CarbonLocalTransportSender.java:45) org.apache.axis2.transport.local.LocalTransportSender.invoke(LocalTransportSender.java:77) org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442) org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:398) org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:224) org.apache.axis2.client.OperationClient.execute(OperationClient.java:149) org.wso2.carbon.identity.entitlement.stub.EntitlementPolicyAdminServiceStub.addPolicy(EntitlementPolicyAdminServiceStub.java:1320) org.wso2.carbon.identity.entitlement.ui.client.EntitlementPolicyAdminServiceClient.uploadPolicy(EntitlementPolicyAdminServiceClient.java:242) org.wso2.carbon.identity.entitlement.ui.client.EntitlementPolicyUploadExecutor.execute(EntitlementPolicyUploadExecutor.java:86) org.wso2.carbon.ui.transports.fileupload.AbstractFileUploadExecutor.executeGeneric(AbstractFileUploadExecutor.java:104) org.wso2.carbon.ui.transports.fileupload.FileUploadExecutorManager$CarbonXmlFileUploadExecHandler.execute(FileUploadExecutorManager.java:392) org.wso2.carbon.ui.transports.fileupload.FileUploadExecutorManager$FileUploadExecutionHandlerManager.startExec(FileUploadExecutorManager.java:276) org.wso2.carbon.ui.transports.fileupload.FileUploadExecutorManager.execute(FileUploadExecutorManager.java:125) org.wso2.carbon.ui.transports.FileUploadServlet.doPost(FileUploadServlet.java:57) javax.servlet.http.HttpServlet.service(HttpServlet.java:755) javax.servlet.http.HttpServlet.service(HttpServlet.java:848) org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37) org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68) javax.servlet.http.HttpServlet.service(HttpServlet.java:848) org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61) org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation（CompositeValve.java:178） org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56) org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValve(TomcatValveContainer.java:47) org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141) org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156) org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936) org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52) org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) org.apache.catalina.connector.CoyoteAdapter.service（CoyoteAdapter.java:407） org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004) org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653) java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) java.lang.Thread.run(Thread.java:662) TID[-1234] [IS] [2013-11-17 15:58:10,640] 错误 {org.wso2.carbon.ui.transports.fileupload.AbstractFileUploadExecutor} - 策略上传失败。尝试调用服务方法 addPolicy 时发生异常

【问题讨论】：

我对 WSO2 身份服务器一无所知，但我怀疑是否有人能够帮助您解决此错误消息，因为它基本上什么也没说。我想有一种方法可以在日志中获取更详细的消息或更多信息。

标签： xpath wso2is xacml

【解决方案1】：

您使用的 Identity Server 版本是什么？ 4.5.0 ?我猜，您厌倦了使用“Write Policy in XML”选项将此策略添加到 WSO2IS 4.5.0。在 450 版本中有一个已知的issue 带有“Write Policy in XML”。因此，您可以将此策略复制到文件中，然后将文件上传到 WSO2IS。我已经用 45o 厌倦了你的保单，它可以作为文件上传。

【讨论】：

我添加了错误日志，你能解释一下问题吗
好的，谢谢。但我们没有遇到过这样的错误。但会经历它..你能告诉我更多细节..你正在运行新的身份服务器实例吗？ 4.5.0 版？什么是操作系统？你还做过什么其他特殊配置吗？
我使用全新的身份服务器版本 4.5.0，我在 windows xp 版本 2 上运行它并且我没有进行任何特殊配置