0
我有一個具有多個決策配置文件(MDP)元素的XML XACML請求 - 同一類型的多個類別,以及可選的MultipleRequest元素。 這個請求在Wso2 IS 5.3.0下正常工作。Wso2 Identity Server是否通過JSON支持MDP?
但是,如果我試圖重寫JSON形式申請,相當於XACML JSON檔案,Wso2IS不處理它預期:
- 如果我使用多請求對象,服務器返回錯誤(40020)「請求解析異常」
- 如果我只是枚舉多個類別對象的數組,沒有明確的多請求,服務器不會在這些類別
在JSON單決定請求與wso2is 5.3.0正確處理發現的任何屬性值。
wso2is的這種行爲預計是由於當前的設計限制,或者可能是,我寫了一個錯誤的JSON MDP請求?
我的XML XACML請求(情況有明確多請求):
<Request xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
CombinedDecision="false"
ReturnPolicyIdList="true">
<Attributes id="res-01" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
<Attribute AttributeId="urn:mytest:testapp:xacml:resource:property-chain:Lesson.Id" IncludeInResult="true">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">lesson_834570716063946</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:mytest:testapp:xacml:resource:property-chain:Lesson.Uot.ResponsiblePersonId" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">person_456454345234353</AttributeValue>
</Attribute>
</Attributes>
<Attributes id="res-02" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
<Attribute AttributeId="urn:mytest:testapp:xacml:resource:property-chain:Lesson.Id" IncludeInResult="true">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">lesson_8345707160639460</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:mytest:testapp:xacml:resource:property-chain:Lesson.Uot.ResponsiblePersonId" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">person_4564543452343530</AttributeValue>
</Attribute>
</Attributes>
<Attributes id="res-03" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
<Attribute AttributeId="urn:mytest:testapp:xacml:resource:property-chain:Lesson.Id" IncludeInResult="true">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">lesson_834570716063947</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:mytest:testapp:xacml:resource:property-chain:Lesson.Uot.ResponsiblePersonId" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">person_456454345234353</AttributeValue>
</Attribute>
</Attributes>
<Attributes id="subj" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">uid_1234567</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:mytest:testapp:xacml:subject:person-id" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">person_456454345234353</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:mytest:testapp:xacml:subject:permissions:LessonOperationsOnMyOwnUots-enabled" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#boolean">true</AttributeValue>
</Attribute>
</Attributes>
<Attributes id="act-01" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="true">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Courses.EditLesson</AttributeValue>
</Attribute>
</Attributes>
<Attributes id="act-02" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="true">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Courses.EditLesson</AttributeValue>
</Attribute>
</Attributes>
<MultiRequests>
<RequestReference>
<AttributesReference ReferenceId="subj"/>
<AttributesReference ReferenceId="act-01"/>
<AttributesReference ReferenceId="res-01"/>
</RequestReference>
<RequestReference>
<AttributesReference ReferenceId="subj"/>
<AttributesReference ReferenceId="act-01"/>
<AttributesReference ReferenceId="res-02"/>
</RequestReference>
<RequestReference>
<AttributesReference ReferenceId="subj"/>
<AttributesReference ReferenceId="act-02"/>
<AttributesReference ReferenceId="res-03"/>
</RequestReference>
</MultiRequests>
</Request>
我的JSON XACML請求:
{
"Request": {
"CombinedDecision": false,
"ReturnPolicyIdList": true,
"Category": [
{
"Id": "res-01",
"CategoryId": "urn:oasis:names:tc:xacml:3.0:attribute-category:resource",
"Attribute": [
{
"AttributeId": "urn:mytest:testapp:xacml:resource:property-chain:Lesson.Id",
"Value": "lesson_834570716063946"
},
{
"AttributeId": "urn:mytest:testapp:xacml:resource:property-chain:Lesson.Uot.ResponsiblePersonId",
"Value": "person_456454345234353"
}
]
},
{
"Id": "res-02",
"CategoryId": "urn:oasis:names:tc:xacml:3.0:attribute-category:resource",
"Attribute": [
{
"AttributeId": "urn:mytest:testapp:xacml:resource:property-chain:Lesson.Id",
"Value": "lesson_8345707160639460"
},
{
"AttributeId": "urn:mytest:testapp:xacml:resource:property-chain:Lesson.Uot.ResponsiblePersonId",
"Value": "person_4564543452343530"
}
]
}
],
"AccessSubject": {
"Id": "subj",
"Attribute": [
{
"AttributeId": "urn:oasis:names:tc:xacml:1.0:subject:subject-id",
"Value": "uid_1234567"
},
{
"AttributeId": "urn:mytest:testapp:xacml:subject:person-id",
"Value": "person_456454345234353"
},
{
"AttributeId": "urn:mytest:testapp:xacml:subject:permissions:LessonOperationsOnMyOwnUots-enabled",
"DataType": "boolean",
"Value": true
}
]
},
"Action": {
"Id": "act-01",
"Attribute": [
{
"AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
"Value": "Courses.CreateLesson"
}
]
},
"MultiRequests": {
"RequestReference": [
{
"ReferenceId": ["res-01","act-01","subj"]
},
{
"ReferenceId": ["res-02","act-01","subj"]
}
]
}
}
}