发送多个属性的请求自定义策略信息点(PIP)我使用WSO2IS 5.3.0,我已经跟随在本网站上的说明:https://docs.wso2.com/display/IS530/Writing+a+Custom+Policy+Info+PointWSO2身份服务器 - 在WSO2IS
我已经成功实现了自定义PIP属性查找器(KMarketJDBCAttributeFinder),迄今为止这么好。我遇到的问题是我想发送多个属性,但属性查找器只能选择一个。接下来,我的政策和要求:
XACML策略:
<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
xmlns:xacml="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
PolicyId="My-Custom-Policy"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"
Version="1.0">
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">subj-id</AttributeValue>
<AttributeDesignator
MustBePresent="false"
Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Rule RuleId="rule1" Effect="Permit">
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">action-value</AttributeValue>
<AttributeDesignator
MustBePresent="false"
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
<Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">some-value-returned-by-custom-pip-finder-jar</AttributeValue>
<AttributeDesignator
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
AttributeId="urn:my:custom:id:data-one"
DataType="http://www.w3.org/2001/XMLSchema#string"
MustBePresent="false"/>
</Apply>
</Condition>
</Rule>
<Rule RuleId="rule2" Effect="Deny"/>
</Policy>
XACML请求:
<Request xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" CombinedDecision="false" ReturnPolicyIdList="false">
<Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">subj-id</AttributeValue>
</Attribute>
</Attributes>
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">action-value</AttributeValue>
</Attribute>
</Attributes>
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">re-src-id</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:my:custom:id:data-one" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">data-one</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:my:custom:id:data-two" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">data-two</AttributeValue>
</Attribute>
</Attributes>
</Request>
正如你所看到的,我送三个属性作为资源类别的一部分;但是当我调试的代码,我只能看到这些属性中的一个拿起(其他被忽略)
此外,从我使用海关属性Id的要求和政策:urn:my:custom:id:data-one
和urn:my:custom:id:data-two
¿如何我可以发送多个属性(不使用“多个请求”选项,我只发送一个请求),并确认所有属性都可以通过我的自定义属性查找器PIP扩展来正确获取?