0
我有一个具有多个决策配置文件(MDP)元素的XML XACML请求 - 同一类型的多个类别,以及可选的MultipleRequest元素。 这个请求在Wso2 IS 5.3.0下正常工作。Wso2 Identity Server是否通过JSON支持MDP?
但是,如果我试图重写JSON形式申请,相当于XACML JSON档案,Wso2IS不处理它预期:
- 如果我使用多请求对象,服务器返回错误(40020)“请求解析异常”
- 如果我只是枚举多个类别对象的数组,没有明确的多请求,服务器不会在这些类别
在JSON单决定请求与wso2is 5.3.0正确处理发现的任何属性值。
wso2is的这种行为预计是由于当前的设计限制,或者可能是,我写了一个错误的JSON MDP请求?
我的XML XACML请求(情况有明确多请求):
<Request xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
CombinedDecision="false"
ReturnPolicyIdList="true">
<Attributes id="res-01" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
<Attribute AttributeId="urn:mytest:testapp:xacml:resource:property-chain:Lesson.Id" IncludeInResult="true">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">lesson_834570716063946</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:mytest:testapp:xacml:resource:property-chain:Lesson.Uot.ResponsiblePersonId" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">person_456454345234353</AttributeValue>
</Attribute>
</Attributes>
<Attributes id="res-02" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
<Attribute AttributeId="urn:mytest:testapp:xacml:resource:property-chain:Lesson.Id" IncludeInResult="true">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">lesson_8345707160639460</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:mytest:testapp:xacml:resource:property-chain:Lesson.Uot.ResponsiblePersonId" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">person_4564543452343530</AttributeValue>
</Attribute>
</Attributes>
<Attributes id="res-03" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
<Attribute AttributeId="urn:mytest:testapp:xacml:resource:property-chain:Lesson.Id" IncludeInResult="true">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">lesson_834570716063947</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:mytest:testapp:xacml:resource:property-chain:Lesson.Uot.ResponsiblePersonId" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">person_456454345234353</AttributeValue>
</Attribute>
</Attributes>
<Attributes id="subj" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">uid_1234567</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:mytest:testapp:xacml:subject:person-id" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">person_456454345234353</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:mytest:testapp:xacml:subject:permissions:LessonOperationsOnMyOwnUots-enabled" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#boolean">true</AttributeValue>
</Attribute>
</Attributes>
<Attributes id="act-01" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="true">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Courses.EditLesson</AttributeValue>
</Attribute>
</Attributes>
<Attributes id="act-02" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="true">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Courses.EditLesson</AttributeValue>
</Attribute>
</Attributes>
<MultiRequests>
<RequestReference>
<AttributesReference ReferenceId="subj"/>
<AttributesReference ReferenceId="act-01"/>
<AttributesReference ReferenceId="res-01"/>
</RequestReference>
<RequestReference>
<AttributesReference ReferenceId="subj"/>
<AttributesReference ReferenceId="act-01"/>
<AttributesReference ReferenceId="res-02"/>
</RequestReference>
<RequestReference>
<AttributesReference ReferenceId="subj"/>
<AttributesReference ReferenceId="act-02"/>
<AttributesReference ReferenceId="res-03"/>
</RequestReference>
</MultiRequests>
</Request>
我的JSON XACML请求:
{
"Request": {
"CombinedDecision": false,
"ReturnPolicyIdList": true,
"Category": [
{
"Id": "res-01",
"CategoryId": "urn:oasis:names:tc:xacml:3.0:attribute-category:resource",
"Attribute": [
{
"AttributeId": "urn:mytest:testapp:xacml:resource:property-chain:Lesson.Id",
"Value": "lesson_834570716063946"
},
{
"AttributeId": "urn:mytest:testapp:xacml:resource:property-chain:Lesson.Uot.ResponsiblePersonId",
"Value": "person_456454345234353"
}
]
},
{
"Id": "res-02",
"CategoryId": "urn:oasis:names:tc:xacml:3.0:attribute-category:resource",
"Attribute": [
{
"AttributeId": "urn:mytest:testapp:xacml:resource:property-chain:Lesson.Id",
"Value": "lesson_8345707160639460"
},
{
"AttributeId": "urn:mytest:testapp:xacml:resource:property-chain:Lesson.Uot.ResponsiblePersonId",
"Value": "person_4564543452343530"
}
]
}
],
"AccessSubject": {
"Id": "subj",
"Attribute": [
{
"AttributeId": "urn:oasis:names:tc:xacml:1.0:subject:subject-id",
"Value": "uid_1234567"
},
{
"AttributeId": "urn:mytest:testapp:xacml:subject:person-id",
"Value": "person_456454345234353"
},
{
"AttributeId": "urn:mytest:testapp:xacml:subject:permissions:LessonOperationsOnMyOwnUots-enabled",
"DataType": "boolean",
"Value": true
}
]
},
"Action": {
"Id": "act-01",
"Attribute": [
{
"AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
"Value": "Courses.CreateLesson"
}
]
},
"MultiRequests": {
"RequestReference": [
{
"ReferenceId": ["res-01","act-01","subj"]
},
{
"ReferenceId": ["res-02","act-01","subj"]
}
]
}
}
}