[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Hierarchical resources policy and request file
Hi Seth,
With XACML 2.0, I was using the 1.0 namespace in the
policy and request xml files.
I no longer get the NullPointer exception for
condition.
The revised (for 2.0) policy and request files are
attached.
I get the below exception:
================================================================================
ExpressionHandler.getFunction root.getAttributes() :
FunctionId="urn:oasis:names:tc:xacml:1.0:function:anyURI-is-in"
ExpressionHandler.getFunction
root.getAttributes().getNamedItem('FunctionId') :
org.apache.crimson.tree.AttributeNode@1e152c5
java.lang.IllegalArgumentException: illegal parameter
at
com.sun.xacml.cond.FunctionBase.checkInputs(FunctionBase.java:421)
at com.sun.xacml.cond.Apply.<init>(Apply.java:103)
at
com.sun.xacml.cond.Apply.getInstance(Apply.java:283)
at
com.sun.xacml.cond.Apply.getInstance(Apply.java:230)
at
com.sun.xacml.cond.ExpressionHandler.parseExpression(ExpressionHandler.java:60)
at
com.sun.xacml.cond.Condition.getInstance(Condition.java:200)
at com.sun.xacml.Rule.getInstance(Rule.java:208)
at com.sun.xacml.Policy.<init>(Policy.java:346)
at com.sun.xacml.Policy.getInstance(Policy.java:431)
at
com.sun.xacml.support.finder.PolicyReader.handleDocument(PolicyReader.java:256)
at
com.sun.xacml.support.finder.PolicyReader.readPolicy(PolicyReader.java:178)
at
com.sun.xacml.support.finder.StaticRefPolicyFinderModule.init(StaticRefPolicyFinderModule.java:175)
at
com.sun.xacml.finder.PolicyFinder.init(PolicyFinder.java:143)
at com.sun.xacml.PDP.<init>(PDP.java:102)
at
com.sun.xacml.support.SimplePDP.<init>(SimplePDP.java:176)
at
com.sun.xacml.support.SimplePDP.main(SimplePDP.java:232)
================================================================================
Thanks,
Dhirendra Sharma
--- dhirendra sharma <dhirendra_sh@yahoo.com> wrote:
> Hi Seth,
>
> I downloaded XACML 2.0 code base from sourceforge
> thinking that in XACML 2.0 Function identifier
> for Condition is optional, but I get exact same
> NullPointer exception at the same line.
>
> By looking at XACML implementation source code, I
> can
> determine where and why error is happening.
> But my steps to resolve the error are not getting
> right.
>
> Can you suggest any modification to the request and
> policy which can make it to work ?
>
> Thanks,
> Dhirendra Sharma
>
>
> --- Seth Proctor <Seth.Proctor@sun.com> wrote:
>
> >
> > Hi Dhirendra.
> >
> > > Where can i find detailed documentation about
> > > different functions supported for 1.2 and 2.0 ?
> >
> > Look at the XACML 1.1 and 2.0 (respectively)
> > specifications.
> >
> > > [...]
> > > I get the below exception :
> >
> > You're writing an XACML 1.x policy, which requires
> > that you specify a
> > Function Identifier in the Condition. You're
> seeing
> > an error because
> > you're not specifying a Function in your
> Condition.
> > The examples that
> > Anne provided use the XACML 2.0 syntax, in which
> no
> > Function is
> > specified in the Condition.
> >
> >
> > seth
> >
> >
>
---------------------------------------------------------------------
> > This publicly archived list supports open
> discussion
> > on using the
> > XACML OASIS Standard. To minimize spam in the
> > archives, you
> > must subscribe before posting.
> >
> > [Un]Subscribe/change address:
> > http://www.oasis-open.org/mlmanage/
> > Alternately, using email:
> > list-[un]subscribe@lists.oasis-open.org
> > List archives:
> > http://lists.oasis-open.org/archives/xacml-users/
> > Committee homepage:
> > http://www.oasis-open.org/committees/xacml/
> > List Guidelines:
> > http://www.oasis-open.org/maillists/guidelines.php
> > Join OASIS: http://www.oasis-open.org/join/
> >
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
> protection around
> http://mail.yahoo.com
>
>
---------------------------------------------------------------------
> This publicly archived list supports open discussion
> on using the
> XACML OASIS Standard. To minimize spam in the
> archives, you
> must subscribe before posting.
>
> [Un]Subscribe/change address:
> http://www.oasis-open.org/mlmanage/
> Alternately, using email:
> list-[un]subscribe@lists.oasis-open.org
> List archives:
> http://lists.oasis-open.org/archives/xacml-users/
> Committee homepage:
> http://www.oasis-open.org/committees/xacml/
> List Guidelines:
> http://www.oasis-open.org/maillists/guidelines.php
> Join OASIS: http://www.oasis-open.org/join/
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
<?xml version="1.0" encoding="UTF-8"?>
<Policy
xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd";
PolicyId="WCM-Release-Car_Policy"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
<Description>
Sample tree :
180820
/ \
180821 180822
/ \
180823 180824
</Description>
<!-- =============================================================================================== -->
<Target>
<Subjects>
<AnySubject/>
</Subjects>
<Resources>
<AnyResource/>
</Resources>
<Actions>
<AnyAction/>
</Actions>
</Target>
<!-- =============================================================================================== -->
<Rule RuleId="WCMReleaseCarRule1" Effect="Permit">
<Target>
<Subjects>
<AnySubject/>
</Subjects>
<Resources>
<AnyResource/>
</Resources>
<Actions>
<AnyAction/>
</Actions>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:anyURI-is-in">
<SubjectAttributeDesignator
AttributeId="subject-company"
DataType="xs:anyURI"/>
<ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
DataType="xs:anyURI"/>
</Apply>
</Condition>
</Rule>
<!-- =============================================================================================== -->
</Policy>
<?xml version="1.0" encoding="UTF-8"?>
<Request
xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd";>
<Subject>
<Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string";>
<AttributeValue>xmic001</AttributeValue>
</Attribute>
<Attribute AttributeId="group"
DataType="http://www.w3.org/2001/XMLSchema#string";>
<AttributeValue>WCM-Release-Car</AttributeValue> <!-- User group from LDAP -->
</Attribute>
<Attribute AttributeId="subject-company"
DataType="http://www.w3.org/2001/XMLSchema#anyURI";>
<AttributeValue>18021</AttributeValue> <!-- Top level company that this belongs to from LDAP -->
</Attribute>
</Subject>
<Resource>
<Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
DataType="http://www.w3.org/2001/XMLSchema#anyURI";>
<AttributeValue>180822</AttributeValue> <!-- Company to be read -->
</Attribute>
</Resource>
<Action>
<Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
DataType="http://www.w3.org/2001/XMLSchema#string";>
<AttributeValue>ReleaseCar</AttributeValue>
</Attribute>
</Action>
</Request>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]