[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Hierarchical resources policy and request file
Hi Seth, With XACML 2.0, I was using the 1.0 namespace in the policy and request xml files. I no longer get the NullPointer exception for condition. The revised (for 2.0) policy and request files are attached. I get the below exception: ================================================================================ ExpressionHandler.getFunction root.getAttributes() : FunctionId="urn:oasis:names:tc:xacml:1.0:function:anyURI-is-in" ExpressionHandler.getFunction root.getAttributes().getNamedItem('FunctionId') : org.apache.crimson.tree.AttributeNode@1e152c5 java.lang.IllegalArgumentException: illegal parameter at com.sun.xacml.cond.FunctionBase.checkInputs(FunctionBase.java:421) at com.sun.xacml.cond.Apply.<init>(Apply.java:103) at com.sun.xacml.cond.Apply.getInstance(Apply.java:283) at com.sun.xacml.cond.Apply.getInstance(Apply.java:230) at com.sun.xacml.cond.ExpressionHandler.parseExpression(ExpressionHandler.java:60) at com.sun.xacml.cond.Condition.getInstance(Condition.java:200) at com.sun.xacml.Rule.getInstance(Rule.java:208) at com.sun.xacml.Policy.<init>(Policy.java:346) at com.sun.xacml.Policy.getInstance(Policy.java:431) at com.sun.xacml.support.finder.PolicyReader.handleDocument(PolicyReader.java:256) at com.sun.xacml.support.finder.PolicyReader.readPolicy(PolicyReader.java:178) at com.sun.xacml.support.finder.StaticRefPolicyFinderModule.init(StaticRefPolicyFinderModule.java:175) at com.sun.xacml.finder.PolicyFinder.init(PolicyFinder.java:143) at com.sun.xacml.PDP.<init>(PDP.java:102) at com.sun.xacml.support.SimplePDP.<init>(SimplePDP.java:176) at com.sun.xacml.support.SimplePDP.main(SimplePDP.java:232) ================================================================================ Thanks, Dhirendra Sharma --- dhirendra sharma <dhirendra_sh@yahoo.com> wrote: > Hi Seth, > > I downloaded XACML 2.0 code base from sourceforge > thinking that in XACML 2.0 Function identifier > for Condition is optional, but I get exact same > NullPointer exception at the same line. > > By looking at XACML implementation source code, I > can > determine where and why error is happening. > But my steps to resolve the error are not getting > right. > > Can you suggest any modification to the request and > policy which can make it to work ? > > Thanks, > Dhirendra Sharma > > > --- Seth Proctor <Seth.Proctor@sun.com> wrote: > > > > > Hi Dhirendra. > > > > > Where can i find detailed documentation about > > > different functions supported for 1.2 and 2.0 ? > > > > Look at the XACML 1.1 and 2.0 (respectively) > > specifications. > > > > > [...] > > > I get the below exception : > > > > You're writing an XACML 1.x policy, which requires > > that you specify a > > Function Identifier in the Condition. You're > seeing > > an error because > > you're not specifying a Function in your > Condition. > > The examples that > > Anne provided use the XACML 2.0 syntax, in which > no > > Function is > > specified in the Condition. > > > > > > seth > > > > > --------------------------------------------------------------------- > > This publicly archived list supports open > discussion > > on using the > > XACML OASIS Standard. To minimize spam in the > > archives, you > > must subscribe before posting. > > > > [Un]Subscribe/change address: > > http://www.oasis-open.org/mlmanage/ > > Alternately, using email: > > list-[un]subscribe@lists.oasis-open.org > > List archives: > > http://lists.oasis-open.org/archives/xacml-users/ > > Committee homepage: > > http://www.oasis-open.org/committees/xacml/ > > List Guidelines: > > http://www.oasis-open.org/maillists/guidelines.php > > Join OASIS: http://www.oasis-open.org/join/ > > > > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam > protection around > http://mail.yahoo.com > > --------------------------------------------------------------------- > This publicly archived list supports open discussion > on using the > XACML OASIS Standard. To minimize spam in the > archives, you > must subscribe before posting. > > [Un]Subscribe/change address: > http://www.oasis-open.org/mlmanage/ > Alternately, using email: > list-[un]subscribe@lists.oasis-open.org > List archives: > http://lists.oasis-open.org/archives/xacml-users/ > Committee homepage: > http://www.oasis-open.org/committees/xacml/ > List Guidelines: > http://www.oasis-open.org/maillists/guidelines.php > Join OASIS: http://www.oasis-open.org/join/ > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
<?xml version="1.0" encoding="UTF-8"?> <Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd" PolicyId="WCM-Release-Car_Policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides"> <Description> Sample tree : 180820 / \ 180821 180822 / \ 180823 180824 </Description> <!-- =============================================================================================== --> <Target> <Subjects> <AnySubject/> </Subjects> <Resources> <AnyResource/> </Resources> <Actions> <AnyAction/> </Actions> </Target> <!-- =============================================================================================== --> <Rule RuleId="WCMReleaseCarRule1" Effect="Permit"> <Target> <Subjects> <AnySubject/> </Subjects> <Resources> <AnyResource/> </Resources> <Actions> <AnyAction/> </Actions> </Target> <Condition> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:anyURI-is-in"> <SubjectAttributeDesignator AttributeId="subject-company" DataType="xs:anyURI"/> <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="xs:anyURI"/> </Apply> </Condition> </Rule> <!-- =============================================================================================== --> </Policy>
<?xml version="1.0" encoding="UTF-8"?> <Request xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd"> <Subject> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>xmic001</AttributeValue> </Attribute> <Attribute AttributeId="group" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>WCM-Release-Car</AttributeValue> <!-- User group from LDAP --> </Attribute> <Attribute AttributeId="subject-company" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> <AttributeValue>18021</AttributeValue> <!-- Top level company that this belongs to from LDAP --> </Attribute> </Subject> <Resource> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> <AttributeValue>180822</AttributeValue> <!-- Company to be read --> </Attribute> </Resource> <Action> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>ReleaseCar</AttributeValue> </Attribute> </Action> </Request>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]