Ich verwende XACML 3.0 mit Balana in meiner Java-Anwendung. MY XML-Schema wie folgt definiert ist:Wie kann ich mehrere Attributwerte in meinem Obligation-Ausdruck mit XACML zurückgeben?
<record>
<proposal>
<proposalid></proposalid>
<proposaltitle></proposaltitle>
<pi>
<fullname></fullname>
<workemail></workemail>
<userid></userid>
</pi>
<copis>
<copi>
<fullname></fullname>
<workemail></workemail>
<userid></userid>
</copi>
<copi>
<fullname></fullname>
<workemail></workemail>
<userid></userid>
</copi>
<copi>
<firstname></firstname>
<lastname></lastname>
<workemail></workemail>
<userid></userid>
</copi>
</copis>
</proposal>
</record>
Meine Anwendung auf die PEP XACML Anfrage senden wie folgt:
<Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:proposal.role" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">PI</AttributeValue>
</Attribute>
</Attributes>
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
<Content>
<ak:record xmlns:ak="http://akpower.org">
<ak:proposal>
<ak:proposalid>5702a60865dbb30b09a492cf</ak:proposalid>
<ak:proposaltitle>Proposal 11</ak:proposaltitle>
<ak:authorprofile>
<ak:fullname>Milson Munakami</ak:fullname>
</ak:authorprofile>
<ak:pi>
<ak:fullname>Milson Munakami</ak:fullname>
<ak:workemail>[email protected]</ak:workemail>
<ak:userid>56fee3e965dbb35ce5c900fa</ak:userid>
</ak:pi>
<ak:copis>
<ak:copi>
<ak:fullname>PS Wang</ak:fullname>
<ak:workemail>[email protected]</ak:workemail>
<ak:userid>56fee3e965dbb35ce5c900fx</ak:userid>
</ak:copi>
<ak:copi>
<ak:fullname>Thomas Voltz</ak:fullname>
<ak:workemail>[email protected]</ak:workemail>
<ak:userid>56fee3e965dbb35ce5c900fx</ak:userid>
</ak:copi>
</ak:copis>
</ak:proposal>
</ak:record>
</Content>
<Attribute AttributeId="urn:oasis:names:tc:xacml:3.0:content-selector" IncludeInResult="false">
<AttributeValue XPathCategory="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="urn:oasis:names:tc:xacml:3.0:data-type:xpathExpression">//ak:record/ak:proposal</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:DeletedByPI" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">NOTDELETED</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:proposal.section" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Whole Proposal</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:SubmittedByPI" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">NOTSUBMITTED</AttributeValue>
</Attribute>
</Attributes>
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:proposal.action" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Save</AttributeValue>
</Attribute>
</Attributes>
</Request>
In meiner Richtlinienregel ich habe:
<ObligationExpressions>
<ObligationExpression ObligationId="sendEmail" FulfillOn="Permit">
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:3.0:example:attribute:text">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Your proposal has been updated. As soon as possible please review your proposal for any unwanted changes</AttributeValue>
</AttributeAssignmentExpression>
<AttributeAssignmentExpression AttributeId="piEmail">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
<AttributeSelector MustBePresent="false"
ContextSelectorId="urn:oasis:names:tc:xacml:3.0:content-selector"
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
Path="//ak:pi/ak:workemail/text()" DataType="http://www.w3.org/2001/XMLSchema#string" />
</Apply>
</AttributeAssignmentExpression>
<AttributeAssignmentExpression AttributeId="piFullName">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
<AttributeSelector MustBePresent="false"
ContextSelectorId="urn:oasis:names:tc:xacml:3.0:content-selector"
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
Path="//ak:pi/ak:fullname/text()" DataType="http://www.w3.org/2001/XMLSchema#string" />
</Apply>
</AttributeAssignmentExpression>
<AttributeAssignmentExpression AttributeId="coPisEmail">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
<AttributeSelector MustBePresent="false"
ContextSelectorId="urn:oasis:names:tc:xacml:3.0:content-selector"
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
Path="//ak:copis/ak:copi/ak:workemail/text()" DataType="http://www.w3.org/2001/XMLSchema#string" />
</Apply>
</AttributeAssignmentExpression>
<AttributeAssignmentExpression AttributeId="coPisFullName">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
<AttributeSelector MustBePresent="false"
ContextSelectorId="urn:oasis:names:tc:xacml:3.0:content-selector"
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
Path="//ak:copis/ak:copi/ak:fullname/text()" DataType="http://www.w3.org/2001/XMLSchema#string" />
</Apply>
</AttributeAssignmentExpression>
</ObligationExpression>
</ObligationExpressions>
Meine Antwort ist wie folgt:
<Response xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
<Result>
<Decision>Permit</Decision>
<Status>
<StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
</Status>
<Obligations>
<Obligation ObligationId="sendEmail">
<AttributeAssignment AttributeId="urn:oasis:names:tc:xacml:3.0:example:attribute:text" DataType="http://www.w3.org/2001/XMLSchema#string">
Your proposal has been updated. As soon as possible please review your proposal for any unwanted changes
</AttributeAssignment>
<AttributeAssignment AttributeId="piEmail" DataType="http://www.w3.org/2001/XMLSchema#string">
[email protected]
</AttributeAssignment>
<AttributeAssignment AttributeId="piFullName" DataType="http://www.w3.org/2001/XMLSchema#string">
Milson Munakami
</AttributeAssignment>
</Obligation>
</Obligations>
</Result>
</Response>
Diese enthält keine Pflichtwerte für coPisEmail und coPisFullName. Ich bin mir auch nicht sicher, wie ich die Werte dieser dynamischen Attribute erfassen kann. Wie kann ich diese Werte in meiner Anwendung verwenden? Wird beispielsweise nur ein Wert mit allen E-Mails und vollständigen Namen zurückgegeben oder einzelne Werte in einer separaten Antwort zurückgegeben? Ich denke, dass ich etwas in fucntion bin fehlt hier:
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:**function:string-one-and-only**">
<AttributeSelector MustBePresent="false"
ContextSelectorId="urn:oasis:names:tc:xacml:3.0**:content-selector**"
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
Path="//ak:pi/ak:workemail/text()" DataType="http://www.w3.org/2001/XMLSchema#string" />
</Apply>
Ich reparierte es folgende AttributeExpression mit: AttributeAssignmentExpression> –
Milson