如何在 XACML 中添加字符串/URI 匹配
[英]How to add string/URI matching in XACML
问题描述
I am trying to learn XACML.
我正在尝试学习 XACML。 I was trying to implement PDP and was trying to fiddle with policy我试图实施 PDP 并试图摆弄政策
<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA1:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0">
<Description>
Policy for Test IIA001.
</Description>
<Target/>
<Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA1:rule">
<Description>
Can Teacher Read record from Faculty Service
</Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TEACHER</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Match>
</AllOf>
</AnyOf>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://localhost:8765/faculty/</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#anyURI" MustBePresent="false"/>
</Match>
</AllOf>
</AnyOf>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Match>
</AllOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Match>
</AllOf>
</AnyOf>
</Target>
</Rule>
</Policy>
I want to change to something like regular expression which will accept http://localhost:8765/faculty/ * or contains http://localhost:8765/faculty我想更改为类似正则表达式的内容,它将接受http://localhost:8765/faculty/ * 或包含http://localhost:8765/faculty
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://localhost:8765/faculty/</AttributeValue>```
1 个解决方案
解决方案1
1 已采纳 2020-05-18 11:28:06
You can use the anyURI-regexp-match or the anyURI-contains , or - even better - the anyURI-starts-with functions (see the links for the exact function identifiers).您可以使用anyURI-regexp-match或anyURI-contains ,或者 - 甚至更好 - anyURI-starts-with函数(有关确切的 function 标识符,请参阅链接)。
In general, all standard functions are specified in appendix A.3 of the XACML 3.0 standard , then each XACML implementation may add functions of their own and/or enable you to plug in your own, in which case it depends on which implementation you use.一般来说,所有标准功能都在XACML 3.0 标准的附录 A.3中指定,然后每个 XACML 实现都可以添加自己的功能和/或允许您插入自己的功能,在这种情况下,这取决于您使用的实现.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.