Hi, I have the following policy that I am trying to use in a POLICY data stream.
<Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; PolicyId="MAF_WAF" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" xsi:schemaLocation="urn:oasis:names:tc:xacml:1.0:policy C:\development\repositories\fedora3.4\server\xsd\cs-xacml-schema-policy-01.xsd"> <Description>This is an object-specific policy.</Description> <Target> <Subjects> <AnySubject/> </Subjects> <Resources> <AnyResource/> </Resources> <Actions> <AnyAction/> </Actions> </Target> <Rule RuleId="1" Effect="Permit"> <Target> <Subjects> <AnySubject/> </Subjects> <Resources> <AnyResource/> </Resources> <Actions> <Action> <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org2001/XMLSchema#string";> urn:fedora:names:fedora:2.1:action:api-a </AttributeValue> <ActionAttributeDesignator AttributeId="urn:fedora:names:fedora:2.1:action:api" DataType="http://www.w3.org/2001/XMLSchema#string"/> </ActionMatch> </Action> </Actions> </Target> <Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of"> <SubjectAttributeDesignator AttributeId="urn:fedora:names:fedora:2.1:subject:loginId" MustBePresent="false" DataType="http://www.w3.org/2001/XMLSchema#string"/> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>fedoraAdmin</AttributeValue> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>ben</AttributeValue> </Apply> </Condition> </Rule> <Rule RuleId="2" Effect="Permit"> <Target> <Subjects> <AnySubject/> </Subjects> <Resources> <AnyResource/> </Resources> <Actions> <Action> <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org2001/XMLSchema#string";> urn:fedora:names:fedora:2.1:action:api-a </AttributeValue> <ActionAttributeDesignator AttributeId="urn:fedora:names:fedora:2.1:action:api" DataType="http://www.w3.org/2001/XMLSchema#string"/> </ActionMatch> </Action> </Actions> </Target> <Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of"> <SubjectAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string"; AttributeId="*memberOf*"/> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>MAF</AttributeValue> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>WAF</AttributeValue> </Apply> </Condition> </Rule> </Policy> That gives the following error when validating with the validate-policy.bat: org.fcrepo.server.errors.ValidationException: Policy invalid; failed parsing by Sun XACML implementation at org.fcrepo.server.security.PolicyParser.parse(PolicyParser.java:141) at org.fcrepo.server.security.PolicyParser.main(PolicyParser.java:193) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.fcrepo.server.utilities.rebuild.cli.CLILoader.main(CLILoader.java:77) Caused by: com.sun.xacml.ParsingException: Unknown Attribute Type at com.sun.xacml.TargetMatch.getInstance(TargetMatch.java:255) at com.sun.xacml.TargetMatchGroup.getInstance(TargetMatchGroup.java:115) at com.sun.xacml.TargetSection.getInstance(TargetSection.java:117) at com.sun.xacml.Target.getInstance(Target.java:192) at com.sun.xacml.Rule.getInstance(Rule.java:206) at com.sun.xacml.Policy.<init>(Policy.java:346) at com.sun.xacml.Policy.getInstance(Policy.java:431) at org.fcrepo.server.security.PolicyParser.parse(PolicyParser.java:132) ... 6 more Caused by: com.sun.xacml.UnknownIdentifierException: Attributes of type http://www.w3.org2001/XMLSchema#string aren't supported. at com.sun.xacml.attr.BaseAttributeFactory.createValue(BaseAttributeFactory.java:205) at com.sun.xacml.attr.BaseAttributeFactory.createValue(BaseAttributeFactory.java:157) at com.sun.xacml.TargetMatch.getInstance(TargetMatch.java:253) ... 13 more Can anyone help as this has stopped all further work until I can get policies working in object data streams. Regards, Ben --------------------------------------------------------------------- Dr Ben Ryan Timescapes Archive Technical Officer School of Sociology and Social Policy Faculty of Education, Social Sciences and Law Social Science Building The University of Leeds Leeds LS2 9JT Email: b.r...@leeds.ac.uk<mailto:b.r...@leeds.ac.uk> Tel: 0113 343 7319 Website: http://www.timescapes.leeds.ac.uk<http://www.timescapes.leeds.ac.uk/> --------------------------------------------------------------------- ------------------------------------------------------------------------------ EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
