当前位置: 动力学知识库 > 问答 > 编程问答 >

authorization - Can we have multiple actions in a single XACML request, if yes how?

问题描述:

Consider I am having following sample xacml request. How can i modify the same to evaluate on multiple decisions on multiple actions.

<Request xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"

CombinedDecision="false" ReturnPolicyIdList="false">

<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">

<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"

IncludeInResult="false">

<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Resource</AttributeValue>

</Attribute>

</Attributes>

<Attributes

Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">

<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"

IncludeInResult="false">

<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Subject</AttributeValue>

</Attribute>

</Attributes>

<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">

<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"

IncludeInResult="true">

<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Action</AttributeValue>

</Attribute>

</Attributes>

网友答案:

Yes of course, this is a textbook of using Multiple Decision requests as defined in the XACML v3.0 Multiple Decision Profile Version 1.0 (standard | blog post).

All you need to do is repeat the Action category several times (the <Attributes/> element) i.e. repeat this entire element:

   <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" >
      <xacml-ctx:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="true">
         <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">View</xacml-ctx:AttributeValue>
      </xacml-ctx:Attribute>
   </xacml-ctx:Attributes>

And just change the attributes inside i.e. add/remove as many <Attribute/> elements inside as you like.

<xacml-ctx:Request ReturnPolicyIdList="false" CombinedDecision="false" xmlns:xacml-ctx="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
   <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" >
      <xacml-ctx:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="true">
         <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Edit</xacml-ctx:AttributeValue>
      </xacml-ctx:Attribute>
   </xacml-ctx:Attributes>
   <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" >
      <xacml-ctx:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" IncludeInResult="true">
         <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Alice</xacml-ctx:AttributeValue>
      </xacml-ctx:Attribute>
   </xacml-ctx:Attributes>
   <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" >
      <xacml-ctx:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="true">
         <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">View</xacml-ctx:AttributeValue>
      </xacml-ctx:Attribute>
   </xacml-ctx:Attributes>
   <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" >
      <xacml-ctx:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" IncludeInResult="false">
         <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Resource</xacml-ctx:AttributeValue>
      </xacml-ctx:Attribute>
   </xacml-ctx:Attributes>
</xacml-ctx:Request>

In the Axiomatics Policy Administration Point, this is what it looks like:

分享给朋友:
您可能感兴趣的文章:
随机阅读: