如何将 XACML 规则应用于每个子 URI?
我正在使用 XACML 策略,并且有一个包含类似于以下内容的资源目标的规则:
<Resources>
<Resource>
<ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">/MyDirectory</AttributeValue>
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
</ResourceMatch>
</Resource>
</Resources>
我希望此规则应用于 /Mydirectory 的所有子目录。但是,如果我要使用资源 /MyDirectory/MySubdirectory 评估请求,我将收到 DECISION_NOT_APPLICABLE (3) 响应。
是否有 XQuery 函数允许我将规则应用于单个目录的所有子目录?
I'm working with XACML policies and I have a rule that includes a resource target similar to the following:
<Resources>
<Resource>
<ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">/MyDirectory</AttributeValue>
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
</ResourceMatch>
</Resource>
</Resources>
I want this rule to apply to all subdirectories of /Mydirectory. However, if I were to evaluate a request with the resource /MyDirectory/MySubdirectory, I would get a DECISION_NOT_APPLICABLE (3) response.
Is there an XQuery function that would allow me to apply a rule to all subdirectories of a single directory?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可以使用 urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match 并将 AttributeValue 定义为正则表达式。
You may use urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match and define the AttributeValue as a regular expression..