Hi,
Policy file is attached. It has been directly downloaded form
[1]<http://wso2.org/library/articles/2010/10/using-xacml-fine-grained-authorization-wso2-platform>OT
article.
Thanks
AndunSLG
[1] -
http://wso2.org/library/articles/2010/10/using-xacml-fine-grained-authorization-wso2-platform
On Wed, Jul 11, 2012 at 7:15 PM, Johann Nallathamby <joh...@wso2.com> wrote:
> Hi Andun,
>
> Can you please attach your XACML policy file to this thread to be verified.
>
> Johann.
>
> On Wed, Jul 11, 2012 at 6:55 PM, Andun Gunawardena <an...@wso2.com> wrote:
>
>> Hi All,
>>
>> When I tried to import a Valid XACML Policy to IS, in the
>> console following error is show. Please look in to that.
>>
>> Thanks
>> AndunSLG
>>
>> [2012-07-11 18:51:20,989] INFO
>> {org.wso2.carbon.identity.entitlement.EntitlementUtil} - XML validation
>> failed :cvc-complex-type.2.4.a: Invalid content was found starting with
>> element 'AnySubject'. One of
>> '{"urn:oasis:names:tc:xacml:2.0:policy:schema:os":Subject}' is expected.
>> [2012-07-11 18:51:20,990] ERROR
>> {org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver} - XML Validation
>> failed : cvc-complex-type.2.4.a: Invalid content was found starting with
>> element 'AnySubject'. One of
>> '{"urn:oasis:names:tc:xacml:2.0:policy:schema:os":Subject}' is expected.
>> org.wso2.carbon.identity.base.IdentityException: XML Validation failed :
>> cvc-complex-type.2.4.a: Invalid content was found starting with element
>> 'AnySubject'. One of
>> '{"urn:oasis:names:tc:xacml:2.0:policy:schema:os":Subject}' is expected.
>> at
>> org.wso2.carbon.identity.entitlement.EntitlementUtil.validatePolicy(EntitlementUtil.java:441)
>> at
>> org.wso2.carbon.identity.entitlement.EntitlementPolicyAdminService.addPolicy(EntitlementPolicyAdminService.java:86)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:597)
>> at
>> org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:212)
>> at
>> org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver.invokeBusinessLogic(RPCInOnlyMessageReceiver.java:66)
>> at
>> org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:110)
>> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:181)
>> at
>> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
>> at
>> org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146)
>> at
>> org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:205)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
>> at
>> org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90)
>> at
>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111)
>> at
>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
>> at
>> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:45)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>> at
>> org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
>> at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
>> at
>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:140)
>> at
>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156)
>> at
>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
>> at
>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:49)
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
>> at
>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
>> at
>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579)
>> at
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653)
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
>> at java.lang.Thread.run(Thread.java:662)
>> [2012-07-11 18:51:20,999] ERROR
>> {org.wso2.carbon.identity.entitlement.ui.client.EntitlementPolicyAdminServiceClient}
>> - XML Validation failed : cvc-complex-type.2.4.a: Invalid content was
>> found starting with element 'AnySubject'. One of
>> '{"urn:oasis:names:tc:xacml:2.0:policy:schema:os":Subject}' is expected.
>> org.apache.axis2.AxisFault: XML Validation failed :
>> cvc-complex-type.2.4.a: Invalid content was found starting with element
>> 'AnySubject'. One of
>> '{"urn:oasis:names:tc:xacml:2.0:policy:schema:os":Subject}' is expected.
>> at
>> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531)
>> at
>> org.apache.axis2.description.RobustOutOnlyAxisOperation$RobustOutOnlyOperationClient.handleResponse(RobustOutOnlyAxisOperation.java:91)
>> at
>> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421)
>> at
>> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
>> at
>> org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
>> at
>> org.wso2.carbon.identity.entitlement.stub.EntitlementPolicyAdminServiceStub.addPolicy(EntitlementPolicyAdminServiceStub.java:1095)
>> at
>> org.wso2.carbon.identity.entitlement.ui.client.EntitlementPolicyAdminServiceClient.uploadPolicy(EntitlementPolicyAdminServiceClient.java:196)
>> at
>> org.wso2.carbon.identity.entitlement.ui.client.EntitlementPolicyUploadExecutor.execute(EntitlementPolicyUploadExecutor.java:86)
>> at
>> org.wso2.carbon.ui.transports.fileupload.AbstractFileUploadExecutor.executeGeneric(AbstractFileUploadExecutor.java:107)
>> at
>> org.wso2.carbon.ui.transports.fileupload.FileUploadExecutorManager$CarbonXmlFileUploadExecHandler.execute(FileUploadExecutorManager.java:392)
>> at
>> org.wso2.carbon.ui.transports.fileupload.FileUploadExecutorManager$FileUploadExecutionHandlerManager.startExec(FileUploadExecutorManager.java:276)
>> at
>> org.wso2.carbon.ui.transports.fileupload.FileUploadExecutorManager.execute(FileUploadExecutorManager.java:125)
>> at
>> org.wso2.carbon.ui.transports.FileUploadServlet.doPost(FileUploadServlet.java:57)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
>> at
>> org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:36)
>> at
>> org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90)
>> at
>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111)
>> at
>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
>> at
>> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:45)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>> at
>> org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
>> at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
>> at
>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:140)
>> at
>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156)
>> at
>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
>> at
>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:49)
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
>> at
>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
>> at
>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579)
>> at
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653)
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
>> at java.lang.Thread.run(Thread.java:662)
>> [2012-07-11 18:51:21,012] ERROR
>> {org.wso2.carbon.ui.transports.fileupload.AbstractFileUploadExecutor} -
>> Policy uploading failed. XML Validation failed : cvc-complex-type.2.4.a:
>> Invalid content was found starting with element 'AnySubject'. One of
>> '{"urn:oasis:names:tc:xacml:2.0:policy:schema:os":Subject}' is expected.
>>
>>
>>
>
<Policy PolicyId="urn:sample:xacml:2.0:samplepolicy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os">
<Description>Sample XACML Authorization Policy</Description>
<Target>
<Subjects>
<AnySubject/>
</Subjects>
<Actions>
<AnyAction/>
</Actions>
<Resources>
<Resource>
<ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>http://localhost:8280/services/echo/echoString</AttributeValue>
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string"/>
</ResourceMatch>
</Resource>
</Resources>
</Target>
<Rule Effect="Permit" RuleId="primary-group-rule">
<Target>
<Subjects>
<AnySubject/>
</Subjects>
<Resources>
<AnyResource/>
</Resources>
<Actions>
<Action>
<ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue>
<ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string"/>
</ActionMatch>
</Action>
</Actions>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
<Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>admin</AttributeValue>
<SubjectAttributeDesignator AttributeId="http://wso2.org/claims/role"; DataType="http://www.w3.org/2001/XMLSchema#string"/>
</Apply>
</Condition>
</Rule>
<Rule Effect="Deny" RuleId="deny-rule"/>
</Policy>_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
