+ Dev On Fri, Sep 28, 2018 at 9:41 AM Rajith Siriwardena <[email protected]> wrote:
> Hi > > I'm getting the following error when I try to apply a regex function to an > XACML policy. > > Policy > > --------- > *<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" > PolicyId="authn_bank_admin_role_based_policy_template" > RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" > Version="1.0">* > * <Description>This policy is for role based authentication for > managers</Description>* > * <Target>* > * <AnyOf>* > * <AllOf>* > * <Match > MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">* > * <AttributeValue > DataType="http://www.w3.org/2001/XMLSchema#string > <http://www.w3.org/2001/XMLSchema#string>">saml2-web-app-dispatch.com > <http://saml2-web-app-dispatch.com></AttributeValue>* > * <AttributeDesignator > AttributeId="http://wso2.org/identity/sp/sp-name > <http://wso2.org/identity/sp/sp-name>" > Category="http://wso2.org/identity/sp <http://wso2.org/identity/sp>" > DataType="http://www.w3.org/2001/XMLSchema#string > <http://www.w3.org/2001/XMLSchema#string>" > MustBePresent="false"></AttributeDesignator>* > * </Match>* > * <Match > MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">* > * <AttributeValue > DataType="http://www.w3.org/2001/XMLSchema#string > <http://www.w3.org/2001/XMLSchema#string>">authenticate</AttributeValue>* > * <AttributeDesignator > AttributeId="http://wso2.org/identity/identity-action/action-name > <http://wso2.org/identity/identity-action/action-name>" > Category="http://wso2.org/identity/identity-action > <http://wso2.org/identity/identity-action>" > DataType="http://www.w3.org/2001/XMLSchema#string > <http://www.w3.org/2001/XMLSchema#string>" > MustBePresent="false"></AttributeDesignator>* > * </Match>* > * </AllOf>* > * </AnyOf>* > * </Target>* > * <Rule Effect="Permit" RuleId="permit_by_roles">* > * <Condition>* > * <Apply > FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">* > * <AttributeValue > DataType="http://www.w3.org/2001/XMLSchema#string > <http://www.w3.org/2001/XMLSchema#string>">{ ^manager_.*$ > }</AttributeValue>* > * <AttributeDesignator AttributeId="http://wso2.org/claims/role > <http://wso2.org/claims/role>" > Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" > DataType="http://www.w3.org/2001/XMLSchema#string > <http://www.w3.org/2001/XMLSchema#string>" > MustBePresent="true"></AttributeDesignator>* > * </Apply>* > * </Condition>* > * </Rule>* > * <Rule Effect="Deny" RuleId="deny_others"></Rule>* > *</Policy> * > > ---------- > > Error log > > [2018-09-28 09:32:20,260] ERROR > {org.wso2.carbon.identity.entitlement.pap.PAPPolicyReader} - Error while > parsing the policy > java.lang.IllegalArgumentException: illegal parameter > at org.wso2.balana.cond.FunctionBase.checkInputs(FunctionBase.java:380) > at org.wso2.balana.cond.Apply.<init>(Apply.java:89) > at org.wso2.balana.cond.Apply.getInstance(Apply.java:227) > at org.wso2.balana.cond.Apply.getInstance(Apply.java:188) > at > org.wso2.balana.cond.ExpressionHandler.parseExpression(ExpressionHandler.java:53) > at org.wso2.balana.cond.Condition.getInstance(Condition.java:177) > at org.wso2.balana.Rule.getInstance(Rule.java:237) > at org.wso2.balana.Policy.<init>(Policy.java:303) > at org.wso2.balana.Policy.getInstance(Policy.java:382) > at > org.wso2.carbon.identity.entitlement.pap.PAPPolicyReader.handleDocument(PAPPolicyReader.java:158) > at > org.wso2.carbon.identity.entitlement.pap.PAPPolicyReader.getPolicy(PAPPolicyReader.java:119) > at > org.wso2.carbon.identity.entitlement.EntitlementPolicyAdminService.addOrUpdatePolicy(EntitlementPolicyAdminService.java:741) > at > org.wso2.carbon.identity.entitlement.EntitlementPolicyAdminService.updatePolicy(EntitlementPolicyAdminService.java:170) > at sun.reflect.GeneratedMethodAccessor254.invoke(Unknown Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:212) > at > org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:117) > at > org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40) > at > org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:110) > at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) > at > org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:170) > at > org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:82) > at > org.wso2.carbon.core.transports.local.CarbonLocalTransportSender.finalizeSendWithToAddress(CarbonLocalTransportSender.java:45) > at > org.apache.axis2.transport.local.LocalTransportSender.invoke(LocalTransportSender.java:77) > at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442) > at > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:441) > at > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:227) > at > org.apache.axis2.client.OperationClient.execute(OperationClient.java:149) > at > org.wso2.carbon.identity.entitlement.stub.EntitlementPolicyAdminServiceStub.updatePolicy(EntitlementPolicyAdminServiceStub.java:1973) > at > org.wso2.carbon.identity.entitlement.ui.client.EntitlementPolicyAdminServiceClient.updatePolicy(EntitlementPolicyAdminServiceClient.java:210) > at > org.apache.jsp.entitlement.update_002dpolicy_002dsubmit_jsp._jspService(update_002dpolicy_002dsubmit_jsp.java:147) > at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:439) > at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395) > at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155) > at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at > org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37) > at > org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) > at > org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) > at > org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at > org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:743) > at > org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:603) > at > org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:542) > at > org.eclipse.equinox.http.servlet.internal.RequestDispatcherAdaptor.include(RequestDispatcherAdaptor.java:37) > at > org.eclipse.equinox.http.helper.ContextPathServletAdaptor$RequestDispatcherAdaptor.include(ContextPathServletAdaptor.java:369) > at > org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:905) > at > org.apache.jasper.runtime.PageContextImpl.doInclude(PageContextImpl.java:688) > at > org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:682) > at sun.reflect.GeneratedMethodAccessor121.invoke(Unknown Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.apache.tiles.jsp.context.JspUtil.doInclude(JspUtil.java:87) > at > org.apache.tiles.jsp.context.JspTilesRequestContext.include(JspTilesRequestContext.java:88) > at > org.apache.tiles.jsp.context.JspTilesRequestContext.dispatch(JspTilesRequestContext.java:82) > at > org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:465) > at > org.apache.tiles.jsp.taglib.InsertAttributeTag.render(InsertAttributeTag.java:140) > at > org.apache.tiles.jsp.taglib.InsertAttributeTag.render(InsertAttributeTag.java:117) > at > org.apache.tiles.jsp.taglib.RenderTagSupport.execute(RenderTagSupport.java:171) > at > org.apache.tiles.jsp.taglib.RoleSecurityTagSupport.doEndTag(RoleSecurityTagSupport.java:75) > at > org.apache.tiles.jsp.taglib.ContainerTagSupport.doEndTag(ContainerTagSupport.java:80) > at > org.apache.jsp.admin.layout.template_jsp._jspx_meth_tiles_005finsertAttribute_005f7(template_jsp.java:733) > at > org.apache.jsp.admin.layout.template_jsp._jspService(template_jsp.java:396) > at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:439) > at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395) > at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155) > at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at > org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37) > at > org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) > at > org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) > at > org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at > org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:743) > at > org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485) > at > org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:410) > at > org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337) > at > org.eclipse.equinox.http.servlet.internal.RequestDispatcherAdaptor.forward(RequestDispatcherAdaptor.java:30) > at > org.eclipse.equinox.http.helper.ContextPathServletAdaptor$RequestDispatcherAdaptor.forward(ContextPathServletAdaptor.java:362) > at > org.apache.tiles.servlet.context.ServletTilesRequestContext.forward(ServletTilesRequestContext.java:198) > at > org.apache.tiles.servlet.context.ServletTilesRequestContext.dispatch(ServletTilesRequestContext.java:185) > at > org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:419) > at > org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:370) > at org.wso2.carbon.ui.action.ActionHelper.render(ActionHelper.java:52) > at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:101) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at > org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37) > at > org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) > at > org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) > at > org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at > org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:88) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:124) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:65) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:124) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) > at > org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:80) > at > org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:91) > at > org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:60) > at > org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) > at > org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) > at > org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) > at > org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) > at > org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) > at > org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962) > at > org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445) > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115) > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1775) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1734) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:748) > > > please let me know if I'm doing anything wrong here. > > -- > *Rajith Siriwardana* > WSO2 Inc. | http://wso2.com > *lean. enterprise. middleware* > > --------------------------------------------------- > *https://home.apache.org/~siriwardana > <https://home.apache.org/~siriwardana>* > > > > Disclaimer: This communication may contain privileged or other > confidential information and is intended exclusively for the addressee/s. > If you are not the intended recipient/s, or believe that you may have > received this communication in error, please reply to the sender indicating > that fact and delete the copy you received and in addition, you should not > print, copy, re-transmit, disseminate, or otherwise use the information > contained in this communication. Internet communications cannot be > guaranteed to be timely, secure, error or virus-free. The sender does not > accept liability for any errors or omissions. > -- *Rajith Siriwardana* WSO2 Inc. | http://wso2.com *lean. enterprise. middleware* --------------------------------------------------- *https://home.apache.org/~siriwardana <https://home.apache.org/~siriwardana>* Disclaimer: This communication may contain privileged or other confidential information and is intended exclusively for the addressee/s. If you are not the intended recipient/s, or believe that you may have received this communication in error, please reply to the sender indicating that fact and delete the copy you received and in addition, you should not print, copy, re-transmit, disseminate, or otherwise use the information contained in this communication. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
