Hi, One snag I've hit with FeSL is getting it to include values from the RELS-EXT datastream of an object for use in evaluation. I've added them to the config-attribute-finder.xml, and pointed the resolver url in that file to the risearch. The attributes are loaded:
INFO 2010-11-10 19:58:53.654 [ajp-8009-1] (AttributeFinderConfigUtil) Loading attribute finder config file: /opt/repository/fedora/pdp/conf/config-attribute-finder.xml INFO 2010-11-10 19:58:53.657 [ajp-8009-1] (FedoraRIAttributeFinder) Initialised AttributeFinder:org.fcrepo.server.security.xacml.pdp.finder.attribute.FedoraRIAttributeFinder DEBUG 2010-11-10 19:58:53.657 [ajp-8009-1] (FedoraRIAttributeFinder) registering the following attributes: DEBUG 2010-11-10 19:58:53.657 [ajp-8009-1] (FedoraRIAttributeFinder) 1: http://cdr.unc.edu/definitions/1.0/base-model.xml#permitFilesAccess DEBUG 2010-11-10 19:58:53.657 [ajp-8009-1] (FedoraRIAttributeFinder) 1: info:fedora/fedora-system:def/model#ownerId DEBUG 2010-11-10 19:58:53.657 [ajp-8009-1] (FedoraRIAttributeFinder) 1: http://www.w3.org/1999/02/22-rdf-syntax-ns#type DEBUG 2010-11-10 19:58:53.657 [ajp-8009-1] (FedoraRIAttributeFinder) 1: info:fedora/fedora-system:def/model#createdDate DEBUG 2010-11-10 19:58:53.657 [ajp-8009-1] (FedoraRIAttributeFinder) 1: http://cdr.unc.edu/definitions/1.0/base-model.xml#permitRecordAccess DEBUG 2010-11-10 19:58:53.657 [ajp-8009-1] (FedoraRIAttributeFinder) 1: http://cdr.unc.edu/definitions/1.0/base-model.xml#permitUpdate DEBUG 2010-11-10 19:58:53.657 [ajp-8009-1] (FedoraRIAttributeFinder) 1: info:fedora/fedora-system:def/view#mimeType DEBUG 2010-11-10 19:58:53.657 [ajp-8009-1] (FedoraRIAttributeFinder) 1: http://cdr.unc.edu/definitions/1.0/base-model.xml#inheritPermissions DEBUG 2010-11-10 19:58:53.657 [ajp-8009-1] (FedoraRIAttributeFinder) 1: info:fedora/fedora-system:def/model#label DEBUG 2010-11-10 19:58:53.657 [ajp-8009-1] (FedoraRIAttributeFinder) 1: info:fedora/fedora-system:def/model#state but all it seems to do is: DEBUG 2010-11-10 20:00:22.727 [ajp-8009-1] (FedoraRIAttributeFinder) RIAttributeFinder: [http://www.w3.org/2001/XMLSchema#string] urn:fedora:names:fedora:2.1:resource:datastream:id, rid=/uuid:716359e3-7be6-4a84-b123-02c4818ba07e DEBUG 2010-11-10 20:00:22.727 [ajp-8009-1] (FedoraRIAttributeFinder) Does not know about attribute: urn:fedora:names:fedora:2.1:resource:datastream:id It never loads the relevant attribute when specified in a policy: <Policy PolicyId="test-access-policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides" xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-policy-schema-os.xsd urn:oasis:names:tc:xacml:2.0:context:schema:os http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-context-schema-os.xsd";> <Description>test some access control code/policy ideas</Description> <Target> <Subjects> <Subject> <SubjectMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>all</AttributeValue> <SubjectAttributeDesignator AttributeId="urn:fedora:names:fedora:2.1:subject:role" DataType="http://www.w3.org/2001/XMLSchema#string"/> </SubjectMatch> </Subject> </Subjects> <Resources> <Resource> <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://cdr.unc.edu/definitions/1.0/base-model.xml#all</AttributeValue> <ResourceAttributeDesignator AttributeId="http://cdr.unc.edu/definitions/1.0/base-model.xml#permitRecordAccess"; DataType="http://www.w3.org/2001/XMLSchema#anyURI"/> </ResourceMatch> </Resource> </Resources> <Actions> <Action> <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> <ActionAttributeDesignator AttributeId="urn:fedora:names:fedora:2.1:action:id" DataType="http://www.w3.org/2001/XMLSchema#string"/> </ActionMatch> </Action> </Actions> </Target> <Rule Effect="Permit" RuleId="au:edu:mq:melcoe:ramp:fedora:xacml:2.0:rule:generic-permit"/> </Policy> Any suggestions welcome. Thanks, Steve ------------------------------------------------------------------------------ Centralized Desktop Delivery: Dell and VMware Reference Architecture Simplifying enterprise desktop deployment and management using Dell EqualLogic storage and VMware View: A highly scalable, end-to-end client virtualization framework. Read more! http://p.sf.net/sfu/dell-eql-dev2dev _______________________________________________ Fedora-commons-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
