问题描述

我正在使用 XACML 策略，并且我有一个规则，其中包含类似于以下内容的资源目标:

I'm working with XACML policies and I have a rule that includes a resource target similar to the following:

    <Resources>
      <Resource>
        <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
          <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">/MyDirectory</AttributeValue>
          <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
        </ResourceMatch>
      </Resource>
    </Resources>

我希望此规则适用于 /Mydirectory 的所有子目录.但是，如果我要使用资源 /MyDirectory/MySubdirectory 评估请求，我会得到 DECISION_NOT_APPLICABLE (3) 响应.

I want this rule to apply to all subdirectories of /Mydirectory. However, if I were to evaluate a request with the resource /MyDirectory/MySubdirectory, I would get a DECISION_NOT_APPLICABLE (3) response.

是否有 XQuery 函数允许我将规则应用于单个目录的所有子目录?

Is there an XQuery function that would allow me to apply a rule to all subdirectories of a single directory?

推荐答案

您可以使用 urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match 并将 AttributeValue 定义为正则表达式..

You may use urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match and define the AttributeValue as a regular expression..

<Resources>
      <Resource>
        <ResourceMatch MatchId="urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match">
          <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">^/MyDirectory/</AttributeValue>
          <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
        </ResourceMatch>
      </Resource>
</Resources>

这篇关于如何将 XACML 规则应用于每个子 URI?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！