[jboss-user] [Security & JAAS/JBoss] - Re: JBossXACML: Bug in HigherOrderFunction Class of sun's XA

joergw do-not-reply at jboss.com
Tue Mar 24 05:39:37 EDT 2009


Hi Anil,

The issue can be reproduced using "anyURI-regexp-match" inside an "any-of" function. In that case the following fix in HigherOrderFunction of the original sunxacml implementation is needed: http://sunxacml.svn.sourceforge.net/viewvc/sunxacml/trunk/sunxacml/com/sun/xacml/cond/HigherOrderFunction.java?r1=112&r2=114.

The following condition cannot be evaluated:
...
  | <Condition>
  |     <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
  |         <Function FunctionId="urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match"/>
  |         <AttributeValue 
  |             DataType="http://www.w3.org/2001/XMLSchema#string">.*100101</AttributeValue>
  |         <SubjectAttributeDesignator 
  |             DataType="http://www.w3.org/2001/XMLSchema#anyURI" 
  |             AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"/>
  |     </Apply>
  | </Condition>
  | ...

I'll send you an email with a policy and a request to reproduce this issue. It is still present in 2.0.3.CR3-SNAPSHOT.

Regards, Joerg

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4220507#4220507

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4220507



More information about the jboss-user mailing list