4:46 p.m.
BasicEvaluationCtx: relax the resource-id requirements
------------------------------------------------------
Key: SECURITY-162
URL: http://jira.jboss.com/jira/browse/SECURITY-162
Project: JBoss Security and Identity Management
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: jboss-sunxacml
Affects Versions: 2.0.2-BETA6
Reporter: Anil Saldhana
Assigned To: Anil Saldhana
Fix For: 2.0.2.GA
As per the context request schema:
===========
<xs:element name="Resource" type="xacml-context:ResourceType"/>
<xs:complexType name="ResourceType">
<xs:sequence>
<xs:element ref="xacml-context:ResourceContent"
minOccurs="0"/>
<xs:element ref="xacml-context:Attribute" minOccurs="0"
maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="ResourceContent"
type="xacml-context:ResourceContentType"/>
<xs:complexType name="ResourceContentType" mixed="true">
<xs:sequence>
<xs:any namespace="##any" processContents="lax"
minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:complexType>
=================
there is no requirement for a resource id to exist.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
12:58 p.m.
New subject: [JBoss JIRA] Closed: (SECURITY-162) BasicEvaluationCtx: relax the resource-id requirements
[ http://jira.jboss.com/jira/browse/SECURITY-162?page=all ]
Anil Saldhana closed SECURITY-162.
----------------------------------
Resolution: Done
BasicEvaluationCtx: relax the resource-id requirements
------------------------------------------------------
Key: SECURITY-162
URL: http://jira.jboss.com/jira/browse/SECURITY-162
Project: JBoss Security and Identity Management
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: jboss-sunxacml
Affects Versions: 2.0.2-BETA6
Reporter: Anil Saldhana
Assigned To: Anil Saldhana
Fix For: 2.0.2.GA
As per the context request schema:
===========
<xs:element name="Resource"
type="xacml-context:ResourceType"/>
<xs:complexType name="ResourceType">
<xs:sequence>
<xs:element ref="xacml-context:ResourceContent"
minOccurs="0"/>
<xs:element ref="xacml-context:Attribute" minOccurs="0"
maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="ResourceContent"
type="xacml-context:ResourceContentType"/>
<xs:complexType name="ResourceContentType" mixed="true">
<xs:sequence>
<xs:any namespace="##any" processContents="lax"
minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:complexType>
=================
there is no requirement for a resource id to exist.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
1:51 p.m.
New subject: [JBoss JIRA] Commented: (SECURITY-162) BasicEvaluationCtx: relax the resource-id requirements
[ http://jira.jboss.com/jira/browse/SECURITY-162?page=comments#action_12406289 ]
Marcus Moyses commented on SECURITY-162:
----------------------------------------
From the spec:
==============
B.6. Resource attributes
These identifiers indicate attributes of the resource. The corresponding attributes MAY
appear in the <Resource> element of the request context and be accessed by means of
a <ResourceAttributeDesignator> element, or by an <AttributeSelector> element
that points into the <Resource> element of the request context.
This attribute identifies the resource to which access is requested. If an
<xacml-context:ResourceContent> element is provided, then the resource to which
access is requested SHALL be all or a portion of the resource supplied in the
<xacml-context:ResourceContent> element.
urn:oasis:names:tc:xacml:1.0:resource:resource-id
BasicEvaluationCtx: relax the resource-id requirements
------------------------------------------------------
Key: SECURITY-162
URL: http://jira.jboss.com/jira/browse/SECURITY-162
Project: JBoss Security and Identity Management
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: jboss-sunxacml
Affects Versions: 2.0.2-BETA6
Reporter: Anil Saldhana
Assigned To: Anil Saldhana
Fix For: 2.0.2.GA
As per the context request schema:
===========
<xs:element name="Resource"
type="xacml-context:ResourceType"/>
<xs:complexType name="ResourceType">
<xs:sequence>
<xs:element ref="xacml-context:ResourceContent"
minOccurs="0"/>
<xs:element ref="xacml-context:Attribute" minOccurs="0"
maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="ResourceContent"
type="xacml-context:ResourceContentType"/>
<xs:complexType name="ResourceContentType" mixed="true">
<xs:sequence>
<xs:any namespace="##any" processContents="lax"
minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:complexType>
=================
there is no requirement for a resource id to exist.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
6488
days inactive
6489
days old
2 comments
2 participants
participants (2)
-
Anil Saldhana (JIRA) -
Marcus Moyses (JIRA)