[jboss-user] [Security & JAAS/JBoss] - Re: JBossXACML: Bug in HigherOrderFunction Class of sun's XA
joergw
do-not-reply at jboss.com
Tue Mar 24 05:39:37 EDT 2009
Hi Anil,
The issue can be reproduced using "anyURI-regexp-match" inside an "any-of" function. In that case the following fix in HigherOrderFunction of the original sunxacml implementation is needed: http://sunxacml.svn.sourceforge.net/viewvc/sunxacml/trunk/sunxacml/com/sun/xacml/cond/HigherOrderFunction.java?r1=112&r2=114.
The following condition cannot be evaluated:
...
| <Condition>
| <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
| <Function FunctionId="urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match"/>
| <AttributeValue
| DataType="http://www.w3.org/2001/XMLSchema#string">.*100101</AttributeValue>
| <SubjectAttributeDesignator
| DataType="http://www.w3.org/2001/XMLSchema#anyURI"
| AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"/>
| </Apply>
| </Condition>
| ...
I'll send you an email with a policy and a request to reproduce this issue. It is still present in 2.0.3.CR3-SNAPSHOT.
Regards, Joerg
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4220507#4220507
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4220507
More information about the jboss-user
mailing list