-
1. Re: JBossXACML: Bug in HigherOrderFunction Class of sun's XA
anil.saldhana Mar 23, 2009 2:55 PM (in response to karink)Hi Karin,
I cannot reproduce the issue with a policy that I mashed up.
http://anonsvn.jboss.org/repos/jbossas/projects/security/security-xacml/trunk/jboss-sunxacml/src/test/resources/policies/function-match/function-match-policy-01.xml
I have been fixing bugs since 2.0.3.CR3. Not sure if that has any effect. Here is the latest snapshot.
http://snapshots.jboss.org/maven2/org/jboss/security/jbossxacml/2.0.3.CR3-SNAPSHOT/
Remember you need just one jbossxacml.jar (No need for jboss-xacml.jar and jboss-sunxacml.jar).
If you still have issues, you can email me your test policy (of course not the entire policy set collection) highlighting your problem.
Since I am currently participating in an xacml interoperability exercise, I will be making frequent CR releases. I plan to put out a CR4 release this week. JBossXACML2.0.3 version will arrive in April. -
2. Re: JBossXACML: Bug in HigherOrderFunction Class of sun's XA
joergw Mar 24, 2009 5:39 AM (in response to karink)Hi Anil,
The issue can be reproduced using "anyURI-regexp-match" inside an "any-of" function. In that case the following fix in HigherOrderFunction of the original sunxacml implementation is needed: http://sunxacml.svn.sourceforge.net/viewvc/sunxacml/trunk/sunxacml/com/sun/xacml/cond/HigherOrderFunction.java?r1=112&r2=114.
The following condition cannot be evaluated:... <Condition> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of"> <Function FunctionId="urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match"/> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">.*100101</AttributeValue> <SubjectAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#anyURI" AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"/> </Apply> </Condition> ...
I'll send you an email with a policy and a request to reproduce this issue. It is still present in 2.0.3.CR3-SNAPSHOT.
Regards, Joerg -
3. Re: JBossXACML: Bug in HigherOrderFunction Class of sun's XA
anil.saldhana Mar 24, 2009 12:00 PM (in response to karink)Thanks for the policy. I can reproduce the issue. I will upload a snapshot later in the day with the fix and the CR4 release will be tomorrow.
-
4. Re: JBossXACML: Bug in HigherOrderFunction Class of sun's XA
anil.saldhana Mar 24, 2009 1:47 PM (in response to karink)Please pick the March 24th snapshot from the location above.
The CR4 release tomorrow will contain it. -
5. Re: JBossXACML: Bug in HigherOrderFunction Class of sun's XA
joergw Mar 26, 2009 11:01 AM (in response to karink)Hi Anil,
I have tested jbossxacml-2.0.3.CR4.jar against our policies. Now our issue with HigherOrderFunction is solved!
Thanks a lot for your very fast reaction.
Best regards, Joerg