uploading xacml policy not working

0
votes

I try to run the following XACML policy containing XPath function:

<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
        xmlns:xacml="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="sample-xpath-policy-1"
        RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"
        Version="1.0">
    <Description>Sample XPath policy. XPath evaluation is done with respect to content element
        and check for a matching value. Here content element has been not bounded with custom namespace and prefix
        So default XACML namespace has been inherited to content element.
    You can use sample requests from request_0008_01.xml to request_0008_03.xml  evaluate this policy using Try-it tool in management console.
        Requests can be found here [1] https://svn.wso2.org/repos/wso2/trunk/commons/balana/modules/balana-core/src/test/resources/basic/3/requests
    </Description>
    <PolicyDefaults>
        <XPathVersion>http://www.w3.org/TR/1999/REC-xpath-19991116</XPathVersion>
    </PolicyDefaults>
    <Target>
        <AnyOf>
            <AllOf>
                <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
                    <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
                    <AttributeDesignator MustBePresent="false"
                                         Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
                                         AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
                                         DataType="http://www.w3.org/2001/XMLSchema#string"/>
                </Match>
            </AllOf>
        </AnyOf>
    </Target>
    <Rule RuleId="rule1" Effect="Permit">
    <Description>Rule to match value in content element using XPath</Description>
        <Condition>
            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
                <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
                <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
                    <AttributeDesignator
                            Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
                            AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
                            DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
                </Apply>
                <AttributeSelector MustBePresent="false"
                                     Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
                                     Path="//xacml:record/xacml:patient/xacml:patientId/text()"
                                     DataType="http://www.w3.org/2001/XMLSchema#string"/>
            </Apply>
        </Condition>
    </Rule>
    <Rule RuleId="rule2" Effect="Deny">
        <Description>Deny rule</Description>
    </Rule>
</Policy>

But I can't upload it in my WSO2 identity server 4.5

This is the message returned by the server:

Policy uploading failed. Exception occurred while trying to invoke service method addPolicy

Please can you help me to fix the problem

This is the content of the log when I try to upload the policy

TID[-1234] [IS] [2013-11-17 15:58:10,578] ERROR {org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver} - Exception occurred while trying to invoke service method addPolicy org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:296) org.apache.axiom.om.impl.llom.OMElementImpl.buildNext(OMElementImpl.java:653) org.apache.axiom.om.impl.llom.OMElementImpl.getFirstOMChild(OMElementImpl.java:670) org.apache.axiom.om.impl.llom.OMElementImpl.getText(OMElementImpl.java:781) org.apache.axis2.databinding.typemapping.SimpleTypeMapper.getSimpleTypeObject(SimpleTypeMapper.java:77) org.apache.axis2.databinding.utils.BeanUtil.deserialize(BeanUtil.java:457) org.apache.axis2.databinding.utils.BeanUtil.processObject(BeanUtil.java:827) org.apache.axis2.databinding.utils.BeanUtil.ProcessElement(BeanUtil.java:746) org.apache.axis2.databinding.utils.BeanUtil.deserialize(BeanUtil.java:655) org.apache.axis2.rpc.receivers.RPCUtil.processRequest(RPCUtil.java:153) org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:206) org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver.invokeBusinessLogic(RPCInOnlyMessageReceiver.java:66) org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:110) org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:169) org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:82) org.wso2.carbon.core.transports.local.CarbonLocalTransportSender.finalizeSendWithToAddress(CarbonLocalTransportSender.java:45) org.apache.axis2.transport.local.LocalTransportSender.invoke(LocalTransportSender.java:77) org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442) org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:398) org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:224) org.apache.axis2.client.OperationClient.execute(OperationClient.java:149) org.wso2.carbon.identity.entitlement.stub.EntitlementPolicyAdminServiceStub.addPolicy(EntitlementPolicyAdminServiceStub.java:1320) org.wso2.carbon.identity.entitlement.ui.client.EntitlementPolicyAdminServiceClient.uploadPolicy(EntitlementPolicyAdminServiceClient.java:242) org.wso2.carbon.identity.entitlement.ui.client.EntitlementPolicyUploadExecutor.execute(EntitlementPolicyUploadExecutor.java:86) org.wso2.carbon.ui.transports.fileupload.AbstractFileUploadExecutor.executeGeneric(AbstractFileUploadExecutor.java:104) org.wso2.carbon.ui.transports.fileupload.FileUploadExecutorManager$CarbonXmlFileUploadExecHandler.execute(FileUploadExecutorManager.java:392) org.wso2.carbon.ui.transports.fileupload.FileUploadExecutorManager$FileUploadExecutionHandlerManager.startExec(FileUploadExecutorManager.java:276) org.wso2.carbon.ui.transports.fileupload.FileUploadExecutorManager.execute(FileUploadExecutorManager.java:125) org.wso2.carbon.ui.transports.FileUploadServlet.doPost(FileUploadServlet.java:57) javax.servlet.http.HttpServlet.service(HttpServlet.java:755) javax.servlet.http.HttpServlet.service(HttpServlet.java:848) org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37) org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68) javax.servlet.http.HttpServlet.service(HttpServlet.java:848) org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61) org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178) org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56) org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141) org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156) org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936) org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52) org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004) org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653) java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) java.lang.Thread.run(Thread.java:662) TID[-1234] [IS] [2013-11-17 15:58:10,640] ERROR {org.wso2.carbon.ui.transports.fileupload.AbstractFileUploadExecutor} - Policy uploading failed. Exception occurred while trying to invoke service method addPolicy

1
xpathwso2isxacml
I have no clue about the WSO2 Identity Server, but I doubt anyone will be able to help you with this error message, because it basically says nothing. I guess there is a method to get a more verbose message or some more information in the logs.dirkk

1 Answers

0
votes

What is Identity Server version that you are using? 4.5.0 ? I guess, you tired to use "Write Policy in XML" option to add this policy in to WSO2IS 4.5.0. There is a known issue with "Write Policy in XML" in 450 version. Therefore you can copy this policy in to a file and you can upload the file in to the WSO2IS. I have already tired out your policy with 45o and it can be uploaded as file.