search

MitchellChu / enterprise-java-xacml

Automatically exported from code.google.com/p/enterprise-java-xacml
0 stars 2 forks source link

Exception is thrown when AttributeSelector returns multiple AttributeValues inside AttributeAssignment #76

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
The problem shows up when AttributeSelector or AttributeDesignator nested
insinde Obligation's AttributeAssignment returns more than one
AttributeValue. Following exception is thrown:

WARN  [http-8080-Processor25]    an.xacml.policy.AbstractPolicy:185     -
Error occurs while evaluate all child AttributeAssignments of Obligations.
an.xacml.IndeterminateException: The child expression returned more than
one AttributeValue.
        at an.xacml.policy.AttributeValue.evaluate(AttributeValue.java:130)
        at
an.xacml.policy.AttributeAssignment.evaluate(AttributeAssignment.java:44)
        at
an.xacml.policy.Obligations.evaluateAllChildAttributeAssigments(Obligations.java
:96)
        at
an.xacml.policy.AbstractPolicy.appendPolicyObligationsToResult(AbstractPolicy.ja
va:179)
        at an.xacml.policy.Policy.evaluate(Policy.java:87)
        at
an.xacml.policy.function.CombiningAlgorithms.policyDenyOverrides(CombiningAlgori
thms.java:351)
        at
an.xacml.policy.function.CombiningAlgorithms.multiplePoliciesDenyOverrides(Combi
ningAlgorithms.java:29)

Original issue reported on code.google.com by marek.ho...@gmail.com on 9 Sep 2008 at 9:22

GoogleCodeExporter commented 9 years ago 
I believe this is conceptual problem, described here:
http://lists.oasis-open.org/archives/xacml/200304/msg00019.html

quote:
Missing semantics for <AttributeAssignment> child elements
Reported by Satoshi Hada
Message: http://lists.oasis-open.org/archives/xacml-comment/200302/msg00020.html
Message: http://lists.oasis-open.org/archives/xacml-comment/200302/msg00021.html
Message: http://lists.oasis-open.org/archives/xacml-comment/200302/msg00022.html
Description: The semantics for the child elements of an
<AttributeSelector> are not specified, although three different
kinds of child elements are used in the example Rule 3 in Section
4.2.4.3.
Options: Specify the semantics in Section "5.36 Element
<AttributeAssignment>" [exact wording TBD]

See the messages reported by Satoshi Hada pinpointing the problem.

Original comment by marek.ho...@gmail.com on 9 Sep 2008 at 10:32

GoogleCodeExporter commented 9 years ago 
I was thinking of the solution of this problem.
The AttributeValue schema is the following:

<xs:complexType name="AttributeValueType" mixed="true">
        <xs:complexContent mixed="true">
            <xs:extension base="xacml:ExpressionType">
                <xs:sequence>
                    <xs:any namespace="##any" processContents="lax" minOccurs="0"
maxOccurs="unbounded"/>
                </xs:sequence>
                <xs:attribute name="DataType" type="xs:anyURI" use="required"/>
                <xs:anyAttribute namespace="##any" processContents="lax"/>
            </xs:extension>
        </xs:complexContent>
    </xs:complexType>

which means AttributeValue may contain any xml element. I think one of the 
possible
solutions could be adding the ability of setting any object inside 
AttributeValue,
which could be the place for storing multiple AttributeValues in 
AttributeAssignment
(AttributeAssignment extends the AttributeValue element). 
Currently we do have AttributeValue#typedValue but it is strictly checked 
against
registered types and it seems to be rather difficult to store AttributeValues[] 
as
typedValue.

Original comment by marek.ho...@gmail.com on 9 Sep 2008 at 10:50

GoogleCodeExporter commented 9 years ago

Original comment by ppz...@gmail.com on 30 Sep 2008 at 7:42

GoogleCodeExporter commented 9 years ago 
uhhh .... how and why do you evaluation an Obligation???? That's not defined 
ANYWHERE
in the xacml spec. Just a thought as I was browsing the site....

Original comment by michael....@gmail.com on 7 Apr 2009 at 10:05