Closed kyleolivo closed 6 years ago
Please revert the commits with version update. Versions will be automatically updated with the release of the repository. And please fix the comments in the PR.
@madurangasiriwardena Thanks for looking at this! I've reverted the version changes and applied consistent formatting to those conditionals.
@kyleolivo Thank you for your contribution!
Purpose
I noticed that the Status object returned in the AbstractResult sometimes did not return a Message or Details when an attribute name in the request did not match what was expected in the policy. On reviewing the XACML standard, it appears that returning the indeterminate_deny result was missed from the PermitOverridesPolicyAlg class. This change corrects that omission and conforms with the XACML standard: http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html#_Toc325047272
Goals
Returns the indeterminate_deny result when applicable.
Approach
Added one conditional that conforms with the XACML specification.
User stories
N/A
Release note
Fix issue where "Indeterminate Deny" decisions did not produce an "Indeterminate Deny" result when the Permit Overrides combining algorithm is used.
Documentation
N/A - This behavior is expected according to the XACML specification.
Training
N/A
Certification
N/A
Marketing
N/A
Automation tests
N/A
Security checks
N/A
Samples
N/A
Related PRs
N/A
Migrations (if applicable)
N/A
Test environment
N/A
Learning
N/A