问题
I'm working with XACML policies and I have a rule that includes a resource target similar to the following:
<Resources>
<Resource>
<ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">/MyDirectory</AttributeValue>
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
</ResourceMatch>
</Resource>
</Resources>
I want this rule to apply to all subdirectories of /Mydirectory. However, if I were to evaluate a request with the resource /MyDirectory/MySubdirectory, I would get a DECISION_NOT_APPLICABLE (3) response.
Is there an XQuery function that would allow me to apply a rule to all subdirectories of a single directory?
回答1:
You may use urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match and define the AttributeValue as a regular expression..
<Resources>
<Resource>
<ResourceMatch MatchId="urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">^/MyDirectory/</AttributeValue>
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
</ResourceMatch>
</Resource>
</Resources>
来源:https://stackoverflow.com/questions/7532237/how-do-i-apply-xacml-rules-to-every-child-uri