WSO2 API Manager 1.8 - 试用 XACML - 创建策略时出错 [英] WSO2 API Manager 1.8 - Trying out XACML - Error creating the policy
问题描述
我正在尝试了解如何将 XACML 与 API Manager 一起使用来控制对某些资源的访问.我已经关注了这里的博客文章,
I am trying to see how XACML can be used with the API Manager for controlling access to some of the resources. I have followed the blog post here,
我还尝试通过以下链接再关注一篇帖子,http://niranjankaru.blogspot.fr/2014/11/user-role-based-access-to-api-using.html
I have also tried following one more post from the following link, http://niranjankaru.blogspot.fr/2014/11/user-role-based-access-to-api-using.html
此外,我已经阅读了有关此主题的大部分 Stackoverflow 问题.以下是我的问题,
Also, I have gone through most of the Stackoverflow question regarding this topic. The following are my questions,
- XACML (4.2.2)"和XACML Mediation (4.2.2)"的版本是否与 API Manager 1.8 兼容?
- 我在尝试创建政策时遇到错误.我在添加新策略"页面中使用简单的策略编辑器,并按照第一个博客链接中给出的相同说明进行操作.
UI 中显示的错误是,
The error shown in the UI is,
"Error while adding entitlement policy. Invalid Entitlement Policy. Policy is not valid according to XACML schema"
并且日志出现如下错误,
and the log has the following error,
ERROR - EntitlementUtil XACML policy is not valid according to the schema :cvc-complex-type.2.4.a: Invalid content was found starting with element 'Description'. One of '{"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Description, "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":PolicyIssuer, "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":PolicyDefaults, "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Target}' is expected.
由于我不是手动编辑策略,而是使用简单策略编辑器并输入所有必填字段,因此我没想到会出现此错误.知道这可能是一个真正的错误还是由于某些版本不匹配?
As I am not editing policy by hand and using the Simple Policy Editor and entering all the fields required, I did not expect this error. Any idea if this can be a real error or due to some version mismatch?
推荐答案
我想你已经在 APIM 中安装了 XACML 功能.问题必须是由于 APIM 1.8.0 中包含的 OSGI 包中的版本不匹配以及您已安装的 XACML 功能.在 APIM 中安装 XACML 功能后,我发现有很多问题.因为 APIM 1.8.0 和 IS 5.0.0 没有同时发布.因此存在一些版本不匹配的问题.您下载 IS 5.0.0 并尝试创建策略并查看是否存在问题.
I think you have installed the XACML features in the APIM. Issues must be due to version mismatch in the OSGI bundle that contains in APIM 1.8.0 and the XACML feature that you have installed. I have seen there are lot issues after installing the XACML feature in APIM. Because APIM 1.8.0 and IS 5.0.0 have not been released in same time. Therefore there are some version mismatch issues. You download IS 5.0.0 and try to create policies and see whether there are issues are generating.
但是,如果您要进行适当的部署,我认为上述文章中的内容是不正确的.通常,XACML 引擎必须外部化并作为单独的实体运行.它不能在 API 网关内.因此,最好使用不同的服务器来运行 XACML 引擎.您可以从 找到更多详细信息这里.同样在上面的文章中,它只是在 APIM 中安装了 XACML 功能.但是您可以使用 entitlement mediator 调用 WSO2IS.您只想在中介配置中为其提供正确的 url.建议使用 WSO2IS 并尝试上述文章.您可以使用 WSO2IS XACML 编辑器从此处找到有关创建 XACML 策略的更多详细信息.
However, if you going for proper deployment, I think what is in above article is not correct. Normally XACML engine must be externalized and run as separate entity. It can not be within the API Gateway. Therefore it is better to use different server for running a XACML engine. you can find more details from here. Also in above article, it just have install XACML feature in APIM.. But you can call the WSO2IS using entitlement mediator. you just want to provide the proper url for it in the mediator configuration. It is suggest to use WSO2IS and try out above article. You can find more details about creating XACML policies from here using WSO2IS XACML editor.
这篇关于WSO2 API Manager 1.8 - 试用 XACML - 创建策略时出错的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
