My xacml request contains two attributes which I want to compare as part of a policy's condition.
They are:
urn:oasis:names:tc:xacml:1.0:subject:group-id
urn:oasis:names:tc:xacml:1.0:resource:resource-id
All the policy examples I've found compare only one request attribute (i.e. ResourceAttributeDesignator) with an AttributeValue which is hard coded.
How do I compare that group-id equals resource-id?
You need to use a XACML Condition. Policy Sets, Policies, and Rules all have XACML Targets which you can use to compare an attribute to a value e.g. role=='manager'. Rules also have the XACML Condition element with which you can do more advanced comparisons including comparing two attributes.
Here is an example (using the ALFA notation):
namespace stackoverflow{
attribute groupId{
category = subjectCat
id = "urn:oasis:names:tc:xacml:1.0:subject:group-id"
type = string
}
attribute resourceId{
category = resourceCat
id = "urn:oasis:names:tc:xacml:1.0:resource:resource-id"
type = string
}
policy example{
apply firstApplicable
rule checkGroup{
condition groupId==resourceId
permit
}
}
}
Here is the output in XACML 3.0:
<?xml version="1.0" encoding="UTF-8"?>
<!--This file was generated by the ALFA Plugin for Eclipse from Axiomatics AB (http://www.axiomatics.com).
Any modification to this file will be lost upon recompilation of the source ALFA file-->
<xacml3:Policy xmlns:xacml3="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
PolicyId="http://axiomatics.com/alfa/identifier/stackoverflow.example"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"
Version="1.0">
<xacml3:Description />
<xacml3:PolicyDefaults>
<xacml3:XPathVersion>http://www.w3.org/TR/1999/REC-xpath-19991116</xacml3:XPathVersion>
</xacml3:PolicyDefaults>
<xacml3:Target />
<xacml3:Rule
Effect="Permit"
RuleId="http://axiomatics.com/alfa/identifier/stackoverflow.example.checkGroup">
<xacml3:Description />
<xacml3:Target />
<xacml3:Condition>
<xacml3:Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of-any">
<xacml3:Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
<xacml3:AttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:group-id"
DataType="http://www.w3.org/2001/XMLSchema#string"
Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
MustBePresent="false"
/>
<xacml3:AttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
DataType="http://www.w3.org/2001/XMLSchema#string"
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
MustBePresent="false"
/>
</xacml3:Apply>
</xacml3:Condition>
</xacml3:Rule>
</xacml3:Policy>
You can download the ALFA plugin here.
Related
I have the following XML
<wmi xmlns="http://www.exmple.com/XMLSchema/fulfillment/v1/order/orderShipment" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.example.com/XMLSchema/fulfillment/v1/order/orderShipment OrderShipmentNotification.xsd">
<wmiHeader>
<fileID>693401.20160229.130342.3541254</fileID>
<version>2.0.0</version>
<messageType>FSN</messageType>
<genDate>2016-02-29T13:03:42Z</genDate>
<from>
</from>
</wmiHeader>
<orderShipNotification>
<shipmentHeader dateTimeCreated="2016-02-29T13:03:42Z" requestNumber="2574445351883" />
<shipmentDetails actualShipmentDateTime="2016-02-29T12:18:54Z" carrierCode="XX" carrierMethodCode="XX-01">
<shipmentPackDetails trackingNumber="9361289672090007124848" trackingURL="https://example.com/go/TrackConfirmAction_input?qtc_tLabels1=323434">
<shipmentPackLineDetails requestLineNumber="1" partnerItemID="FXT-CC-LB" itemQtyShipped="1" />
</shipmentPackDetails>
</shipmentDetails>
</orderShipNotification>
</wmi>
I am getting error in Freemarker template when I am trying to access.
${orderShipNotification.shipmentDetails.#actualShipmentDateTime[0]!""}
If I delete the namespaces from the document it is working fine. I deleted the following content from the XML
xmlns="http://www.exmple.com/XMLSchema/fulfillment/v1/order/orderShipment" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.example.com/XMLSchema/fulfillment/v1/order/orderShipment OrderShipmentNotification.xsd"
I did some investigation. The is a ftl directive. But it is still not clear how this will solve the problem. Please let me know how I can access the attributes.
http://freemarker.incubator.apache.org/docs/ref_directive_ftl.html#ref.directive.ftl
Start the template with
<#ftl ns_prefixes={"D":"http://www.exmple.com/XMLSchema/fulfillment/v1/order/orderShipment"}>
This sets the namespace as the default (D stands for default). Note that if you will also use XPath queries, there you will have to write out the D: before the element names (this is an XPath restriction).
This is documented here: http://freemarker.org/docs/xgui_imperative_learn.html
i would like to know how to create a new repository in ATG. like what all steps are needed to be included? Do i need to create a properties file?
In order to create a new repository, You need to follow these steps if you want to create a repository that uses sql database in as the datastore.
Create a properties file
Create tables you want to map to the repository
Create a definition XML files to map repository item-descriptors and their properties to the respective tables.
MyRepository.properties
$class=atg.adapter.gsa.GSARepository
repositoryName=MyRepository
definitionFiles=atg/test/repositories/MyRepository.xml
XMLToolsFactory=/atg/dynamo/service/xml/XMLToolsFactory
transactionManager=/atg/dynamo/transaction/TransactionManager
idGenerator=/atg/dynamo/service/IdGenerator
dataSource=/atg/dynamo/service/jdbc/JTDataSource
lockManager=/atg/dynamo/service/ClientLockManager
The above properties files ensures that a new repository component is created and MyRepository.xml will be marked as its definition file.
The content of the MyRepository.xml file should be something like below...
MyRepository.xml
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE gsa-template SYSTEM "http://www.atg.com/dtds/gsa/gsa_1.0.dtd">
<gsa-template>
<header>
<name>New Repository creation</name>
<author>Jyothi Prasad Buddha</author>
</header>
<item-descriptor name="myRepo" cache-mode="simple">
<table name="my_repo" type="primary" id-column-names="id">
<!-- properties that may (or may not) be used as primary keys -->
<property name="name" data-types="String" />
<property name="age" data-types="int" />
</table>
</item-descriptor>
</gsa-template>
However you will have to create the the necessary tables before you start atg instance. The above xml files refers to a table named my_repo which has comlumns name and age.
Yes you need to create properties file's for more details you can read RepositoryGuide.pdf from Oracle.
for more detail you can read below blog
http://immuraliraj.blogspot.in/2011/12/atg-repository-basic-concepts.html
Just type
"ATG Creating a repository" on Google
and you would get lot of relevant results on the first page itself. Also be specific which version of ATG are you using, and what you have already done/found in your research. (just a suggestion, so you get good responses).
Yes, you need a properties file when creating a custom repository component. There are a lot of blogs that answer your question with detailed steps.
Check this for example
I am writing a form (betterFORMs/Xforms) to be displayed to the user with a selection of checkboxes.
If a checkbox is empty the form should bind an "N" into the element. When ticked, a "Y".
I realise there are answers to this question already but I have tried all answered solutions with no luck.
The first solution I attempted to use is here - stackoverflow link
(the first solution looks good, but I have had more success with solution 2 as I am not using Orbeon)
The answer given is what I am looking for, but I am having trouble implementing this into my form. I am not using Xhtml or Orbeon and so the binding I use seems to be different to that used in the solution.) I have tried tweaking this code to fit into my form but I get a repetitive error from the xml parser every time I load the page - but it doesn't point me to anywhere related to the new code.
The next solution I have tried is found here - stackoverflow link
This answer has had the best results in my code because the checkbox values change to N when not used and when they are deselected. The problem I have with this solution is that the Y set in the form element is contained in braces - [].
output example:
<addressProof>N</addressProof><other>[Y]</other><otherText>_text_</otherText>
Here is a snippet of my form:
model:
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="2.0"
xmlns="http://www.w3.org/2002/06/xhtml2" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xforms="http://www.w3.org/2002/xforms" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
<xsl:output method="xml" />
<xsl:template match="/">
<xforms:model id="documentsChecklist">
<xforms:instance>
<actionform xmlns="">
<xforms:model id="documentsChecklist">
<xforms:instance>
<actionform xmlns="">
<detail>
<other></other>
<otherText></otherText>
</detail>
</actionform>
</xforms:instance>
<xforms:bind id="other" nodeset="/actionform/detail/other" calculate="choose(. = 'Y', ., 'N')"/>
<xforms:bind nodeset="/actionform/detail/otherBox" relevant="/actionform/detail/other ='Y'" />
</xforms:model>
form:
<div id="formBody"><br />
<xforms:select bind="other" appearance="full" align="right">
<xforms:item>
<xforms:label>Other</xforms:label>
<xforms:value>Y</xforms:value>
</xforms:item>
</xforms:select>
<xforms:input ref="/actionform/detail/otherText">
<xforms:label>Please specify:*</xforms:label>
</xforms:input>
</div>
</xsl:template>
</xsl:stylesheet>
Why does the checkbox value now get set to "[Y]" instead of "Y"? (Could it be something to do with an Array?) Thanks.
PS. I know I could do this using a boolean for each checkbox, with the checkbox value corresponding to the boolean, which in turn updates the bind value. I would rather not have to have a big block of boolean elements and binds as I have a large amount of check boxes. this solution has an example here - stackoverflow link
A select control allows you to select more than one item and I wonder if it is why the XForms implementation you are using is adding square brackets (according to specifications selected values have to be separated by a space character, which is not always very convenient by the way).
I am afraid that XForms 1.1 and XForms 2.0 require to use extra intermediate nodes and bindings. It would be useful to be able to add 2 XPath expressions for bindings: one to convert node value to control value and the other one back from control value to node value.
As a workaround, I use another extension in XSLTForms: XSLT stylesheets for converting instances.
-Alain
My ServiceStack API is returning the following XML:
<UserResult>
<Email>dan-dare#the-eagle.com</Email>
<Forenames>Daniel</Forenames>
<Href>/users/00000001-0000-0000-0000-00000000000d</Href>
<Memberships>
<Href>/users/00000001-0000-0000-0000-00000000000d/memberships</Href>
</Memberships>
<Surname>Dare</Surname>
<UserGuid>00000001-0000-0000-0000-00000000000d</UserGuid>
<Username>test_dan</Username>
</UserResult>
I'm curious as to whether I can modify the XML serialization so it returns the HREF properties as attributes rather than elements:
<UserResult href="/users/00000001-0000-0000-0000-00000000000d">
...
<Memberships href="/users/00000001-0000-0000-0000-00000000000d/memberships" />
...
</UserResult>
or even override the default serialization entirely so that particular properties are exposed as <link /> elements:
<UserResult href="/users/00000001-0000-0000-0000-00000000000d">
...
<link rel="memberships" href="/users/00000001-0000-0000-0000-00000000000d/memberships" />
...
</UserResult>
I'm undecided as to whether I should do this, but very curious to know whether it's possible - either by decorating the properties or by replacing the default XML serializer (DataContractSerializer?) used by ServiceStack.
Attempting to hit the Customers end point and the API keeps rejecting my request with this extremely nondescript error:
<ErrorCode>-3002</ErrorCode>
<ErrorDesc>cannot insert NULL into ("ESB"."ADDRESS_API"."LABEL_NAME_MAP")</ErrorDesc>
<DBErrorCode>01400</DBErrorCode>
Here is the sample XML:
<?xml version='1.0' encoding='utf-8' ?>
<Add RequestId='47e1633341s4521a24e269ad12ab3f6' xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xmlns='http://www.intuit.com/sb/cdm/v2'>
<ExternalRealmId>111111111</ExternalRealmId>
<Object xsi:type='Customer'>
<TypeOf>Organization</TypeOf>
<Name>SampleCustomer</Name>
<Address>
<Line1>123 E. Fake St</Line1>
<Line2>Suite 1</Line2>
<City>Somewhere</City>
<Country>USA</Country>
<CountrySubDivisionCode>FL</CountrySubDivisionCode>
<PostalCode>12345</PostalCode>
<Default>true</Default>
<Tag>Billing</Tag>
</Address>
<Phone>
<DeviceType>LandLine</DeviceType>
<FreeFormNumber>123-456-4563</FreeFormNumber>
<Default>true</Default>
<Tag>Main</Tag>
</Phone>
<DBAName>Sample Customer</DBAName>
<AcctNum>51f2ce86134c03000a000155</AcctNum>
</Object>
</Add>
Any suggestions? These exceptions are super confusion. I found the one related to "ESB"."PHONE_API"."LABEL_NAME_MAP" was related to an empty phone number field. That isn't the case with this request.
You edited your post to reflect a correct tag, so this answer may no longer be relevant
My first guess would be that, per the documentation, the Address/Tag node allowable values are defined by the PhysicalAddressLabelType enum.
Tag - String - Tag (or label) that identifies the use of the address. The
values allowed are defined in the PhysicalAddressLabelType.
If you look at the allowable values, you'll see the only allowable values are:
Billing
Shipping
But you specified:
Office
Can you try specifying a valid value?
Likewise, you're specifying an invalid Tag for the Phone node as well. The allowable values are here:
https://developer.intuit.com/docs/0025_quickbooksapi/0050_data_services/v2/0500_quickbooks_windows/062_enumerations/telephonenumberlabeltype
But you've specified:
Main
Can you try specifying a valid value?