You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-dev@ws.apache.org by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org> on 2008/05/18 20:20:55 UTC

[jira] Commented: (RAMPART-156) org.apache.rahas.Token constructor expects lifetimeelement to be present, but the element is optional according to the standard.

    [ https://issues.apache.org/jira/browse/RAMPART-156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12597826#action_12597826 ] 

Nandana Mihindukulasooriya commented on RAMPART-156:
----------------------------------------------------

I think this is bit tricky. As we can see, processTokenExpiry() in the org.apache.rahas.SimpleTokenStore uses "expires" value set by the processLifeTime(lifetimeElem) to set the State of the tokens. So the tokens state will be not properly set if the expires value of the token is not set correctly. Token state is used check the token validity. 
eg. org.apache.rampart.util.RampartUtil#isTokenValid method

So we need to think of a way of setting the State or expires/created values in the above scenario.

thanks,
nandana

> org.apache.rahas.Token constructor expects lifetimeelement to be present, but the element is optional according to the standard.
> --------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: RAMPART-156
>                 URL: https://issues.apache.org/jira/browse/RAMPART-156
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-trust
>         Environment: Latest trunk of rampart  + wss4j on windows xp.
>            Reporter: Rasmus Rhein Helwigh
>            Assignee: Nandana Mihindukulasooriya
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> The org.apache.rahas.client.STSClient.processIssueResponse class tries to create a Token object with lifetime object as an argument. This lifetime object is optional, but the Token constructor fails if it's null.
> Since SAML1.1 has it's own lifetime element build into the assertion, it doesn't need to use the Token lifetime element, so it would be nice if this element could be optional.
> Index: C:/src/Main/java/Rampart-svn/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
> ===================================================================
> --- C:/src/Main/java/Rampart-svn/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java	(revision 650441)
> +++ C:/src/Main/java/Rampart-svn/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java	(working copy)
> @@ -151,7 +151,8 @@
>                  tokenElem.getXMLStreamReader());
>          stAXOMBuilder.setNamespaceURIInterning(true);
>          this.token = stAXOMBuilder.getDocumentElement();
> -        this.processLifeTime(lifetimeElem);
> +        if ( lifetimeElem != null )
> +        	this.processLifeTime(lifetimeElem);
>      }
>      
>      /**

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.