You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2011/07/24 17:56:10 UTC
[jira] [Closed] (WSS-298) Resource Attribute in
AuthorizationDecision Statement not accepting blank
[ https://issues.apache.org/jira/browse/WSS-298?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh closed WSS-298.
-----------------------------------
> Resource Attribute in AuthorizationDecision Statement not accepting blank
> -------------------------------------------------------------------------
>
> Key: WSS-298
> URL: https://issues.apache.org/jira/browse/WSS-298
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.6
> Reporter: Srinivasa Kukatla
> Assignee: Colm O hEigeartaigh
>
> As per the Saml Specification, Resource is a required attribute. We have a requirement, that either the resource ID should be an empty string or a valid URI.
> The following is from saml core xsd:
> <complexType name="AuthzDecisionStatementType"><complexContent><extension base="saml:StatementAbstractType"><sequence><element ref="saml:Action" maxOccurs="unbounded"/><element ref="saml:Evidence" minOccurs="0"/></sequence><attribute name="Resource" type="anyURI" use="required"/><attribute name="Decision" type="saml:DecisionType" use="required"/></extension></complexContent></complexType>
> Which says, resource is required. But, when I have " " as resource, attribute is completely missing.
> Here is why:
> Saml2ComponentBuilder.java
> public static List<AuthzDecisionStatement> createAuthorizationDecisionStatement(
> List<AuthDecisionStatementBean> decisionData
> ) {
> List<AuthzDecisionStatement> authDecisionStatements = new ArrayList();
> if (authorizationDecisionStatementBuilder == null) {
> authorizationDecisionStatementBuilder =
> (SAMLObjectBuilder<AuthzDecisionStatement>)
> builderFactory.getBuilder(AuthzDecisionStatement.DEFAULT_ELEMENT_NAME);
> }
> if (decisionData != null && decisionData.size() > 0) {
> for (AuthDecisionStatementBean decisionStatementBean : decisionData) {
> AuthzDecisionStatement authDecision =
> authorizationDecisionStatementBuilder.buildObject();
> authDecision.setResource(decisionStatementBean.getResource());
> authDecision.setDecision(
> transformDecisionType(decisionStatementBean.getDecision())
> );
> for (ActionBean actionBean : decisionStatementBean.getActions()) {
> Action actionElement = createSamlAction(actionBean);
> authDecision.getActions().add(actionElement);
> }
> if (decisionStatementBean.getEvidence() instanceof Evidence) {
> authDecision.setEvidence((Evidence)decisionStatementBean.getEvidence());
> }
>
> authDecisionStatements.add(authDecision);
> }
> }
> return authDecisionStatements;
> }
> In the above, when the setResource is called, the following implementation gets called:
> org.opensaml.saml2.core.impl.AuthzDecisionStatementImpl.java
> /** {@inheritDoc} */
> public void setResource(String newResourceURI) {
> this.resource = prepareForAssignment(this.resource, newResourceURI);
> }
> protected String prepareForAssignment(String oldValue, String newValue) {
> String newString = DatatypeHelper.safeTrimOrNullString(newValue);
> if (!DatatypeHelper.safeEquals(oldValue, newString)) {
> releaseThisandParentDOM();
> }
> return newString;
> }
> The blank string gets trimmed off, and null is returned. The Resource Attribute never gets created.
> This is voilating the specification. This is the defect in OpenSAML not really in WSS4j.
> /** {@inheritDoc} */
> public void setResource(String newResourceURI) {
> this.resource = prepareForAssignment(this.resource, newResourceURI);
> }
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org