You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by andreas_triebel <an...@adesso.ch> on 2012/11/02 10:26:35 UTC
How to use
org.apache.ws.security.saml.ext.SAMLCallback.setAssertionElement()?
In my SAMLCallbackHandler I try to set the assertion element with the current
subject's public credentials (SAMLCredential). This approach ends up with
the following error:
/Caused by: org.w3c.dom.DOMException: WRONG_DOCUMENT_ERR: A node is used in
a different document than the one that created it.
at
org.apache.xerces.dom.ParentNode.internalInsertBefore(ParentNode.java:351)
at org.apache.xerces.dom.ParentNode.insertBefore(ParentNode.java:283)
at org.apache.xerces.dom.NodeImpl.appendChild(NodeImpl.java:236)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.insertAfter(AbstractBindingBuilder.java:190)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSupportingElement(AbstractBindingBuilder.java:232)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSignatureParts(AbstractBindingBuilder.java:698)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSupportingTokens(AbstractBindingBuilder.java:2126)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:144)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:98)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:165)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:89)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134
... 18 more/
The SAMLCallbackHandler looks like this:
/...
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof SAMLCallback) {
SAMLCallback sc = (SAMLCallback) callbacks[i];
Subject subject =
org.jboss.security.SecurityContextAssociation.getSubject();
Set<SamlCredential> samlCreds =
subject.getPublicCredentials(SamlCredential.class);
for (SamlCredential samlCred : samlCreds) {
Element assertion = samlCred.getAssertionAsElement();
sc.setAssertionElement(assertion);
}
.../
Is it not meant to be used like this or is there another way to reuse the
current subject's SAMLCredential in CXF?
Thanks
Andreas
--
View this message in context: http://cxf.547215.n5.nabble.com/How-to-use-org-apache-ws-security-saml-ext-SAMLCallback-setAssertionElement-tp5717764.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: How to use
org.apache.ws.security.saml.ext.SAMLCallback.setAssertionElement()?
Posted by andreas_triebel <an...@adesso.ch>.
Ticket created. https://issues.apache.org/jira/browse/CXF-4612
-Andreas
--
View this message in context: http://cxf.547215.n5.nabble.com/How-to-use-org-apache-ws-security-saml-ext-SAMLCallback-setAssertionElement-tp5717764p5717903.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: How to use org.apache.ws.security.saml.ext.SAMLCallback.setAssertionElement()?
Posted by Colm O hEigeartaigh <co...@apache.org>.
Yep that's the issue, well spotted Andrei. Andreas, please create a JIRA
and I will take it from there.
Colm.
On Fri, Nov 2, 2012 at 2:42 PM, Andrei Shakirin <as...@talend.com>wrote:
> For me looks like as a defect in
> AbstractBindingBuilder.addSignatureParts().
>
> As far as I can see SAML assertion element is not imported into
> SecurtyHeader document:
> SecurityTokenReference secRef =
> createSTRForSamlAssertion(doc, assertionWrapper.getId(), saml1, false);
> addSupportingElement(secRef.getElement());
>
> as it is done for example for WSSecSignature:
> SecurityTokenReference secRef =
> tempSig.getSecurityTokenReference();
> ...
> Element secRefElement =
> cloneElement(secRef.getElement());
> addSupportingElement(secRefElement);
>
> I will suggest to create a Jira issue, patch is also welcome.
>
> Regards,
> Andrei.
>
> -----Original Message-----
> From: andreas_triebel [mailto:andreas.triebel@adesso.ch]
> Sent: Freitag, 2. November 2012 10:27
> To: users@cxf.apache.org
> Subject: How to use
> org.apache.ws.security.saml.ext.SAMLCallback.setAssertionElement()?
>
> In my SAMLCallbackHandler I try to set the assertion element with the
> current subject's public credentials (SAMLCredential). This approach ends
> up with the following error:
>
> /Caused by: org.w3c.dom.DOMException: WRONG_DOCUMENT_ERR: A node is used
> in a different document than the one that created it.
> at
> org.apache.xerces.dom.ParentNode.internalInsertBefore(ParentNode.java:351)
> at org.apache.xerces.dom.ParentNode.insertBefore(ParentNode.java:283)
> at org.apache.xerces.dom.NodeImpl.appendChild(NodeImpl.java:236)
> at
>
> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.insertAfter(AbstractBindingBuilder.java:190)
> at
>
> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSupportingElement(AbstractBindingBuilder.java:232)
> at
>
> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSignatureParts(AbstractBindingBuilder.java:698)
> at
>
> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSupportingTokens(AbstractBindingBuilder.java:2126)
> at
>
> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:144)
> at
>
> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:98)
> at
>
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:165)
> at
>
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:89)
> at
>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134
> ... 18 more/
>
>
> The SAMLCallbackHandler looks like this:
> /...
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
> for (int i = 0; i < callbacks.length; i++) {
> if (callbacks[i] instanceof SAMLCallback) {
> SAMLCallback sc = (SAMLCallback) callbacks[i];
> Subject subject =
> org.jboss.security.SecurityContextAssociation.getSubject();
> Set<SamlCredential> samlCreds =
> subject.getPublicCredentials(SamlCredential.class);
> for (SamlCredential samlCred : samlCreds) {
> Element assertion = samlCred.getAssertionAsElement();
> sc.setAssertionElement(assertion);
> }
> .../
>
> Is it not meant to be used like this or is there another way to reuse the
> current subject's SAMLCredential in CXF?
>
> Thanks
> Andreas
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/How-to-use-org-apache-ws-security-saml-ext-SAMLCallback-setAssertionElement-tp5717764.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
RE: How to use
org.apache.ws.security.saml.ext.SAMLCallback.setAssertionElement()?
Posted by Andrei Shakirin <as...@talend.com>.
For me looks like as a defect in AbstractBindingBuilder.addSignatureParts().
As far as I can see SAML assertion element is not imported into SecurtyHeader document:
SecurityTokenReference secRef = createSTRForSamlAssertion(doc, assertionWrapper.getId(), saml1, false);
addSupportingElement(secRef.getElement());
as it is done for example for WSSecSignature:
SecurityTokenReference secRef = tempSig.getSecurityTokenReference();
...
Element secRefElement = cloneElement(secRef.getElement());
addSupportingElement(secRefElement);
I will suggest to create a Jira issue, patch is also welcome.
Regards,
Andrei.
-----Original Message-----
From: andreas_triebel [mailto:andreas.triebel@adesso.ch]
Sent: Freitag, 2. November 2012 10:27
To: users@cxf.apache.org
Subject: How to use org.apache.ws.security.saml.ext.SAMLCallback.setAssertionElement()?
In my SAMLCallbackHandler I try to set the assertion element with the current subject's public credentials (SAMLCredential). This approach ends up with the following error:
/Caused by: org.w3c.dom.DOMException: WRONG_DOCUMENT_ERR: A node is used in a different document than the one that created it.
at
org.apache.xerces.dom.ParentNode.internalInsertBefore(ParentNode.java:351)
at org.apache.xerces.dom.ParentNode.insertBefore(ParentNode.java:283)
at org.apache.xerces.dom.NodeImpl.appendChild(NodeImpl.java:236)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.insertAfter(AbstractBindingBuilder.java:190)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSupportingElement(AbstractBindingBuilder.java:232)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSignatureParts(AbstractBindingBuilder.java:698)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSupportingTokens(AbstractBindingBuilder.java:2126)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:144)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:98)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:165)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:89)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134
... 18 more/
The SAMLCallbackHandler looks like this:
/...
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof SAMLCallback) {
SAMLCallback sc = (SAMLCallback) callbacks[i];
Subject subject =
org.jboss.security.SecurityContextAssociation.getSubject();
Set<SamlCredential> samlCreds = subject.getPublicCredentials(SamlCredential.class);
for (SamlCredential samlCred : samlCreds) {
Element assertion = samlCred.getAssertionAsElement();
sc.setAssertionElement(assertion);
}
.../
Is it not meant to be used like this or is there another way to reuse the current subject's SAMLCredential in CXF?
Thanks
Andreas
--
View this message in context: http://cxf.547215.n5.nabble.com/How-to-use-org-apache-ws-security-saml-ext-SAMLCallback-setAssertionElement-tp5717764.html
Sent from the cxf-user mailing list archive at Nabble.com.