You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Akitoshi Yoshida (JIRA)" <ji...@apache.org> on 2008/02/26 13:17:52 UTC
[jira] Created: (WSS-102) AbstractCrypto's constructor does not
allow null properties in WSS4J 1.5.2 and 1.5.3 for custom Crypto with no
input stream source
AbstractCrypto's constructor does not allow null properties in WSS4J 1.5.2 and 1.5.3 for custom Crypto with no input stream source
----------------------------------------------------------------------------------------------------------------------------------
Key: WSS-102
URL: https://issues.apache.org/jira/browse/WSS-102
Project: WSS4J
Issue Type: Bug
Environment: WSS4J 1.5.2
WSS4J 1.5.3
Reporter: Akitoshi Yoshida
Assignee: Ruchith Udayanga Fernando
The ealier implemantation (before 1.5.2) looked like:
public AbstractCrypto(Properties properties, ClassLoader loader) throws CredentialException, IOException {
/*
* if no properties .. just return an instance, the rest will be
* done later or this instance is just used to handle certificate
* conversions in this implementatio
*/
if (properties == null) {
return;
}
this.properties = properties;
String location = this.properties.getProperty("org.apache.ws.security.crypto.merlin.file");
This allowed a custom Crypto class extending from AbstractCrypto to pass a null properties and do the rest in its own constructor.
The above implementation was changed in 1.5.2 so that it does not accept a null properties, as in
public AbstractCrypto(Properties properties, ClassLoader loader) throws CredentialException, IOException {
this.properties = properties;
String location = this.properties.getProperty("org.apache.ws.security.crypto.merlin.file");
The rest of the code in this constructor assumes an input stream based keystore source and therefore it is not useful if your environment has only access to the keystore object but not its source stream.
Is there any strong reason to remove the original "if (properties == null) { return; } " block?
If not, could you reinsert that block?
Thank you.
Aki Yoshida
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Closed: (WSS-102) AbstractCrypto's constructor does not
allow null properties in WSS4J 1.5.2 and 1.5.3 for custom Crypto with no
input stream source
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-102?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh closed WSS-102.
-----------------------------------
> AbstractCrypto's constructor does not allow null properties in WSS4J 1.5.2 and 1.5.3 for custom Crypto with no input stream source
> ----------------------------------------------------------------------------------------------------------------------------------
>
> Key: WSS-102
> URL: https://issues.apache.org/jira/browse/WSS-102
> Project: WSS4J
> Issue Type: Bug
> Environment: WSS4J 1.5.2
> WSS4J 1.5.3
> Reporter: Akitoshi Yoshida
> Assignee: Nandana Mihindukulasooriya
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> The ealier implemantation (before 1.5.2) looked like:
> public AbstractCrypto(Properties properties, ClassLoader loader) throws CredentialException, IOException {
> /*
> * if no properties .. just return an instance, the rest will be
> * done later or this instance is just used to handle certificate
> * conversions in this implementatio
> */
> if (properties == null) {
> return;
> }
> this.properties = properties;
> String location = this.properties.getProperty("org.apache.ws.security.crypto.merlin.file");
> This allowed a custom Crypto class extending from AbstractCrypto to pass a null properties and do the rest in its own constructor.
> The above implementation was changed in 1.5.2 so that it does not accept a null properties, as in
> public AbstractCrypto(Properties properties, ClassLoader loader) throws CredentialException, IOException {
> this.properties = properties;
> String location = this.properties.getProperty("org.apache.ws.security.crypto.merlin.file");
> The rest of the code in this constructor assumes an input stream based keystore source and therefore it is not useful if your environment has only access to the keystore object but not its source stream.
> Is there any strong reason to remove the original "if (properties == null) { return; } " block?
> If not, could you reinsert that block?
> Thank you.
> Aki Yoshida
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Assigned: (WSS-102) AbstractCrypto's constructor does not
allow null properties in WSS4J 1.5.2 and 1.5.3 for custom Crypto with no
input stream source
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-102?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya reassigned WSS-102:
----------------------------------------------
Assignee: Nandana Mihindukulasooriya (was: Ruchith Udayanga Fernando)
> AbstractCrypto's constructor does not allow null properties in WSS4J 1.5.2 and 1.5.3 for custom Crypto with no input stream source
> ----------------------------------------------------------------------------------------------------------------------------------
>
> Key: WSS-102
> URL: https://issues.apache.org/jira/browse/WSS-102
> Project: WSS4J
> Issue Type: Bug
> Environment: WSS4J 1.5.2
> WSS4J 1.5.3
> Reporter: Akitoshi Yoshida
> Assignee: Nandana Mihindukulasooriya
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> The ealier implemantation (before 1.5.2) looked like:
> public AbstractCrypto(Properties properties, ClassLoader loader) throws CredentialException, IOException {
> /*
> * if no properties .. just return an instance, the rest will be
> * done later or this instance is just used to handle certificate
> * conversions in this implementatio
> */
> if (properties == null) {
> return;
> }
> this.properties = properties;
> String location = this.properties.getProperty("org.apache.ws.security.crypto.merlin.file");
> This allowed a custom Crypto class extending from AbstractCrypto to pass a null properties and do the rest in its own constructor.
> The above implementation was changed in 1.5.2 so that it does not accept a null properties, as in
> public AbstractCrypto(Properties properties, ClassLoader loader) throws CredentialException, IOException {
> this.properties = properties;
> String location = this.properties.getProperty("org.apache.ws.security.crypto.merlin.file");
> The rest of the code in this constructor assumes an input stream based keystore source and therefore it is not useful if your environment has only access to the keystore object but not its source stream.
> Is there any strong reason to remove the original "if (properties == null) { return; } " block?
> If not, could you reinsert that block?
> Thank you.
> Aki Yoshida
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Commented: (WSS-102) AbstractCrypto's constructor does not
allow null properties in WSS4J 1.5.2 and 1.5.3 for custom Crypto with no
input stream source
Posted by "Akitoshi Yoshida (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-102?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12593359#action_12593359 ]
Akitoshi Yoshida commented on WSS-102:
--------------------------------------
Hi Fred,
I would not call it a show stopper, but I would prefer AbstractCrypto to get this properties==null option back in 1.5.4 so that we don't have to change the code. That would make our life easier, as we have opted for using a modified version of 1.5.2 or 1.5.3. with this check if they are to be used, in the hope of this check being reinstantiated in the next version.
Thanks.
Regards, Aki
> AbstractCrypto's constructor does not allow null properties in WSS4J 1.5.2 and 1.5.3 for custom Crypto with no input stream source
> ----------------------------------------------------------------------------------------------------------------------------------
>
> Key: WSS-102
> URL: https://issues.apache.org/jira/browse/WSS-102
> Project: WSS4J
> Issue Type: Bug
> Environment: WSS4J 1.5.2
> WSS4J 1.5.3
> Reporter: Akitoshi Yoshida
> Assignee: Ruchith Udayanga Fernando
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> The ealier implemantation (before 1.5.2) looked like:
> public AbstractCrypto(Properties properties, ClassLoader loader) throws CredentialException, IOException {
> /*
> * if no properties .. just return an instance, the rest will be
> * done later or this instance is just used to handle certificate
> * conversions in this implementatio
> */
> if (properties == null) {
> return;
> }
> this.properties = properties;
> String location = this.properties.getProperty("org.apache.ws.security.crypto.merlin.file");
> This allowed a custom Crypto class extending from AbstractCrypto to pass a null properties and do the rest in its own constructor.
> The above implementation was changed in 1.5.2 so that it does not accept a null properties, as in
> public AbstractCrypto(Properties properties, ClassLoader loader) throws CredentialException, IOException {
> this.properties = properties;
> String location = this.properties.getProperty("org.apache.ws.security.crypto.merlin.file");
> The rest of the code in this constructor assumes an input stream based keystore source and therefore it is not useful if your environment has only access to the keystore object but not its source stream.
> Is there any strong reason to remove the original "if (properties == null) { return; } " block?
> If not, could you reinsert that block?
> Thank you.
> Aki Yoshida
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Commented: (WSS-102) AbstractCrypto's constructor does not
allow null properties in WSS4J 1.5.2 and 1.5.3 for custom Crypto with no
input stream source
Posted by "Fred Dushin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-102?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12604188#action_12604188 ]
Fred Dushin commented on WSS-102:
---------------------------------
Oops. This should have been closed for 1.5.4 -- I guess that means I missed it when I generated the web site, with the report listing the Jira tickets resolved in the release.
Thanks for spotting the missing merge!
-Fred
> AbstractCrypto's constructor does not allow null properties in WSS4J 1.5.2 and 1.5.3 for custom Crypto with no input stream source
> ----------------------------------------------------------------------------------------------------------------------------------
>
> Key: WSS-102
> URL: https://issues.apache.org/jira/browse/WSS-102
> Project: WSS4J
> Issue Type: Bug
> Environment: WSS4J 1.5.2
> WSS4J 1.5.3
> Reporter: Akitoshi Yoshida
> Assignee: Nandana Mihindukulasooriya
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> The ealier implemantation (before 1.5.2) looked like:
> public AbstractCrypto(Properties properties, ClassLoader loader) throws CredentialException, IOException {
> /*
> * if no properties .. just return an instance, the rest will be
> * done later or this instance is just used to handle certificate
> * conversions in this implementatio
> */
> if (properties == null) {
> return;
> }
> this.properties = properties;
> String location = this.properties.getProperty("org.apache.ws.security.crypto.merlin.file");
> This allowed a custom Crypto class extending from AbstractCrypto to pass a null properties and do the rest in its own constructor.
> The above implementation was changed in 1.5.2 so that it does not accept a null properties, as in
> public AbstractCrypto(Properties properties, ClassLoader loader) throws CredentialException, IOException {
> this.properties = properties;
> String location = this.properties.getProperty("org.apache.ws.security.crypto.merlin.file");
> The rest of the code in this constructor assumes an input stream based keystore source and therefore it is not useful if your environment has only access to the keystore object but not its source stream.
> Is there any strong reason to remove the original "if (properties == null) { return; } " block?
> If not, could you reinsert that block?
> Thank you.
> Aki Yoshida
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Commented: (WSS-102) AbstractCrypto's constructor does not
allow null properties in WSS4J 1.5.2 and 1.5.3 for custom Crypto with no
input stream source
Posted by "Fred Dushin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-102?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12593405#action_12593405 ]
Fred Dushin commented on WSS-102:
---------------------------------
I think we should be able to squeeze this into the 1.5.4 release, but I need to check with the team about risk -- I think it's pretty low.
> AbstractCrypto's constructor does not allow null properties in WSS4J 1.5.2 and 1.5.3 for custom Crypto with no input stream source
> ----------------------------------------------------------------------------------------------------------------------------------
>
> Key: WSS-102
> URL: https://issues.apache.org/jira/browse/WSS-102
> Project: WSS4J
> Issue Type: Bug
> Environment: WSS4J 1.5.2
> WSS4J 1.5.3
> Reporter: Akitoshi Yoshida
> Assignee: Ruchith Udayanga Fernando
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> The ealier implemantation (before 1.5.2) looked like:
> public AbstractCrypto(Properties properties, ClassLoader loader) throws CredentialException, IOException {
> /*
> * if no properties .. just return an instance, the rest will be
> * done later or this instance is just used to handle certificate
> * conversions in this implementatio
> */
> if (properties == null) {
> return;
> }
> this.properties = properties;
> String location = this.properties.getProperty("org.apache.ws.security.crypto.merlin.file");
> This allowed a custom Crypto class extending from AbstractCrypto to pass a null properties and do the rest in its own constructor.
> The above implementation was changed in 1.5.2 so that it does not accept a null properties, as in
> public AbstractCrypto(Properties properties, ClassLoader loader) throws CredentialException, IOException {
> this.properties = properties;
> String location = this.properties.getProperty("org.apache.ws.security.crypto.merlin.file");
> The rest of the code in this constructor assumes an input stream based keystore source and therefore it is not useful if your environment has only access to the keystore object but not its source stream.
> Is there any strong reason to remove the original "if (properties == null) { return; } " block?
> If not, could you reinsert that block?
> Thank you.
> Aki Yoshida
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Commented: (WSS-102) AbstractCrypto's constructor does not
allow null properties in WSS4J 1.5.2 and 1.5.3 for custom Crypto with no
input stream source
Posted by "Fred Dushin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-102?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12590129#action_12590129 ]
Fred Dushin commented on WSS-102:
---------------------------------
Aki,
Instead of extending AbstractCrypto, you can now extend CryptoBase, which only requires that you define non-null values for the keystore and cacerts fields.
Is that an acceptable solution for you, or do you require binary compatibility with 1.5.x, prior to 1.5.2?
Thansk!
> AbstractCrypto's constructor does not allow null properties in WSS4J 1.5.2 and 1.5.3 for custom Crypto with no input stream source
> ----------------------------------------------------------------------------------------------------------------------------------
>
> Key: WSS-102
> URL: https://issues.apache.org/jira/browse/WSS-102
> Project: WSS4J
> Issue Type: Bug
> Environment: WSS4J 1.5.2
> WSS4J 1.5.3
> Reporter: Akitoshi Yoshida
> Assignee: Ruchith Udayanga Fernando
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> The ealier implemantation (before 1.5.2) looked like:
> public AbstractCrypto(Properties properties, ClassLoader loader) throws CredentialException, IOException {
> /*
> * if no properties .. just return an instance, the rest will be
> * done later or this instance is just used to handle certificate
> * conversions in this implementatio
> */
> if (properties == null) {
> return;
> }
> this.properties = properties;
> String location = this.properties.getProperty("org.apache.ws.security.crypto.merlin.file");
> This allowed a custom Crypto class extending from AbstractCrypto to pass a null properties and do the rest in its own constructor.
> The above implementation was changed in 1.5.2 so that it does not accept a null properties, as in
> public AbstractCrypto(Properties properties, ClassLoader loader) throws CredentialException, IOException {
> this.properties = properties;
> String location = this.properties.getProperty("org.apache.ws.security.crypto.merlin.file");
> The rest of the code in this constructor assumes an input stream based keystore source and therefore it is not useful if your environment has only access to the keystore object but not its source stream.
> Is there any strong reason to remove the original "if (properties == null) { return; } " block?
> If not, could you reinsert that block?
> Thank you.
> Aki Yoshida
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Resolved: (WSS-102) AbstractCrypto's constructor does not
allow null properties in WSS4J 1.5.2 and 1.5.3 for custom Crypto with no
input stream source
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-102?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya resolved WSS-102.
--------------------------------------------
Resolution: Fixed
Fixed.
> AbstractCrypto's constructor does not allow null properties in WSS4J 1.5.2 and 1.5.3 for custom Crypto with no input stream source
> ----------------------------------------------------------------------------------------------------------------------------------
>
> Key: WSS-102
> URL: https://issues.apache.org/jira/browse/WSS-102
> Project: WSS4J
> Issue Type: Bug
> Environment: WSS4J 1.5.2
> WSS4J 1.5.3
> Reporter: Akitoshi Yoshida
> Assignee: Nandana Mihindukulasooriya
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> The ealier implemantation (before 1.5.2) looked like:
> public AbstractCrypto(Properties properties, ClassLoader loader) throws CredentialException, IOException {
> /*
> * if no properties .. just return an instance, the rest will be
> * done later or this instance is just used to handle certificate
> * conversions in this implementatio
> */
> if (properties == null) {
> return;
> }
> this.properties = properties;
> String location = this.properties.getProperty("org.apache.ws.security.crypto.merlin.file");
> This allowed a custom Crypto class extending from AbstractCrypto to pass a null properties and do the rest in its own constructor.
> The above implementation was changed in 1.5.2 so that it does not accept a null properties, as in
> public AbstractCrypto(Properties properties, ClassLoader loader) throws CredentialException, IOException {
> this.properties = properties;
> String location = this.properties.getProperty("org.apache.ws.security.crypto.merlin.file");
> The rest of the code in this constructor assumes an input stream based keystore source and therefore it is not useful if your environment has only access to the keystore object but not its source stream.
> Is there any strong reason to remove the original "if (properties == null) { return; } " block?
> If not, could you reinsert that block?
> Thank you.
> Aki Yoshida
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org