You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Srinivasa Kukatla (JIRA)" <ji...@apache.org> on 2011/07/01 23:43:28 UTC
[jira] [Created] (WSS-298) Resource Attribute in
AuthorizationDecision Statement not accepting blank
Resource Attribute in AuthorizationDecision Statement not accepting blank
-------------------------------------------------------------------------
Key: WSS-298
URL: https://issues.apache.org/jira/browse/WSS-298
Project: WSS4J
Issue Type: Bug
Components: WSS4J Core
Affects Versions: 1.6
Reporter: Srinivasa Kukatla
Assignee: Colm O hEigeartaigh
As per the Saml Specification, Resource is a required attribute. We have a requirement, that either the resource ID should be an empty string or a valid URI.
The following is from saml core xsd:
<complexType name="AuthzDecisionStatementType"><complexContent><extension base="saml:StatementAbstractType"><sequence><element ref="saml:Action" maxOccurs="unbounded"/><element ref="saml:Evidence" minOccurs="0"/></sequence><attribute name="Resource" type="anyURI" use="required"/><attribute name="Decision" type="saml:DecisionType" use="required"/></extension></complexContent></complexType>
Which says, resource is required. But, when I have " " as resource, attribute is completely missing.
Here is why:
Saml2ComponentBuilder.java
public static List<AuthzDecisionStatement> createAuthorizationDecisionStatement(
List<AuthDecisionStatementBean> decisionData
) {
List<AuthzDecisionStatement> authDecisionStatements = new ArrayList();
if (authorizationDecisionStatementBuilder == null) {
authorizationDecisionStatementBuilder =
(SAMLObjectBuilder<AuthzDecisionStatement>)
builderFactory.getBuilder(AuthzDecisionStatement.DEFAULT_ELEMENT_NAME);
}
if (decisionData != null && decisionData.size() > 0) {
for (AuthDecisionStatementBean decisionStatementBean : decisionData) {
AuthzDecisionStatement authDecision =
authorizationDecisionStatementBuilder.buildObject();
authDecision.setResource(decisionStatementBean.getResource());
authDecision.setDecision(
transformDecisionType(decisionStatementBean.getDecision())
);
for (ActionBean actionBean : decisionStatementBean.getActions()) {
Action actionElement = createSamlAction(actionBean);
authDecision.getActions().add(actionElement);
}
if (decisionStatementBean.getEvidence() instanceof Evidence) {
authDecision.setEvidence((Evidence)decisionStatementBean.getEvidence());
}
authDecisionStatements.add(authDecision);
}
}
return authDecisionStatements;
}
In the above, when the setResource is called, the following implementation gets called:
org.opensaml.saml2.core.impl.AuthzDecisionStatementImpl.java
/** {@inheritDoc} */
public void setResource(String newResourceURI) {
this.resource = prepareForAssignment(this.resource, newResourceURI);
}
protected String prepareForAssignment(String oldValue, String newValue) {
String newString = DatatypeHelper.safeTrimOrNullString(newValue);
if (!DatatypeHelper.safeEquals(oldValue, newString)) {
releaseThisandParentDOM();
}
return newString;
}
The blank string gets trimmed off, and null is returned. The Resource Attribute never gets created.
This is voilating the specification. This is the defect in OpenSAML not really in WSS4j.
/** {@inheritDoc} */
public void setResource(String newResourceURI) {
this.resource = prepareForAssignment(this.resource, newResourceURI);
}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Work started] (WSS-298) Resource Attribute in
AuthorizationDecision Statement not accepting blank
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-298?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on WSS-298 started by Colm O hEigeartaigh.
> Resource Attribute in AuthorizationDecision Statement not accepting blank
> -------------------------------------------------------------------------
>
> Key: WSS-298
> URL: https://issues.apache.org/jira/browse/WSS-298
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.6
> Reporter: Srinivasa Kukatla
> Assignee: Colm O hEigeartaigh
>
> As per the Saml Specification, Resource is a required attribute. We have a requirement, that either the resource ID should be an empty string or a valid URI.
> The following is from saml core xsd:
> <complexType name="AuthzDecisionStatementType"><complexContent><extension base="saml:StatementAbstractType"><sequence><element ref="saml:Action" maxOccurs="unbounded"/><element ref="saml:Evidence" minOccurs="0"/></sequence><attribute name="Resource" type="anyURI" use="required"/><attribute name="Decision" type="saml:DecisionType" use="required"/></extension></complexContent></complexType>
> Which says, resource is required. But, when I have " " as resource, attribute is completely missing.
> Here is why:
> Saml2ComponentBuilder.java
> public static List<AuthzDecisionStatement> createAuthorizationDecisionStatement(
> List<AuthDecisionStatementBean> decisionData
> ) {
> List<AuthzDecisionStatement> authDecisionStatements = new ArrayList();
> if (authorizationDecisionStatementBuilder == null) {
> authorizationDecisionStatementBuilder =
> (SAMLObjectBuilder<AuthzDecisionStatement>)
> builderFactory.getBuilder(AuthzDecisionStatement.DEFAULT_ELEMENT_NAME);
> }
> if (decisionData != null && decisionData.size() > 0) {
> for (AuthDecisionStatementBean decisionStatementBean : decisionData) {
> AuthzDecisionStatement authDecision =
> authorizationDecisionStatementBuilder.buildObject();
> authDecision.setResource(decisionStatementBean.getResource());
> authDecision.setDecision(
> transformDecisionType(decisionStatementBean.getDecision())
> );
> for (ActionBean actionBean : decisionStatementBean.getActions()) {
> Action actionElement = createSamlAction(actionBean);
> authDecision.getActions().add(actionElement);
> }
> if (decisionStatementBean.getEvidence() instanceof Evidence) {
> authDecision.setEvidence((Evidence)decisionStatementBean.getEvidence());
> }
>
> authDecisionStatements.add(authDecision);
> }
> }
> return authDecisionStatements;
> }
> In the above, when the setResource is called, the following implementation gets called:
> org.opensaml.saml2.core.impl.AuthzDecisionStatementImpl.java
> /** {@inheritDoc} */
> public void setResource(String newResourceURI) {
> this.resource = prepareForAssignment(this.resource, newResourceURI);
> }
> protected String prepareForAssignment(String oldValue, String newValue) {
> String newString = DatatypeHelper.safeTrimOrNullString(newValue);
> if (!DatatypeHelper.safeEquals(oldValue, newString)) {
> releaseThisandParentDOM();
> }
> return newString;
> }
> The blank string gets trimmed off, and null is returned. The Resource Attribute never gets created.
> This is voilating the specification. This is the defect in OpenSAML not really in WSS4j.
> /** {@inheritDoc} */
> public void setResource(String newResourceURI) {
> this.resource = prepareForAssignment(this.resource, newResourceURI);
> }
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Closed] (WSS-298) Resource Attribute in
AuthorizationDecision Statement not accepting blank
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-298?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh closed WSS-298.
-----------------------------------
> Resource Attribute in AuthorizationDecision Statement not accepting blank
> -------------------------------------------------------------------------
>
> Key: WSS-298
> URL: https://issues.apache.org/jira/browse/WSS-298
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.6
> Reporter: Srinivasa Kukatla
> Assignee: Colm O hEigeartaigh
>
> As per the Saml Specification, Resource is a required attribute. We have a requirement, that either the resource ID should be an empty string or a valid URI.
> The following is from saml core xsd:
> <complexType name="AuthzDecisionStatementType"><complexContent><extension base="saml:StatementAbstractType"><sequence><element ref="saml:Action" maxOccurs="unbounded"/><element ref="saml:Evidence" minOccurs="0"/></sequence><attribute name="Resource" type="anyURI" use="required"/><attribute name="Decision" type="saml:DecisionType" use="required"/></extension></complexContent></complexType>
> Which says, resource is required. But, when I have " " as resource, attribute is completely missing.
> Here is why:
> Saml2ComponentBuilder.java
> public static List<AuthzDecisionStatement> createAuthorizationDecisionStatement(
> List<AuthDecisionStatementBean> decisionData
> ) {
> List<AuthzDecisionStatement> authDecisionStatements = new ArrayList();
> if (authorizationDecisionStatementBuilder == null) {
> authorizationDecisionStatementBuilder =
> (SAMLObjectBuilder<AuthzDecisionStatement>)
> builderFactory.getBuilder(AuthzDecisionStatement.DEFAULT_ELEMENT_NAME);
> }
> if (decisionData != null && decisionData.size() > 0) {
> for (AuthDecisionStatementBean decisionStatementBean : decisionData) {
> AuthzDecisionStatement authDecision =
> authorizationDecisionStatementBuilder.buildObject();
> authDecision.setResource(decisionStatementBean.getResource());
> authDecision.setDecision(
> transformDecisionType(decisionStatementBean.getDecision())
> );
> for (ActionBean actionBean : decisionStatementBean.getActions()) {
> Action actionElement = createSamlAction(actionBean);
> authDecision.getActions().add(actionElement);
> }
> if (decisionStatementBean.getEvidence() instanceof Evidence) {
> authDecision.setEvidence((Evidence)decisionStatementBean.getEvidence());
> }
>
> authDecisionStatements.add(authDecision);
> }
> }
> return authDecisionStatements;
> }
> In the above, when the setResource is called, the following implementation gets called:
> org.opensaml.saml2.core.impl.AuthzDecisionStatementImpl.java
> /** {@inheritDoc} */
> public void setResource(String newResourceURI) {
> this.resource = prepareForAssignment(this.resource, newResourceURI);
> }
> protected String prepareForAssignment(String oldValue, String newValue) {
> String newString = DatatypeHelper.safeTrimOrNullString(newValue);
> if (!DatatypeHelper.safeEquals(oldValue, newString)) {
> releaseThisandParentDOM();
> }
> return newString;
> }
> The blank string gets trimmed off, and null is returned. The Resource Attribute never gets created.
> This is voilating the specification. This is the defect in OpenSAML not really in WSS4j.
> /** {@inheritDoc} */
> public void setResource(String newResourceURI) {
> this.resource = prepareForAssignment(this.resource, newResourceURI);
> }
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Resolved] (WSS-298) Resource Attribute in
AuthorizationDecision Statement not accepting blank
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-298?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved WSS-298.
-------------------------------------
Resolution: Won't Fix
Marking this as "Won't Fix", as it's not a bug in WSS4J, as per the JIRA description, but in Opensaml.
Please file the issue in the Opensaml JIRA instead:
https://issues.shibboleth.net/jira/browse/JOST
Colm.
> Resource Attribute in AuthorizationDecision Statement not accepting blank
> -------------------------------------------------------------------------
>
> Key: WSS-298
> URL: https://issues.apache.org/jira/browse/WSS-298
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.6
> Reporter: Srinivasa Kukatla
> Assignee: Colm O hEigeartaigh
>
> As per the Saml Specification, Resource is a required attribute. We have a requirement, that either the resource ID should be an empty string or a valid URI.
> The following is from saml core xsd:
> <complexType name="AuthzDecisionStatementType"><complexContent><extension base="saml:StatementAbstractType"><sequence><element ref="saml:Action" maxOccurs="unbounded"/><element ref="saml:Evidence" minOccurs="0"/></sequence><attribute name="Resource" type="anyURI" use="required"/><attribute name="Decision" type="saml:DecisionType" use="required"/></extension></complexContent></complexType>
> Which says, resource is required. But, when I have " " as resource, attribute is completely missing.
> Here is why:
> Saml2ComponentBuilder.java
> public static List<AuthzDecisionStatement> createAuthorizationDecisionStatement(
> List<AuthDecisionStatementBean> decisionData
> ) {
> List<AuthzDecisionStatement> authDecisionStatements = new ArrayList();
> if (authorizationDecisionStatementBuilder == null) {
> authorizationDecisionStatementBuilder =
> (SAMLObjectBuilder<AuthzDecisionStatement>)
> builderFactory.getBuilder(AuthzDecisionStatement.DEFAULT_ELEMENT_NAME);
> }
> if (decisionData != null && decisionData.size() > 0) {
> for (AuthDecisionStatementBean decisionStatementBean : decisionData) {
> AuthzDecisionStatement authDecision =
> authorizationDecisionStatementBuilder.buildObject();
> authDecision.setResource(decisionStatementBean.getResource());
> authDecision.setDecision(
> transformDecisionType(decisionStatementBean.getDecision())
> );
> for (ActionBean actionBean : decisionStatementBean.getActions()) {
> Action actionElement = createSamlAction(actionBean);
> authDecision.getActions().add(actionElement);
> }
> if (decisionStatementBean.getEvidence() instanceof Evidence) {
> authDecision.setEvidence((Evidence)decisionStatementBean.getEvidence());
> }
>
> authDecisionStatements.add(authDecision);
> }
> }
> return authDecisionStatements;
> }
> In the above, when the setResource is called, the following implementation gets called:
> org.opensaml.saml2.core.impl.AuthzDecisionStatementImpl.java
> /** {@inheritDoc} */
> public void setResource(String newResourceURI) {
> this.resource = prepareForAssignment(this.resource, newResourceURI);
> }
> protected String prepareForAssignment(String oldValue, String newValue) {
> String newString = DatatypeHelper.safeTrimOrNullString(newValue);
> if (!DatatypeHelper.safeEquals(oldValue, newString)) {
> releaseThisandParentDOM();
> }
> return newString;
> }
> The blank string gets trimmed off, and null is returned. The Resource Attribute never gets created.
> This is voilating the specification. This is the defect in OpenSAML not really in WSS4j.
> /** {@inheritDoc} */
> public void setResource(String newResourceURI) {
> this.resource = prepareForAssignment(this.resource, newResourceURI);
> }
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org