You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Daniel Kulp (JIRA)" <ji...@apache.org> on 2009/11/06 00:15:32 UTC

[jira] Resolved: (CXF-2524) STSClient requires Lifetime element in RSTR

     [ https://issues.apache.org/jira/browse/CXF-2524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Daniel Kulp resolved CXF-2524.
------------------------------

       Resolution: Fixed
    Fix Version/s: 2.2.5
         Assignee: Daniel Kulp

> STSClient requires Lifetime element in RSTR
> -------------------------------------------
>
>                 Key: CXF-2524
>                 URL: https://issues.apache.org/jira/browse/CXF-2524
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 2.2.4
>            Reporter: Oliver Wulff
>            Assignee: Daniel Kulp
>             Fix For: 2.2.5
>
>
> The STSClient in CXF requires that an STS returns the Lifetime element which is optional as per WS-Trust 1.3 spec:
> [http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html]
> >>>
> 4.4 Returning a Security Token
> ...
> wst:RequestSecurityTokenResponse/wst:Lifetime
> This optional element specifies the lifetime of the issued security token.  If omitted the lifetime is unspecified (not necessarily unlimited).  It is RECOMMENDED that if a lifetime exists for a token that this element be included in the response.
> >>>
> STSClient.java:
> ...
>         while (el != null) {
>             String ln = el.getLocalName();
>             if (namespace.equals(el.getNamespaceURI())) {
>                 if ("Lifetime".equals(ln)) {
>                     lte = el;
> ...
>         SecurityToken token = new SecurityToken(id, rstDec, lte);
> ...
> SecurityToken.java:
> ...
>     public SecurityToken(String id,
>                  Element tokenElem,
>                  Element lifetimeElem) {
>         this.id = id;
>         this.token = cloneElement(tokenElem);
>         this.processLifeTime(lifetimeElem);
> ...
>     /**
>      * @param lifetimeElem
>      * @throws TrustException 
>      */
>     private void processLifeTime(Element lifetimeElem) {
>         try {
>             DatatypeFactory factory = DatatypeFactory.newInstance();
>             
>             Element createdElem = 
>                 DOMUtils.getFirstChildWithName(lifetimeElem,
>                                                 WSConstants.WSU_NS,
>                                                 WSConstants.CREATED_LN);
>             this.created = factory.newXMLGregorianCalendar(DOMUtils.getContent(createdElem))
>                 .toGregorianCalendar();
>             Element expiresElem = 
>                 DOMUtils.getFirstChildWithName(lifetimeElem,
>                                                 WSConstants.WSU_NS,
>                                                 WSConstants.EXPIRES_LN);
>             this.expires = factory.newXMLGregorianCalendar(DOMUtils.getContent(expiresElem))
>                 .toGregorianCalendar();
>         } catch (DatatypeConfigurationException e) {
>             //shouldn't happen
> If "null" is passed to processLifeTime a NPE occurs. If the CXF internals don't depend on the lifetime the following might fix it already:
> ...
>     public SecurityToken(String id,
>                  Element tokenElem,
>                  Element lifetimeElem) {
>         this.id = id;
>         this.token = cloneElement(tokenElem);
>         if (lifetimeElem !=null) this.processLifeTime(lifetimeElem);
> ...

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.