You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2011/07/24 17:56:09 UTC

[jira] [Resolved] (WSS-298) Resource Attribute in AuthorizationDecision Statement not accepting blank

     [ https://issues.apache.org/jira/browse/WSS-298?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh resolved WSS-298.
-------------------------------------

    Resolution: Won't Fix


Marking this as "Won't Fix", as it's not a bug in WSS4J, as per the JIRA description, but in Opensaml. 

Please file the issue in the Opensaml JIRA instead:

https://issues.shibboleth.net/jira/browse/JOST

Colm.

> Resource Attribute in AuthorizationDecision Statement not accepting blank
> -------------------------------------------------------------------------
>
>                 Key: WSS-298
>                 URL: https://issues.apache.org/jira/browse/WSS-298
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.6
>            Reporter: Srinivasa Kukatla
>            Assignee: Colm O hEigeartaigh
>
> As per the Saml Specification, Resource is a required attribute. We have a requirement, that either the resource ID should be an empty string or a valid URI. 
> The following is from saml core xsd:
> <complexType name="AuthzDecisionStatementType"><complexContent><extension base="saml:StatementAbstractType"><sequence><element ref="saml:Action" maxOccurs="unbounded"/><element ref="saml:Evidence" minOccurs="0"/></sequence><attribute name="Resource" type="anyURI" use="required"/><attribute name="Decision" type="saml:DecisionType" use="required"/></extension></complexContent></complexType>
> Which says, resource is required. But, when I have " " as resource, attribute is completely missing.
> Here is why:
> Saml2ComponentBuilder.java
>  public static List<AuthzDecisionStatement> createAuthorizationDecisionStatement(
>         List<AuthDecisionStatementBean> decisionData
>     ) {
>         List<AuthzDecisionStatement> authDecisionStatements = new ArrayList();
>         if (authorizationDecisionStatementBuilder == null) {
>             authorizationDecisionStatementBuilder = 
>                 (SAMLObjectBuilder<AuthzDecisionStatement>)
>                     builderFactory.getBuilder(AuthzDecisionStatement.DEFAULT_ELEMENT_NAME);
>         }
>         if (decisionData != null && decisionData.size() > 0) {
>             for (AuthDecisionStatementBean decisionStatementBean : decisionData) {
>                 AuthzDecisionStatement authDecision = 
>                     authorizationDecisionStatementBuilder.buildObject();
>                 authDecision.setResource(decisionStatementBean.getResource());
>                 authDecision.setDecision(
>                     transformDecisionType(decisionStatementBean.getDecision())
>                 );
>                 for (ActionBean actionBean : decisionStatementBean.getActions()) {
>                     Action actionElement = createSamlAction(actionBean);
>                     authDecision.getActions().add(actionElement);
>                 }
>                 if (decisionStatementBean.getEvidence() instanceof Evidence) {                                    
>                     authDecision.setEvidence((Evidence)decisionStatementBean.getEvidence());
>                 }
>                 
>                 authDecisionStatements.add(authDecision);
>             }
>         }
>         return authDecisionStatements;
>     }
> In the above, when the setResource is called, the following implementation gets called:
> org.opensaml.saml2.core.impl.AuthzDecisionStatementImpl.java
>  /** {@inheritDoc} */
>     public void setResource(String newResourceURI) {
>         this.resource = prepareForAssignment(this.resource, newResourceURI);
>     }
>   protected String prepareForAssignment(String oldValue, String newValue) {
>         String newString = DatatypeHelper.safeTrimOrNullString(newValue);
>         if (!DatatypeHelper.safeEquals(oldValue, newString)) {
>             releaseThisandParentDOM();
>         }
>         return newString;
>     }
> The blank string gets trimmed off, and null is returned. The Resource Attribute never gets created.
> This is voilating the specification. This is the defect in OpenSAML not really in WSS4j.
>  /** {@inheritDoc} */
>     public void setResource(String newResourceURI) {
>         this.resource = prepareForAssignment(this.resource, newResourceURI);
>     }

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org