You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Andrei Shakirin (JIRA)" <ji...@apache.org> on 2016/04/12 21:33:25 UTC
[jira] [Closed] (CXF-6859) STSTokenValidator: logging and exception
handling improvement
[ https://issues.apache.org/jira/browse/CXF-6859?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrei Shakirin closed CXF-6859.
--------------------------------
> STSTokenValidator: logging and exception handling improvement
> -------------------------------------------------------------
>
> Key: CXF-6859
> URL: https://issues.apache.org/jira/browse/CXF-6859
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 3.1.6
> Reporter: Andrei Shakirin
> Assignee: Andrei Shakirin
> Fix For: 3.2.0
>
>
> The STSTokenValidator doesn't log the reason of authentication error in case of local validation.
> The STSTokenValidator tries to validate token locally and, in case if it wasn't successful, delegate the validation to STS:
> public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
>
> if (isValidatedLocally(credential, data)) {
> return credential;
> }
>
> return validateWithSTS(credential, (Message)data.getMsgContext());
> }
> That causes a bit confusing error messages in log, if user rely on local validation only.
> For example, if STS certificate is missing in service keystore it throws:
> WARNING: Assertion can not be validated: java.lang.NullPointerException
> at org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(SecurityUtils.java:170)
> at org.apache.cxf.ws.security.trust.STSUtils.getClientWithIssuer(STSUtils.java:106)
> at org.apache.cxf.ws.security.trust.STSUtils.getClient(STSUtils.java:92)
> at org.apache.cxf.ws.security.trust.STSTokenValidator.validateWithSTS(STSTokenValidator.java:128)
> at org.apache.cxf.ws.security.trust.STSTokenValidator.validate(STSTokenValidator.java:80)
> at org.apache.cxf.rs.security.saml.AbstractSamlInHandler.validateToken(AbstractSamlInHandler.java:181)
> Then, to find a real reason of failed local validation it is necessary to debug the code.
> Suggestion: in case if alwaysValidateToSts is false (default value) log the reason of failed local validation on warning level.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)