You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Oliver Wulff (JIRA)" <ji...@apache.org> on 2009/11/05 20:32:32 UTC
[jira] Created: (CXF-2524) STSClient requires Lifetime element in
RSTR
STSClient requires Lifetime element in RSTR
-------------------------------------------
Key: CXF-2524
URL: https://issues.apache.org/jira/browse/CXF-2524
Project: CXF
Issue Type: Bug
Affects Versions: 2.2.4
Reporter: Oliver Wulff
The STSClient in CXF requires that an STS returns the Lifetime element which is optional as per WS-Trust 1.3 spec:
[http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html]
>>>
4.4 Returning a Security Token
...
wst:RequestSecurityTokenResponse/wst:Lifetime
This optional element specifies the lifetime of the issued security token. If omitted the lifetime is unspecified (not necessarily unlimited). It is RECOMMENDED that if a lifetime exists for a token that this element be included in the response.
>>>
STSClient.java:
...
while (el != null) {
String ln = el.getLocalName();
if (namespace.equals(el.getNamespaceURI())) {
if ("Lifetime".equals(ln)) {
lte = el;
...
SecurityToken token = new SecurityToken(id, rstDec, lte);
...
SecurityToken.java:
...
public SecurityToken(String id,
Element tokenElem,
Element lifetimeElem) {
this.id = id;
this.token = cloneElement(tokenElem);
this.processLifeTime(lifetimeElem);
...
/**
* @param lifetimeElem
* @throws TrustException
*/
private void processLifeTime(Element lifetimeElem) {
try {
DatatypeFactory factory = DatatypeFactory.newInstance();
Element createdElem =
DOMUtils.getFirstChildWithName(lifetimeElem,
WSConstants.WSU_NS,
WSConstants.CREATED_LN);
this.created = factory.newXMLGregorianCalendar(DOMUtils.getContent(createdElem))
.toGregorianCalendar();
Element expiresElem =
DOMUtils.getFirstChildWithName(lifetimeElem,
WSConstants.WSU_NS,
WSConstants.EXPIRES_LN);
this.expires = factory.newXMLGregorianCalendar(DOMUtils.getContent(expiresElem))
.toGregorianCalendar();
} catch (DatatypeConfigurationException e) {
//shouldn't happen
If "null" is passed to processLifeTime a NPE occurs. If the CXF internals don't depend on the lifetime the following might fix it already:
...
public SecurityToken(String id,
Element tokenElem,
Element lifetimeElem) {
this.id = id;
this.token = cloneElement(tokenElem);
if (lifetimeElem !=null) this.processLifeTime(lifetimeElem);
...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (CXF-2524) STSClient requires Lifetime element in
RSTR
Posted by "Daniel Kulp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-2524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel Kulp resolved CXF-2524.
------------------------------
Resolution: Fixed
Fix Version/s: 2.2.5
Assignee: Daniel Kulp
> STSClient requires Lifetime element in RSTR
> -------------------------------------------
>
> Key: CXF-2524
> URL: https://issues.apache.org/jira/browse/CXF-2524
> Project: CXF
> Issue Type: Bug
> Affects Versions: 2.2.4
> Reporter: Oliver Wulff
> Assignee: Daniel Kulp
> Fix For: 2.2.5
>
>
> The STSClient in CXF requires that an STS returns the Lifetime element which is optional as per WS-Trust 1.3 spec:
> [http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html]
> >>>
> 4.4 Returning a Security Token
> ...
> wst:RequestSecurityTokenResponse/wst:Lifetime
> This optional element specifies the lifetime of the issued security token. If omitted the lifetime is unspecified (not necessarily unlimited). It is RECOMMENDED that if a lifetime exists for a token that this element be included in the response.
> >>>
> STSClient.java:
> ...
> while (el != null) {
> String ln = el.getLocalName();
> if (namespace.equals(el.getNamespaceURI())) {
> if ("Lifetime".equals(ln)) {
> lte = el;
> ...
> SecurityToken token = new SecurityToken(id, rstDec, lte);
> ...
> SecurityToken.java:
> ...
> public SecurityToken(String id,
> Element tokenElem,
> Element lifetimeElem) {
> this.id = id;
> this.token = cloneElement(tokenElem);
> this.processLifeTime(lifetimeElem);
> ...
> /**
> * @param lifetimeElem
> * @throws TrustException
> */
> private void processLifeTime(Element lifetimeElem) {
> try {
> DatatypeFactory factory = DatatypeFactory.newInstance();
>
> Element createdElem =
> DOMUtils.getFirstChildWithName(lifetimeElem,
> WSConstants.WSU_NS,
> WSConstants.CREATED_LN);
> this.created = factory.newXMLGregorianCalendar(DOMUtils.getContent(createdElem))
> .toGregorianCalendar();
> Element expiresElem =
> DOMUtils.getFirstChildWithName(lifetimeElem,
> WSConstants.WSU_NS,
> WSConstants.EXPIRES_LN);
> this.expires = factory.newXMLGregorianCalendar(DOMUtils.getContent(expiresElem))
> .toGregorianCalendar();
> } catch (DatatypeConfigurationException e) {
> //shouldn't happen
> If "null" is passed to processLifeTime a NPE occurs. If the CXF internals don't depend on the lifetime the following might fix it already:
> ...
> public SecurityToken(String id,
> Element tokenElem,
> Element lifetimeElem) {
> this.id = id;
> this.token = cloneElement(tokenElem);
> if (lifetimeElem !=null) this.processLifeTime(lifetimeElem);
> ...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CXF-2524) STSClient requires Lifetime element in
RSTR
Posted by "Oliver Wulff (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-2524?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12774045#action_12774045 ]
Oliver Wulff commented on CXF-2524:
-----------------------------------
Here the NPE:
java.lang.NullPointerException
at org.apache.cxf.helpers.DOMUtils.getFirstChildWithName(DOMUtils.java:307)
at org.apache.cxf.ws.security.tokenstore.SecurityToken.processLifeTime(SecurityToken.java:181)
at org.apache.cxf.ws.security.tokenstore.SecurityToken.<init>(SecurityToken.java:160)
at org.apache.cxf.ws.security.trust.STSClient.createSecurityToken(STSClient.java:726)
at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:447)
at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:345)
at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClent.java:337)
> STSClient requires Lifetime element in RSTR
> -------------------------------------------
>
> Key: CXF-2524
> URL: https://issues.apache.org/jira/browse/CXF-2524
> Project: CXF
> Issue Type: Bug
> Affects Versions: 2.2.4
> Reporter: Oliver Wulff
>
> The STSClient in CXF requires that an STS returns the Lifetime element which is optional as per WS-Trust 1.3 spec:
> [http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html]
> >>>
> 4.4 Returning a Security Token
> ...
> wst:RequestSecurityTokenResponse/wst:Lifetime
> This optional element specifies the lifetime of the issued security token. If omitted the lifetime is unspecified (not necessarily unlimited). It is RECOMMENDED that if a lifetime exists for a token that this element be included in the response.
> >>>
> STSClient.java:
> ...
> while (el != null) {
> String ln = el.getLocalName();
> if (namespace.equals(el.getNamespaceURI())) {
> if ("Lifetime".equals(ln)) {
> lte = el;
> ...
> SecurityToken token = new SecurityToken(id, rstDec, lte);
> ...
> SecurityToken.java:
> ...
> public SecurityToken(String id,
> Element tokenElem,
> Element lifetimeElem) {
> this.id = id;
> this.token = cloneElement(tokenElem);
> this.processLifeTime(lifetimeElem);
> ...
> /**
> * @param lifetimeElem
> * @throws TrustException
> */
> private void processLifeTime(Element lifetimeElem) {
> try {
> DatatypeFactory factory = DatatypeFactory.newInstance();
>
> Element createdElem =
> DOMUtils.getFirstChildWithName(lifetimeElem,
> WSConstants.WSU_NS,
> WSConstants.CREATED_LN);
> this.created = factory.newXMLGregorianCalendar(DOMUtils.getContent(createdElem))
> .toGregorianCalendar();
> Element expiresElem =
> DOMUtils.getFirstChildWithName(lifetimeElem,
> WSConstants.WSU_NS,
> WSConstants.EXPIRES_LN);
> this.expires = factory.newXMLGregorianCalendar(DOMUtils.getContent(expiresElem))
> .toGregorianCalendar();
> } catch (DatatypeConfigurationException e) {
> //shouldn't happen
> If "null" is passed to processLifeTime a NPE occurs. If the CXF internals don't depend on the lifetime the following might fix it already:
> ...
> public SecurityToken(String id,
> Element tokenElem,
> Element lifetimeElem) {
> this.id = id;
> this.token = cloneElement(tokenElem);
> if (lifetimeElem !=null) this.processLifeTime(lifetimeElem);
> ...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CXF-2524) STSClient requires Lifetime element in
RSTR
Posted by "Oliver Wulff (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-2524?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12774068#action_12774068 ]
Oliver Wulff commented on CXF-2524:
-----------------------------------
I went through the CXF code and found only one location where SecurityToken.getExpires is called:
MemoryTokenStore.java:
>>>
protected void processTokenExpiry() {
long time = System.currentTimeMillis();
for (SecurityToken token : tokens.values()) {
if (token.getState() == State.EXPIRED
|| token.getState() == State.CANCELLED) {
if (autoRemove) {
remove(token);
}
} else if (token.getExpires() != null
&& token.getExpires().getTimeInMillis() < time) {
token.setState(SecurityToken.State.EXPIRED);
if (autoRemove) {
remove(token);
}
}
}
}
>>>
This code can handle a null value for expires and therefore it should be safe to implement the proposed fix.
> STSClient requires Lifetime element in RSTR
> -------------------------------------------
>
> Key: CXF-2524
> URL: https://issues.apache.org/jira/browse/CXF-2524
> Project: CXF
> Issue Type: Bug
> Affects Versions: 2.2.4
> Reporter: Oliver Wulff
>
> The STSClient in CXF requires that an STS returns the Lifetime element which is optional as per WS-Trust 1.3 spec:
> [http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html]
> >>>
> 4.4 Returning a Security Token
> ...
> wst:RequestSecurityTokenResponse/wst:Lifetime
> This optional element specifies the lifetime of the issued security token. If omitted the lifetime is unspecified (not necessarily unlimited). It is RECOMMENDED that if a lifetime exists for a token that this element be included in the response.
> >>>
> STSClient.java:
> ...
> while (el != null) {
> String ln = el.getLocalName();
> if (namespace.equals(el.getNamespaceURI())) {
> if ("Lifetime".equals(ln)) {
> lte = el;
> ...
> SecurityToken token = new SecurityToken(id, rstDec, lte);
> ...
> SecurityToken.java:
> ...
> public SecurityToken(String id,
> Element tokenElem,
> Element lifetimeElem) {
> this.id = id;
> this.token = cloneElement(tokenElem);
> this.processLifeTime(lifetimeElem);
> ...
> /**
> * @param lifetimeElem
> * @throws TrustException
> */
> private void processLifeTime(Element lifetimeElem) {
> try {
> DatatypeFactory factory = DatatypeFactory.newInstance();
>
> Element createdElem =
> DOMUtils.getFirstChildWithName(lifetimeElem,
> WSConstants.WSU_NS,
> WSConstants.CREATED_LN);
> this.created = factory.newXMLGregorianCalendar(DOMUtils.getContent(createdElem))
> .toGregorianCalendar();
> Element expiresElem =
> DOMUtils.getFirstChildWithName(lifetimeElem,
> WSConstants.WSU_NS,
> WSConstants.EXPIRES_LN);
> this.expires = factory.newXMLGregorianCalendar(DOMUtils.getContent(expiresElem))
> .toGregorianCalendar();
> } catch (DatatypeConfigurationException e) {
> //shouldn't happen
> If "null" is passed to processLifeTime a NPE occurs. If the CXF internals don't depend on the lifetime the following might fix it already:
> ...
> public SecurityToken(String id,
> Element tokenElem,
> Element lifetimeElem) {
> this.id = id;
> this.token = cloneElement(tokenElem);
> if (lifetimeElem !=null) this.processLifeTime(lifetimeElem);
> ...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.