|
»
»
[jira] Created: (CXF-2524) STSClient requires Lifetime element in RSTR
|
View:
New views
4 Messages
—
Rating Filter:
Alert me
|
 |
[jira] Created: (CXF-2524) STSClient requires Lifetime element in RSTR
by JIRA jira@apache.org
::
Rate this Message:
STSClient requires Lifetime element in RSTR
------------------------------------------- Key: CXF-2524 URL: https://issues.apache.org/jira/browse/CXF-2524 Project: CXF Issue Type: Bug Affects Versions: 2.2.4 Reporter: Oliver Wulff The STSClient in CXF requires that an STS returns the Lifetime element which is optional as per WS-Trust 1.3 spec: [http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html] >>> 4.4 Returning a Security Token ... wst:RequestSecurityTokenResponse/wst:Lifetime This optional element specifies the lifetime of the issued security token. If omitted the lifetime is unspecified (not necessarily unlimited). It is RECOMMENDED that if a lifetime exists for a token that this element be included in the response. >>> STSClient.java: ... while (el != null) { String ln = el.getLocalName(); if (namespace.equals(el.getNamespaceURI())) { if ("Lifetime".equals(ln)) { lte = el; ... SecurityToken token = new SecurityToken(id, rstDec, lte); ... SecurityToken.java: ... public SecurityToken(String id, Element tokenElem, Element lifetimeElem) { this.id = id; this.token = cloneElement(tokenElem); this.processLifeTime(lifetimeElem); ... /** * @param lifetimeElem * @throws TrustException */ private void processLifeTime(Element lifetimeElem) { try { DatatypeFactory factory = DatatypeFactory.newInstance(); Element createdElem = DOMUtils.getFirstChildWithName(lifetimeElem, WSConstants.WSU_NS, WSConstants.CREATED_LN); this.created = factory.newXMLGregorianCalendar(DOMUtils.getContent(createdElem)) .toGregorianCalendar(); Element expiresElem = DOMUtils.getFirstChildWithName(lifetimeElem, WSConstants.WSU_NS, WSConstants.EXPIRES_LN); this.expires = factory.newXMLGregorianCalendar(DOMUtils.getContent(expiresElem)) .toGregorianCalendar(); } catch (DatatypeConfigurationException e) { //shouldn't happen If "null" is passed to processLifeTime a NPE occurs. If the CXF internals don't depend on the lifetime the following might fix it already: ... public SecurityToken(String id, Element tokenElem, Element lifetimeElem) { this.id = id; this.token = cloneElement(tokenElem); if (lifetimeElem !=null) this.processLifeTime(lifetimeElem); ... -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
|
|
[jira] Commented: (CXF-2524) STSClient requires Lifetime element in RSTR
by JIRA jira@apache.org
::
Rate this Message:
[ https://issues.apache.org/jira/browse/CXF-2524?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12774045#action_12774045 ] Oliver Wulff commented on CXF-2524: ----------------------------------- Here the NPE: java.lang.NullPointerException at org.apache.cxf.helpers.DOMUtils.getFirstChildWithName(DOMUtils.java:307) at org.apache.cxf.ws.security.tokenstore.SecurityToken.processLifeTime(SecurityToken.java:181) at org.apache.cxf.ws.security.tokenstore.SecurityToken.<init>(SecurityToken.java:160) at org.apache.cxf.ws.security.trust.STSClient.createSecurityToken(STSClient.java:726) at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:447) at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:345) at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClent.java:337) > STSClient requires Lifetime element in RSTR > ------------------------------------------- > > Key: CXF-2524 > URL: https://issues.apache.org/jira/browse/CXF-2524 > Project: CXF > Issue Type: Bug > Affects Versions: 2.2.4 > Reporter: Oliver Wulff > > The STSClient in CXF requires that an STS returns the Lifetime element which is optional as per WS-Trust 1.3 spec: > [http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html] > >>> > 4.4 Returning a Security Token > ... > wst:RequestSecurityTokenResponse/wst:Lifetime > This optional element specifies the lifetime of the issued security token. If omitted the lifetime is unspecified (not necessarily unlimited). It is RECOMMENDED that if a lifetime exists for a token that this element be included in the response. > >>> > STSClient.java: > ... > while (el != null) { > String ln = el.getLocalName(); > if (namespace.equals(el.getNamespaceURI())) { > if ("Lifetime".equals(ln)) { > lte = el; > ... > SecurityToken token = new SecurityToken(id, rstDec, lte); > ... > SecurityToken.java: > ... > public SecurityToken(String id, > Element tokenElem, > Element lifetimeElem) { > this.id = id; > this.token = cloneElement(tokenElem); > this.processLifeTime(lifetimeElem); > ... > /** > * @param lifetimeElem > * @throws TrustException > */ > private void processLifeTime(Element lifetimeElem) { > try { > DatatypeFactory factory = DatatypeFactory.newInstance(); > > Element createdElem = > DOMUtils.getFirstChildWithName(lifetimeElem, > WSConstants.WSU_NS, > WSConstants.CREATED_LN); > this.created = factory.newXMLGregorianCalendar(DOMUtils.getContent(createdElem)) > .toGregorianCalendar(); > Element expiresElem = > DOMUtils.getFirstChildWithName(lifetimeElem, > WSConstants.WSU_NS, > WSConstants.EXPIRES_LN); > this.expires = factory.newXMLGregorianCalendar(DOMUtils.getContent(expiresElem)) > .toGregorianCalendar(); > } catch (DatatypeConfigurationException e) { > //shouldn't happen > If "null" is passed to processLifeTime a NPE occurs. If the CXF internals don't depend on the lifetime the following might fix it already: > ... > public SecurityToken(String id, > Element tokenElem, > Element lifetimeElem) { > this.id = id; > this.token = cloneElement(tokenElem); > if (lifetimeElem !=null) this.processLifeTime(lifetimeElem); > ... -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
|
|
[jira] Commented: (CXF-2524) STSClient requires Lifetime element in RSTR
by JIRA jira@apache.org
::
Rate this Message:
[ https://issues.apache.org/jira/browse/CXF-2524?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12774068#action_12774068 ] Oliver Wulff commented on CXF-2524: ----------------------------------- I went through the CXF code and found only one location where SecurityToken.getExpires is called: MemoryTokenStore.java: >>> protected void processTokenExpiry() { long time = System.currentTimeMillis(); for (SecurityToken token : tokens.values()) { if (token.getState() == State.EXPIRED || token.getState() == State.CANCELLED) { if (autoRemove) { remove(token); } } else if (token.getExpires() != null && token.getExpires().getTimeInMillis() < time) { token.setState(SecurityToken.State.EXPIRED); if (autoRemove) { remove(token); } } } } >>> This code can handle a null value for expires and therefore it should be safe to implement the proposed fix. > STSClient requires Lifetime element in RSTR > ------------------------------------------- > > Key: CXF-2524 > URL: https://issues.apache.org/jira/browse/CXF-2524 > Project: CXF > Issue Type: Bug > Affects Versions: 2.2.4 > Reporter: Oliver Wulff > > The STSClient in CXF requires that an STS returns the Lifetime element which is optional as per WS-Trust 1.3 spec: > [http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html] > >>> > 4.4 Returning a Security Token > ... > wst:RequestSecurityTokenResponse/wst:Lifetime > This optional element specifies the lifetime of the issued security token. If omitted the lifetime is unspecified (not necessarily unlimited). It is RECOMMENDED that if a lifetime exists for a token that this element be included in the response. > >>> > STSClient.java: > ... > while (el != null) { > String ln = el.getLocalName(); > if (namespace.equals(el.getNamespaceURI())) { > if ("Lifetime".equals(ln)) { > lte = el; > ... > SecurityToken token = new SecurityToken(id, rstDec, lte); > ... > SecurityToken.java: > ... > public SecurityToken(String id, > Element tokenElem, > Element lifetimeElem) { > this.id = id; > this.token = cloneElement(tokenElem); > this.processLifeTime(lifetimeElem); > ... > /** > * @param lifetimeElem > * @throws TrustException > */ > private void processLifeTime(Element lifetimeElem) { > try { > DatatypeFactory factory = DatatypeFactory.newInstance(); > > Element createdElem = > DOMUtils.getFirstChildWithName(lifetimeElem, > WSConstants.WSU_NS, > WSConstants.CREATED_LN); > this.created = factory.newXMLGregorianCalendar(DOMUtils.getContent(createdElem)) > .toGregorianCalendar(); > Element expiresElem = > DOMUtils.getFirstChildWithName(lifetimeElem, > WSConstants.WSU_NS, > WSConstants.EXPIRES_LN); > this.expires = factory.newXMLGregorianCalendar(DOMUtils.getContent(expiresElem)) > .toGregorianCalendar(); > } catch (DatatypeConfigurationException e) { > //shouldn't happen > If "null" is passed to processLifeTime a NPE occurs. If the CXF internals don't depend on the lifetime the following might fix it already: > ... > public SecurityToken(String id, > Element tokenElem, > Element lifetimeElem) { > this.id = id; > this.token = cloneElement(tokenElem); > if (lifetimeElem !=null) this.processLifeTime(lifetimeElem); > ... -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
|
|
[jira] Resolved: (CXF-2524) STSClient requires Lifetime element in RSTR
by JIRA jira@apache.org
::
Rate this Message:
[ https://issues.apache.org/jira/browse/CXF-2524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Kulp resolved CXF-2524. ------------------------------ Resolution: Fixed Fix Version/s: 2.2.5 Assignee: Daniel Kulp > STSClient requires Lifetime element in RSTR > ------------------------------------------- > > Key: CXF-2524 > URL: https://issues.apache.org/jira/browse/CXF-2524 > Project: CXF > Issue Type: Bug > Affects Versions: 2.2.4 > Reporter: Oliver Wulff > Assignee: Daniel Kulp > Fix For: 2.2.5 > > > The STSClient in CXF requires that an STS returns the Lifetime element which is optional as per WS-Trust 1.3 spec: > [http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html] > >>> > 4.4 Returning a Security Token > ... > wst:RequestSecurityTokenResponse/wst:Lifetime > This optional element specifies the lifetime of the issued security token. If omitted the lifetime is unspecified (not necessarily unlimited). It is RECOMMENDED that if a lifetime exists for a token that this element be included in the response. > >>> > STSClient.java: > ... > while (el != null) { > String ln = el.getLocalName(); > if (namespace.equals(el.getNamespaceURI())) { > if ("Lifetime".equals(ln)) { > lte = el; > ... > SecurityToken token = new SecurityToken(id, rstDec, lte); > ... > SecurityToken.java: > ... > public SecurityToken(String id, > Element tokenElem, > Element lifetimeElem) { > this.id = id; > this.token = cloneElement(tokenElem); > this.processLifeTime(lifetimeElem); > ... > /** > * @param lifetimeElem > * @throws TrustException > */ > private void processLifeTime(Element lifetimeElem) { > try { > DatatypeFactory factory = DatatypeFactory.newInstance(); > > Element createdElem = > DOMUtils.getFirstChildWithName(lifetimeElem, > WSConstants.WSU_NS, > WSConstants.CREATED_LN); > this.created = factory.newXMLGregorianCalendar(DOMUtils.getContent(createdElem)) > .toGregorianCalendar(); > Element expiresElem = > DOMUtils.getFirstChildWithName(lifetimeElem, > WSConstants.WSU_NS, > WSConstants.EXPIRES_LN); > this.expires = factory.newXMLGregorianCalendar(DOMUtils.getContent(expiresElem)) > .toGregorianCalendar(); > } catch (DatatypeConfigurationException e) { > //shouldn't happen > If "null" is passed to processLifeTime a NPE occurs. If the CXF internals don't depend on the lifetime the following might fix it already: > ... > public SecurityToken(String id, > Element tokenElem, > Element lifetimeElem) { > this.id = id; > this.token = cloneElement(tokenElem); > if (lifetimeElem !=null) this.processLifeTime(lifetimeElem); > ... -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
| Free embeddable forum powered by Nabble | Forum Help |
