axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sundeep Garla (JIRA)" <j...@apache.org>
Subject [jira] [Created] (RAMPART-429) Invoking org.apache.rahas.Token.writeExternal(ObjectOutput) breaks token insertion when connecting to the serivce
Date Thu, 24 Sep 2015 05:03:04 GMT
Sundeep Garla created RAMPART-429:
-------------------------------------

             Summary: Invoking org.apache.rahas.Token.writeExternal(ObjectOutput) breaks token
insertion when connecting to the serivce
                 Key: RAMPART-429
                 URL: https://issues.apache.org/jira/browse/RAMPART-429
             Project: Rampart
          Issue Type: Bug
          Components: rampart-trust
    Affects Versions: 1.6.2
            Reporter: Sundeep Garla
             Fix For: 1.6.2


Hello, 

In our usecase we serialize the Rampart token into secure storage using org.apache.rahas.Token.writeExternal(ObjectOutput
out) before rampart handler executes to inject the SAML assertion into security header. Once
serialized, It breaks with the following exception:
{code:title=Error when inserting assertion into security header}
 java.util.NoSuchElementException: End of the document reached
                at org.apache.axiom.om.impl.llom.SwitchingWrapper.next(SwitchingWrapper.java:987)
                at javax.xml.stream.util.StreamReaderDelegate.next(StreamReaderDelegate.java:88)
                at org.apache.axiom.om.impl.builder.StAXOMBuilder.parserNext(StAXOMBuilder.java:668)
                at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:214)
                at org.apache.axiom.om.impl.dom.ParentNode.buildNext(ParentNode.java:89)
                at org.apache.axiom.om.impl.dom.ChildNode.getNextOMSibling(ChildNode.java:103)
                at org.apache.axiom.om.impl.dom.ChildNode.getNextSibling(ChildNode.java:113)
                at org.apache.axiom.om.impl.dom.DocumentImpl.importNode(DocumentImpl.java:403)
                at org.apache.rampart.util.RampartUtil.appendChildToSecHeader(RampartUtil.java:826)
                at org.apache.rampart.util.RampartUtil.insertSiblingAfter(RampartUtil.java:834)
                at org.apache.rampart.builder.BindingBuilder.handleSupportingTokens(BindingBuilder.java:380)
                at org.apache.rampart.builder.TransportBindingBuilder.build(TransportBindingBuilder.java:148)
                at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:140)
                at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
                at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
                at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
                at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
                at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:427)
                at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)
                at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
                at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
                at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:555)
                at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:531)
{code}

The above error reported in JIRA's:
# https://issues.apache.org/jira/browse/AXIOM-439
# https://issues.apache.org/jira/browse/RAMPART-392

This is because of method:
{code:title=org.apache.rahas.Token.java|borderStyle=solid}
private String convertOMElementToString(OMElement element)
        throws IOException {
        String serializedToken = "";

        if (null == element) {
            return serializedToken;
        }

 try {
            serializedToken = element.toStringWithConsume();
        } catch (XMLStreamException e) {
            throw new IOException("Could not serialize token OM element");
        }
        return serializedToken;
    }
{code}

Invoking toStringWithConsume() causes the errors when RampartHandler tries to access the object
model to insert <Assertion> into security header. 

I have patched the above code to invoke OMElement.toString() instead of toStringWithConsume()
modified source as below:

{code:title=org.apache.rahas.Token.java|borderStyle=solid}
    private String convertOMElementToString(OMElement element)
        throws IOException {
        String serializedToken = "";

        if (null == element) {
            return serializedToken;
        }

        serializedToken = element.toString();

        return serializedToken;
    }

{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message