cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oliver Wulff (JIRA)" <j...@apache.org>
Subject [jira] Created: (CXF-2524) STSClient requires Lifetime element in RSTR
Date Thu, 05 Nov 2009 19:32:32 GMT
STSClient requires Lifetime element in RSTR
-------------------------------------------

                 Key: CXF-2524
                 URL: https://issues.apache.org/jira/browse/CXF-2524
             Project: CXF
          Issue Type: Bug
    Affects Versions: 2.2.4
            Reporter: Oliver Wulff


The STSClient in CXF requires that an STS returns the Lifetime element which is optional as
per WS-Trust 1.3 spec:
[http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html]
>>>
4.4 Returning a Security Token
...
wst:RequestSecurityTokenResponse/wst:Lifetime
This optional element specifies the lifetime of the issued security token.  If omitted the
lifetime is unspecified (not necessarily unlimited).  It is RECOMMENDED that if a lifetime
exists for a token that this element be included in the response.
>>>

STSClient.java:
...
        while (el != null) {
            String ln = el.getLocalName();
            if (namespace.equals(el.getNamespaceURI())) {
                if ("Lifetime".equals(ln)) {
                    lte = el;
...
        SecurityToken token = new SecurityToken(id, rstDec, lte);
...

SecurityToken.java:
...
    public SecurityToken(String id,
                 Element tokenElem,
                 Element lifetimeElem) {
        this.id = id;
        this.token = cloneElement(tokenElem);
        this.processLifeTime(lifetimeElem);
...
    /**
     * @param lifetimeElem
     * @throws TrustException 
     */
    private void processLifeTime(Element lifetimeElem) {
        try {
            DatatypeFactory factory = DatatypeFactory.newInstance();
            
            Element createdElem = 
                DOMUtils.getFirstChildWithName(lifetimeElem,
                                                WSConstants.WSU_NS,
                                                WSConstants.CREATED_LN);
            this.created = factory.newXMLGregorianCalendar(DOMUtils.getContent(createdElem))
                .toGregorianCalendar();

            Element expiresElem = 
                DOMUtils.getFirstChildWithName(lifetimeElem,
                                                WSConstants.WSU_NS,
                                                WSConstants.EXPIRES_LN);
            this.expires = factory.newXMLGregorianCalendar(DOMUtils.getContent(expiresElem))
                .toGregorianCalendar();
        } catch (DatatypeConfigurationException e) {
            //shouldn't happen

If "null" is passed to processLifeTime a NPE occurs. If the CXF internals don't depend on
the lifetime the following might fix it already:
...
    public SecurityToken(String id,
                 Element tokenElem,
                 Element lifetimeElem) {
        this.id = id;
        this.token = cloneElement(tokenElem);
        if (lifetimeElem !=null) this.processLifeTime(lifetimeElem);
...


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message