cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (Commented) (JIRA)" <>
Subject [jira] [Commented] (CXF-3928) Add token validation for OnBehalfOf element in TokenIssueOperation
Date Fri, 25 Nov 2011 15:51:40 GMT


Colm O hEigeartaigh commented on CXF-3928:

Hi Oli,

No major objections. I would maybe put the TokenValidator list into AbstractOperation as per
the TokenProvider list. Also consider putting the OnBehalfOf validation code you added into
a separate method or class.

> Add token validation for OnBehalfOf element in TokenIssueOperation
> ------------------------------------------------------------------
>                 Key: CXF-3928
>                 URL:
>             Project: CXF
>          Issue Type: Improvement
>          Components: Services
>    Affects Versions: 2.5
>            Reporter: Oliver Wulff
>         Attachments: git.diff.patch
> Tokens passed in OnBehalfOf element are not validated. It's the responsibility of the
TokenProvider implementation to validate that.
> A proposal has been discussed here:
> OnBehalfOf token validation is moved to the TokenIssueOperation and the ReceivedToken
is enhanced with the following attributes:
> - was it a token of ws-security header (like ReceivedToken), onbehalfof, actas
> - successfully validated (it could be a token which depends on other constraints to be
fully accepted)
> - original DOM element
> - transformed DOM element (used if the token is passed by ref, also supported by SAML
> - principal (mostly, you only need the principal to issue a new token)

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message