cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rebecca Searls (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-5518) Setting SecurityConstants.STS_TOKEN_ACT_AS as string improper handling
Date Thu, 23 Jan 2014 21:15:38 GMT
Rebecca Searls created CXF-5518:
-----------------------------------

             Summary: Setting SecurityConstants.STS_TOKEN_ACT_AS as string improper handling
                 Key: CXF-5518
                 URL: https://issues.apache.org/jira/browse/CXF-5518
             Project: CXF
          Issue Type: Bug
          Components: JAX-RS Security
    Affects Versions: 2.7.8
            Reporter: Rebecca Searls



Using: cxf-tr-ws-security-2.7.8

The code in org.apache.cxf.ws.security.trust.AbstractSTSClient
that handles Act_As as a string requires a fully compliant XML
stmt like this,
    "<wst:ActAs xmlns:wst=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">eve</wst:ActAs>"

807   if (isString) {
808     final Document doc =
809         StaxUtils.read(new StringReader((String) delegationObject));


The documentation does not make it clear that this is the requirement.
In addition based upon existing uses of SecurityConstants it is expected
that a simple name should be acceptable in the case, for example

    SecurityConstants.STS_TOKEN_ACT_AS, "bob"




--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message