cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrei Shakirin (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (CXF-6859) STSTokenValidator: logging and exception handling improvement
Date Tue, 12 Apr 2016 19:33:25 GMT

     [ https://issues.apache.org/jira/browse/CXF-6859?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Andrei Shakirin closed CXF-6859.
--------------------------------

> STSTokenValidator: logging and exception handling improvement
> -------------------------------------------------------------
>
>                 Key: CXF-6859
>                 URL: https://issues.apache.org/jira/browse/CXF-6859
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS Security
>    Affects Versions: 3.1.6
>            Reporter: Andrei Shakirin
>            Assignee: Andrei Shakirin
>             Fix For: 3.2.0
>
>
> The STSTokenValidator doesn't log the reason of authentication error in case of local
validation.
> The STSTokenValidator tries to validate token locally and, in case if it wasn't successful,
delegate the validation to STS:
>     public Credential validate(Credential credential, RequestData data) throws WSSecurityException
{
>        
>         if (isValidatedLocally(credential, data)) {
>             return credential;
>         }
>         
>         return validateWithSTS(credential, (Message)data.getMsgContext());
>     }
> That causes a bit confusing error messages in log, if user rely on local validation only.

> For example, if STS certificate is missing in service keystore it throws:
> WARNING: Assertion can not be validated: java.lang.NullPointerException
> 	at org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(SecurityUtils.java:170)
> 	at org.apache.cxf.ws.security.trust.STSUtils.getClientWithIssuer(STSUtils.java:106)
> 	at org.apache.cxf.ws.security.trust.STSUtils.getClient(STSUtils.java:92)
> 	at org.apache.cxf.ws.security.trust.STSTokenValidator.validateWithSTS(STSTokenValidator.java:128)
> 	at org.apache.cxf.ws.security.trust.STSTokenValidator.validate(STSTokenValidator.java:80)
> 	at org.apache.cxf.rs.security.saml.AbstractSamlInHandler.validateToken(AbstractSamlInHandler.java:181)
> Then, to find a real reason of failed local validation it is necessary to debug the code.
> Suggestion: in case if alwaysValidateToSts is false (default value) log the reason of
failed local validation on warning level.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message