ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Morris (JIRA)" <j...@apache.org>
Subject [jira] [Created] (WSS-286) Evidence element not present in SAML AuthzDecisionStatement
Date Thu, 19 May 2011 12:30:48 GMT
Evidence element not present in SAML AuthzDecisionStatement
-----------------------------------------------------------

                 Key: WSS-286
                 URL: https://issues.apache.org/jira/browse/WSS-286
             Project: WSS4J
          Issue Type: Bug
          Components: WSS4J Core, WSS4J Handlers
    Affects Versions: 1.6
         Environment: CXF 2.4.0, WS4J 1.6.0, Windows XP, Apache Tomcat 7.0.5
            Reporter: David Morris
            Assignee: Colm O hEigeartaigh
             Fix For: 1.6.1


Running SOAPUI test, the SAML AuthzDecisionStatement evidence element is not present. The
code worked with openSAML2.0 and CXF 2.3.x (via interceptors) before SAMLCallBackHandler in
CXF 2.4.0. Resolved issue below example.

Example:
 
 <saml2:AuthzDecisionStatement>
    <saml2:Action.../>
    <saml2:Evidence...> <!-this is missing -- >
        <saml2:Assertion...>
    </saml2:Evidence>
 </saml2:AuthzDecisionStatement>

 //Build Evidence
 EvidenceBuilder evidenceBuilder = new EvidenceBuilder(); Evidence 
 evidence = evidenceBuilder.buildObject();
 
 //Build assertion for Evidence
 AssertionBuilder assertionBuilder = new AssertionBuilder(); Assertion 
 assertion = assertionBuilder.buildObject(); 
 assertion.setVersion(SAMLVersion.VERSION_20); 
 ...
 authDecisionStatementBean.setEvidence(evidence);

Resolution updated the createAuthorizationDecisionStatement method in org.apache.ws.security.saml.ext.builder.SAML2ComponentBuilder:
 
     /**
     * Create SAML2 AuthorizationDecisionStatement(s)
     *
     * @param decisionData A list of AuthDecisionStatementBean instances
     * @return SAML2 AuthorizationDecisionStatement(s)
     */
    @SuppressWarnings("unchecked")
    public static List<AuthzDecisionStatement> createAuthorizationDecisionStatement(
        List<AuthDecisionStatementBean> decisionData
    ) {
    	
        List<AuthzDecisionStatement> authDecisionStatements = new ArrayList();
        if (authorizationDecisionStatementBuilder == null) {
            authorizationDecisionStatementBuilder = 
                (SAMLObjectBuilder<AuthzDecisionStatement>)
                    builderFactory.getBuilder(AuthzDecisionStatement.DEFAULT_ELEMENT_NAME);
        }

        if (decisionData != null && decisionData.size() > 0) {
            for (AuthDecisionStatementBean decisionStatementBean : decisionData) {
                AuthzDecisionStatement authDecision = 
                    authorizationDecisionStatementBuilder.buildObject();
                authDecision.setResource(decisionStatementBean.getResource());
                authDecision.setDecision(
                    transformDecisionType(decisionStatementBean.getDecision())
                );

                for (ActionBean actionBean : decisionStatementBean.getActions()) {
                      Action actionElement = createSamlAction(actionBean);
                    authDecision.getActions().add(actionElement);
                }
                
                //Check for Evidence
                if (decisionStatementBean.getEvidence()!=null && decisionStatementBean.getEvidence()
instanceof Evidence)
                {
                    authDecision.setEvidence((Evidence)decisionStatementBean.getEvidence());
                }
                
                authDecisionStatements.add(authDecision);
            }
        }

        return authDecisionStatements;
    }


--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message