ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (WSS-286) Evidence element not present in SAML AuthzDecisionStatement
Date Fri, 03 Jun 2011 16:40:49 GMT

     [ https://issues.apache.org/jira/browse/WSS-286?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh closed WSS-286.
-----------------------------------


> Evidence element not present in SAML AuthzDecisionStatement
> -----------------------------------------------------------
>
>                 Key: WSS-286
>                 URL: https://issues.apache.org/jira/browse/WSS-286
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core, WSS4J Handlers
>    Affects Versions: 1.6
>         Environment: CXF 2.4.0, WS4J 1.6.0, Windows XP, Apache Tomcat 7.0.5
>            Reporter: David Morris
>            Assignee: Colm O hEigeartaigh
>             Fix For: 1.6.1
>
>         Attachments: SAML2ComponentBuilder.java
>
>   Original Estimate: 48h
>  Remaining Estimate: 48h
>
> Running SOAPUI test, the SAML AuthzDecisionStatement evidence element is not present.
The code worked with openSAML2.0 and CXF 2.3.x (via interceptors) before SAMLCallBackHandler
in CXF 2.4.0. Resolved issue below example.
> Example:
>  
>  <saml2:AuthzDecisionStatement>
>     <saml2:Action.../>
>     <saml2:Evidence...> <!-this is missing -- >
>         <saml2:Assertion...>
>     </saml2:Evidence>
>  </saml2:AuthzDecisionStatement>
>  //Build Evidence
>  EvidenceBuilder evidenceBuilder = new EvidenceBuilder(); Evidence 
>  evidence = evidenceBuilder.buildObject();
>  
>  //Build assertion for Evidence
>  AssertionBuilder assertionBuilder = new AssertionBuilder(); Assertion 
>  assertion = assertionBuilder.buildObject(); 
>  assertion.setVersion(SAMLVersion.VERSION_20); 
>  ...
>  authDecisionStatementBean.setEvidence(evidence);
> Resolution updated the createAuthorizationDecisionStatement method in org.apache.ws.security.saml.ext.builder.SAML2ComponentBuilder:
>  
>      /**
>      * Create SAML2 AuthorizationDecisionStatement(s)
>      *
>      * @param decisionData A list of AuthDecisionStatementBean instances
>      * @return SAML2 AuthorizationDecisionStatement(s)
>      */
>     @SuppressWarnings("unchecked")
>     public static List<AuthzDecisionStatement> createAuthorizationDecisionStatement(
>         List<AuthDecisionStatementBean> decisionData
>     ) {
>     	
>         List<AuthzDecisionStatement> authDecisionStatements = new ArrayList();
>         if (authorizationDecisionStatementBuilder == null) {
>             authorizationDecisionStatementBuilder = 
>                 (SAMLObjectBuilder<AuthzDecisionStatement>)
>                     builderFactory.getBuilder(AuthzDecisionStatement.DEFAULT_ELEMENT_NAME);
>         }
>         if (decisionData != null && decisionData.size() > 0) {
>             for (AuthDecisionStatementBean decisionStatementBean : decisionData) {
>                 AuthzDecisionStatement authDecision = 
>                     authorizationDecisionStatementBuilder.buildObject();
>                 authDecision.setResource(decisionStatementBean.getResource());
>                 authDecision.setDecision(
>                     transformDecisionType(decisionStatementBean.getDecision())
>                 );
>                 for (ActionBean actionBean : decisionStatementBean.getActions()) {
>                       Action actionElement = createSamlAction(actionBean);
>                     authDecision.getActions().add(actionElement);
>                 }
>                 
>                 //Check for Evidence
>                 if (decisionStatementBean.getEvidence()!=null && decisionStatementBean.getEvidence()
instanceof Evidence)
>                 {
>                     authDecision.setEvidence((Evidence)decisionStatementBean.getEvidence());
>                 }
>                 
>                 authDecisionStatements.add(authDecision);
>             }
>         }
>         return authDecisionStatements;
>     }

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message