[CXF-5519] Setting SecurityConstants.STS_TOKEN_ACT_AS as CallbackHander requires better documentation. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.0.0-milestone1, 2.7.8
Fix Version/s: 2.6.12, 2.7.9, 3.0.0-milestone2
Component/s: Documentation, JAX-RS Security
Labels:
None

Estimated Complexity:
Unknown

Description

Using: cxf-tr-ws-security-2.7.8

The current documentation states that SecurityConstants.STS_TOKEN_ACT_AS
declared with "a CallbackHandler object to use to obtain the token"

A very specific CallbackHandler implementation is required. It MUST be
an implementation that supports processing DelegationCallback as input and
generating a org.w3c.dom.Element.

Existing examples are
org.apache.cxf.ws.security.trust.delegation.ReceivedTokenCallbackHandler
org.apache.cxf.ws.security.trust.delegation.WSSUsernameCallbackHandler

The code in org.apache.cxf.ws.security.trust.AbstractSTSClient requires this.

814 DelegationCallback callback = new DelegationCallback(message);
815 ((CallbackHandler)delegationObject).handle(new Callback[]

{callback}

);
816 return callback.getToken();

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Rebecca Searls

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 23/Jan/14 21:16

Updated:: 11/Jul/14 12:50

Resolved:: 24/Jan/14 11:59