Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-5520

Setting SecurityConstants.STS_TOKEN_ON_BEHALF_OF as string improper handling

    XMLWordPrintableJSON

    Details

    • Estimated Complexity:
      Unknown

      Description

      Using: cxf-tr-ws-security-2.7.8

      The code in org.apache.cxf.ws.security.trust.AbstractSTSClient
      that handles OnBehalfOf as a string requires a fully compliant XML
      stmt like this,
      "<wst:OnBehalfOf xmlns:wst=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">eve</wst:OnBehalfOf>"

      807 if (isString) {
      808 final Document doc =
      809 StaxUtils.read(new StringReader((String) delegationObject));

      The documentation does not make it clear that this is the requirement.
      In addition based upon existing uses of SecurityConstants it is expected
      that a simple name should be acceptable in the case, for example

      SecurityConstants.STS_TOKEN_ON_BEHALF_OF, "bob"

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              rsearls Rebecca Searls
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: