[CXF-5520] Setting SecurityConstants.STS_TOKEN_ON_BEHALF_OF as string improper handling - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.0.0-milestone1, 2.7.8
Fix Version/s: 2.6.12, 2.7.9, 3.0.0-milestone2
Component/s: JAX-RS Security
Labels:
None

Estimated Complexity:
Unknown

Description

Using: cxf-tr-ws-security-2.7.8

The code in org.apache.cxf.ws.security.trust.AbstractSTSClient
that handles OnBehalfOf as a string requires a fully compliant XML
stmt like this,
"<wst:OnBehalfOf xmlns:wst=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">eve</wst:OnBehalfOf>"

807 if (isString) {
808 final Document doc =
809 StaxUtils.read(new StringReader((String) delegationObject));

The documentation does not make it clear that this is the requirement.
In addition based upon existing uses of SecurityConstants it is expected
that a simple name should be acceptable in the case, for example

SecurityConstants.STS_TOKEN_ON_BEHALF_OF, "bob"

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Rebecca Searls

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 23/Jan/14 21:24

Updated:: 11/Jul/14 12:51

Resolved:: 24/Jan/14 11:59