RE: SAMLCallBackHandler callback.setAuthDecisionStatementData

Wed, 18 May 2011 12:17:30 -0700 

Resolved issue. Need committer to create JIRA issue, review and update WS4J 
1.6.x. (Colm?) - Thanks!!

Changed the following method in org.apache.ws.security.saml.ext.builder. 
SAML2ComponentBuilder

    /**
     * Create SAML2 AuthorizationDecisionStatement(s)
     *
     * @param decisionData A list of AuthDecisionStatementBean instances
     * @return SAML2 AuthorizationDecisionStatement(s)
     */
    @SuppressWarnings("unchecked")
    public static List<AuthzDecisionStatement> 
createAuthorizationDecisionStatement(
        List<AuthDecisionStatementBean> decisionData
    ) {

        List<AuthzDecisionStatement> authDecisionStatements = new ArrayList();
        if (authorizationDecisionStatementBuilder == null) {
            authorizationDecisionStatementBuilder =
                (SAMLObjectBuilder<AuthzDecisionStatement>)
                    
builderFactory.getBuilder(AuthzDecisionStatement.DEFAULT_ELEMENT_NAME);
        }

        if (decisionData != null && decisionData.size() > 0) {
            for (AuthDecisionStatementBean decisionStatementBean : 
decisionData) {
                AuthzDecisionStatement authDecision =
                    authorizationDecisionStatementBuilder.buildObject();
                authDecision.setResource(decisionStatementBean.getResource());
                authDecision.setDecision(
                    transformDecisionType(decisionStatementBean.getDecision())
                );

                for (ActionBean actionBean : 
decisionStatementBean.getActions()) {
                      Action actionElement = createSamlAction(actionBean);
                    authDecision.getActions().add(actionElement);
                }

                //Check for Evidence - Dave Morris
                if (decisionStatementBean.getEvidence()!=null && 
decisionStatementBean.getEvidence() instanceof Evidence)
                {
                    
authDecision.setEvidence((Evidence)decisionStatementBean.getEvidence());
                }

                authDecisionStatements.add(authDecision);
            }
        }

        return authDecisionStatements;
    }



From: Morris Jr, David P
Sent: Wednesday, May 18, 2011 2:08 PM
To: [email protected]
Subject: SAMLCallBackHandler callback.setAuthDecisionStatementData

Running SOAPUI test, the evidence element is not present. I may need an 
example. The code did work with openSAML2.0 and CXF 2.3.x (via interceptors) 
before SAMLCallBackHandler in CXF 2.4.0 -Thanks!

<saml2:AuthzDecisionStatement>
   <saml2:Action.../>
   <saml2:Evidence...> <!-this is missing -- >
       <saml2:Assertion...>
   </saml2:Evidence>
</saml2:AuthzDecisionStatement>

Environment: CXF 2.4.0, WS4J 1.6.0, Windows XP, Apache Tomcat 7.0.5

Code snippet:

//Build Evidence
EvidenceBuilder evidenceBuilder = new EvidenceBuilder();
Evidence evidence = evidenceBuilder.buildObject();

//Build assertion for Evidence
AssertionBuilder assertionBuilder = new AssertionBuilder();
Assertion assertion = assertionBuilder.buildObject();
assertion.setVersion(SAMLVersion.VERSION_20);

...
authDecisionStatementBean.setEvidence(evidence);

Reply via email to