[jira] [Created] (WSS-286) Evidence element not present in SAML AuthzDecisionStatement

Thu, 19 May 2011 05:31:35 -0700 

Evidence element not present in SAML AuthzDecisionStatement
-----------------------------------------------------------

                 Key: WSS-286
                 URL: https://issues.apache.org/jira/browse/WSS-286
             Project: WSS4J
          Issue Type: Bug
          Components: WSS4J Core, WSS4J Handlers
    Affects Versions: 1.6
         Environment: CXF 2.4.0, WS4J 1.6.0, Windows XP, Apache Tomcat 7.0.5
            Reporter: David Morris
            Assignee: Colm O hEigeartaigh
             Fix For: 1.6.1


Running SOAPUI test, the SAML AuthzDecisionStatement evidence element is not 
present. The code worked with openSAML2.0 and CXF 2.3.x (via interceptors) 
before SAMLCallBackHandler in CXF 2.4.0. Resolved issue below example.

Example:
 
 <saml2:AuthzDecisionStatement>
    <saml2:Action.../>
    <saml2:Evidence...> <!-this is missing -- >
        <saml2:Assertion...>
    </saml2:Evidence>
 </saml2:AuthzDecisionStatement>

 //Build Evidence
 EvidenceBuilder evidenceBuilder = new EvidenceBuilder(); Evidence 
 evidence = evidenceBuilder.buildObject();
 
 //Build assertion for Evidence
 AssertionBuilder assertionBuilder = new AssertionBuilder(); Assertion 
 assertion = assertionBuilder.buildObject(); 
 assertion.setVersion(SAMLVersion.VERSION_20); 
 ...
 authDecisionStatementBean.setEvidence(evidence);

Resolution updated the createAuthorizationDecisionStatement method in 
org.apache.ws.security.saml.ext.builder.SAML2ComponentBuilder:
 
     /**
     * Create SAML2 AuthorizationDecisionStatement(s)
     *
     * @param decisionData A list of AuthDecisionStatementBean instances
     * @return SAML2 AuthorizationDecisionStatement(s)
     */
    @SuppressWarnings("unchecked")
    public static List<AuthzDecisionStatement> 
createAuthorizationDecisionStatement(
        List<AuthDecisionStatementBean> decisionData
    ) {
        
        List<AuthzDecisionStatement> authDecisionStatements = new ArrayList();
        if (authorizationDecisionStatementBuilder == null) {
            authorizationDecisionStatementBuilder = 
                (SAMLObjectBuilder<AuthzDecisionStatement>)
                    
builderFactory.getBuilder(AuthzDecisionStatement.DEFAULT_ELEMENT_NAME);
        }

        if (decisionData != null && decisionData.size() > 0) {
            for (AuthDecisionStatementBean decisionStatementBean : 
decisionData) {
                AuthzDecisionStatement authDecision = 
                    authorizationDecisionStatementBuilder.buildObject();
                authDecision.setResource(decisionStatementBean.getResource());
                authDecision.setDecision(
                    transformDecisionType(decisionStatementBean.getDecision())
                );

                for (ActionBean actionBean : 
decisionStatementBean.getActions()) {
                      Action actionElement = createSamlAction(actionBean);
                    authDecision.getActions().add(actionElement);
                }
                
                //Check for Evidence
                if (decisionStatementBean.getEvidence()!=null && 
decisionStatementBean.getEvidence() instanceof Evidence)
                {
                    
authDecision.setEvidence((Evidence)decisionStatementBean.getEvidence());
                }
                
                authDecisionStatements.add(authDecision);
            }
        }

        return authDecisionStatements;
    }


--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to