Rebecca Searls created CXF-5518:
-----------------------------------
Summary: Setting SecurityConstants.STS_TOKEN_ACT_AS as string
improper handling
Key: CXF-5518
URL: https://issues.apache.org/jira/browse/CXF-5518
Project: CXF
Issue Type: Bug
Components: JAX-RS Security
Affects Versions: 2.7.8
Reporter: Rebecca Searls
Using: cxf-tr-ws-security-2.7.8
The code in org.apache.cxf.ws.security.trust.AbstractSTSClient
that handles Act_As as a string requires a fully compliant XML
stmt like this,
"<wst:ActAs
xmlns:wst=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\";>eve</wst:ActAs>"
807 if (isString) {
808 final Document doc =
809 StaxUtils.read(new StringReader((String) delegationObject));
The documentation does not make it clear that this is the requirement.
In addition based upon existing uses of SecurityConstants it is expected
that a simple name should be acceptable in the case, for example
SecurityConstants.STS_TOKEN_ACT_AS, "bob"
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
