[jira] [Updated] (CXF-5518) Setting SecurityConstants.STS_TOKEN_ACT_AS as string improper handling

Thu, 23 Jan 2014 13:18:01 -0800 

     [ 
https://issues.apache.org/jira/browse/CXF-5518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Rebecca Searls updated CXF-5518:
--------------------------------

          Description: 
Using: cxf-tr-ws-security-2.7.8

The code in org.apache.cxf.ws.security.trust.AbstractSTSClient
that handles Act_As as a string requires a fully compliant XML
stmt like this,
    "<wst:ActAs 
xmlns:wst=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\";>eve</wst:ActAs>"

807   if (isString) {
808     final Document doc =
809         StaxUtils.read(new StringReader((String) delegationObject));


The documentation does not make it clear that this is the requirement.
In addition based upon existing uses of SecurityConstants it is expected
that a simple name should be acceptable in the case, for example

    SecurityConstants.STS_TOKEN_ACT_AS, "bob"


  was:

Using: cxf-tr-ws-security-2.7.8

The code in org.apache.cxf.ws.security.trust.AbstractSTSClient
that handles Act_As as a string requires a fully compliant XML
stmt like this,
    "<wst:ActAs 
xmlns:wst=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\";>eve</wst:ActAs>"

807   if (isString) {
808     final Document doc =
809         StaxUtils.read(new StringReader((String) delegationObject));


The documentation does not make it clear that this is the requirement.
In addition based upon existing uses of SecurityConstants it is expected
that a simple name should be acceptable in the case, for example

    SecurityConstants.STS_TOKEN_ACT_AS, "bob"


    Affects Version/s: 3.0.0-milestone1

> Setting SecurityConstants.STS_TOKEN_ACT_AS as string improper handling
> ----------------------------------------------------------------------
>
>                 Key: CXF-5518
>                 URL: https://issues.apache.org/jira/browse/CXF-5518
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 3.0.0-milestone1, 2.7.8
>            Reporter: Rebecca Searls
>
> Using: cxf-tr-ws-security-2.7.8
> The code in org.apache.cxf.ws.security.trust.AbstractSTSClient
> that handles Act_As as a string requires a fully compliant XML
> stmt like this,
>     "<wst:ActAs 
> xmlns:wst=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\";>eve</wst:ActAs>"
> 807   if (isString) {
> 808     final Document doc =
> 809         StaxUtils.read(new StringReader((String) delegationObject));
> The documentation does not make it clear that this is the requirement.
> In addition based upon existing uses of SecurityConstants it is expected
> that a simple name should be acceptable in the case, for example
>     SecurityConstants.STS_TOKEN_ACT_AS, "bob"



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to