Rebecca Searls created CXF-5520:
-----------------------------------
Summary: Setting SecurityConstants.STS_TOKEN_ON_BEHALF_OF as
string improper handling
Key: CXF-5520
URL: https://issues.apache.org/jira/browse/CXF-5520
Project: CXF
Issue Type: Bug
Components: JAX-RS Security
Affects Versions: 2.7.8, 3.0.0-milestone1
Reporter: Rebecca Searls
Using: cxf-tr-ws-security-2.7.8
The code in org.apache.cxf.ws.security.trust.AbstractSTSClient
that handles OnBehalfOf as a string requires a fully compliant XML
stmt like this,
"<wst:OnBehalfOf
xmlns:wst=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\";>eve</wst:OnBehalfOf>"
807 if (isString) {
808 final Document doc =
809 StaxUtils.read(new StringReader((String) delegationObject));
The documentation does not make it clear that this is the requirement.
In addition based upon existing uses of SecurityConstants it is expected
that a simple name should be acceptable in the case, for example
SecurityConstants.STS_TOKEN_ON_BEHALF_OF, "bob"
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
