[jira] [Commented] (RAMPART-429) Invoking org.apache.rahas.Token.writeExternal(ObjectOutput) breaks token insertion when connecting to the serivce

[Robert Lazarski (Jira)]

    [ 
https://issues.apache.org/jira/browse/RAMPART-429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17893503#comment-17893503
 ] 

Robert Lazarski commented on RAMPART-429:
-----------------------------------------

Those two issues got fixed after this Jira was created - so, I wonder if this 
fix is still needed since there was an 1.7.0 after this with those updated 
jars. 

To clear, I am talking about a Rampart 1.8.0 that is about to be released with 
a dependency of Axis2 1.8.2 with Axiom 1.4 and a subsequent Rampart 2.0.0 with 
Axis2 2.0.0 and Axiom 2.0.0. 

[~veithen] could shed any light on whether the code in question at this point 
should be: 

serializedToken = element.toStringWithConsume();

Or: 

serializedToken = element.toString();
 
Right now I am inclined to leave it as is and mark the issue as won't fix since 
best I can tell, the two referenced Jira issues fixed the problem. 


> Invoking org.apache.rahas.Token.writeExternal(ObjectOutput) breaks token 
> insertion when connecting to the serivce
> -----------------------------------------------------------------------------------------------------------------
>
>                 Key: RAMPART-429
>                 URL: https://issues.apache.org/jira/browse/RAMPART-429
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-trust
>    Affects Versions: 1.6.2
>            Reporter: Sundeep Garla
>            Priority: Major
>
> Hello, 
> In our usecase we serialize the Rampart token into secure storage using 
> org.apache.rahas.Token.writeExternal(ObjectOutput out) before rampart handler 
> executes to inject the SAML assertion into security header. Once serialized, 
> It breaks with the following exception:
> {code:title=Error when inserting assertion into security header}
>  java.util.NoSuchElementException: End of the document reached
>                 at 
> org.apache.axiom.om.impl.llom.SwitchingWrapper.next(SwitchingWrapper.java:987)
>                 at 
> javax.xml.stream.util.StreamReaderDelegate.next(StreamReaderDelegate.java:88)
>                 at 
> org.apache.axiom.om.impl.builder.StAXOMBuilder.parserNext(StAXOMBuilder.java:668)
>                 at 
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:214)
>                 at 
> org.apache.axiom.om.impl.dom.ParentNode.buildNext(ParentNode.java:89)
>                 at 
> org.apache.axiom.om.impl.dom.ChildNode.getNextOMSibling(ChildNode.java:103)
>                 at 
> org.apache.axiom.om.impl.dom.ChildNode.getNextSibling(ChildNode.java:113)
>                 at 
> org.apache.axiom.om.impl.dom.DocumentImpl.importNode(DocumentImpl.java:403)
>                 at 
> org.apache.rampart.util.RampartUtil.appendChildToSecHeader(RampartUtil.java:826)
>                 at 
> org.apache.rampart.util.RampartUtil.insertSiblingAfter(RampartUtil.java:834)
>                 at 
> org.apache.rampart.builder.BindingBuilder.handleSupportingTokens(BindingBuilder.java:380)
>                 at 
> org.apache.rampart.builder.TransportBindingBuilder.build(TransportBindingBuilder.java:148)
>                 at 
> org.apache.rampart.MessageBuilder.build(MessageBuilder.java:140)
>                 at 
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
>                 at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
>                 at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
>                 at 
> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
>                 at 
> org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:427)
>                 at 
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)
>                 at 
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
>                 at 
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
>                 at 
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:555)
>                 at 
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:531)
> {code}
> The above error reported in JIRA's:
> # https://issues.apache.org/jira/browse/AXIOM-439
> # https://issues.apache.org/jira/browse/RAMPART-392
> This is because of method:
> {code:title=org.apache.rahas.Token.java|borderStyle=solid}
> private String convertOMElementToString(OMElement element)
>         throws IOException {
>         String serializedToken = "";
>         if (null == element) {
>             return serializedToken;
>         }
>  try {
>             serializedToken = element.toStringWithConsume();
>         } catch (XMLStreamException e) {
>             throw new IOException("Could not serialize token OM element");
>         }
>         return serializedToken;
>     }
> {code}
> Invoking toStringWithConsume() causes the errors when RampartHandler tries to 
> access the object model to insert <Assertion> into security header. 
> I have patched the above code to invoke OMElement.toString() instead of 
> toStringWithConsume() modified source as below:
> {code:title=org.apache.rahas.Token.java|borderStyle=solid}
>     private String convertOMElementToString(OMElement element)
>         throws IOException {
>         String serializedToken = "";
>         if (null == element) {
>             return serializedToken;
>         }
>         serializedToken = element.toString();
>         return serializedToken;
>     }
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org