[
https://issues.apache.org/jira/browse/RAMPART-33?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Uwe Kylau updated RAMPART-33:
-----------------------------
Description:
In class org.apache.rampart.util.RampartUtil there is a method
processIssuerAddress(...) that takes an OMElement,
in order to extract the address string contained in the element.
This is the source code of the method:
public static String processIssuerAddress(OMElement issuerAddress)
throws RampartException {
if(issuerAddress != null && issuerAddress.getText() != null &&
!"".equals(issuerAddress.getText())) {
return issuerAddress.getText().trim();
} else {
throw new RampartException("invalidIssuerAddress",
new String[] { issuerAddress.toString() });
}
}
In its current version the method expects something like this:
<wsa:Address>http://some.url/</wsa:Address>
The method is called from getIssuedToken(...) in the same class with parameter
issuedToken.getIssuerEpr().
The variable issuedToken is of type org.apache.ws.secpolicy.model.IssuedToken.
Correct me if I'm wrong, but as far as I understood, the property issuerEpr of
class IssuedToken is meant to store a complete endpoint reference.
This means that the method processIssuerAddress(...) is called with something
like this:
<wsa:EndpointReference>
<wsa:Address>http://some.url/</wsa:Address>
</wsa:EndpointReference>
Thus, the source code of the method should be changed to:
public static String processIssuerAddress(OMElement issuerEpr)
throws RampartException {
if(issuerEpr != null) {
OMElement issuerAddress = issuerEpr.getFirstChildWithName(new
QName(AddressingConstants.Final.WSA_NAMESPACE,
AddressingConstants.EPR_ADDRESS));
if(issuerAddress != null && issuerAddress.getText() != null &&
!"".equals(issuerAddress.getText())) {
return issuerAddress.getText().trim();
} else {
throw new RampartException("invalidIssuerAddress",
new String[] { issuerAddress.toString() });
}
} else {
throw new RampartException("invalidIssuerAddress",
new String[] { issuerAddress.toString() });
}
}
I hope you agree with me ;-)
Best regards,
Uwe Kylau
was:
In class org.apache.rampart.util.RampartUtil there is a method
processIssuerAddress(...) that takes an OMElement,
in order to extract the address string contained in the element.
This is the source code of the method:
public static String processIssuerAddress(OMElement issuerAddress)
throws RampartException {
if(issuerAddress != null && issuerAddress.getText() != null &&
!"".equals(issuerAddress.getText())) {
return issuerAddress.getText().trim();
} else {
throw new RampartException("invalidIssuerAddress",
new String[] { issuerAddress.toString() });
}
}
In its current version the method expects something like this:
<wsa:Address>http://some.url/</wsa:Address>
The method is called from getIssuedToken(...) in the same class with parameter
issuedToken.getIssuerEpr().
The variable issuedToken is of type org.apache.ws.secpolicy.model.IssuedToken.
Correct me if I'm wrong, but as far as I understood, the property issuerEpr of
class IssuedToken is meant to store a complete endpoint reference.
This means that the method processIssuerAddress(...) is called with something
like this:
<wsa:EndpointReference>
<wsa:Address>http://some.url/</wsa:Address>
</wsa:EndpointReference>
Thus, the source code of the method should be changed to:
public static String processIssuerAddress(OMElement issuerEpr)
throws RampartException {
if(issuerEpr != null) {
OMElement issuerAddress = issuerEpr.getFirstChildWithName(new
QName(AddressingConstants.Final.WSA_NAMESPACE,
AddressingConstants.EPR_ADDRESS));
if(issuerAddress != null && issuerAddress.getText() != null &&
!"".equals(issuerAddress.getText())) {
return issuerAddress.getText().trim();
} else {
throw new RampartException("invalidIssuerAddress",
new String[] { issuerAddress.toString() });
}
} else {
throw new RampartException("invalidIssuerAddress",
new String[] { issuerAddress.toString() });
}
}
I hope you agree with me ;-)
Best regards,
Uwe Kylau
> Incorrect extraction of the issuer's address from property issuerEpr of
> org.apache.ws.secpolicy.model.IssuedToken
> -----------------------------------------------------------------------------------------------------------------
>
> Key: RAMPART-33
> URL: https://issues.apache.org/jira/browse/RAMPART-33
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.1
> Reporter: Uwe Kylau
>
> In class org.apache.rampart.util.RampartUtil there is a method
> processIssuerAddress(...) that takes an OMElement,
> in order to extract the address string contained in the element.
> This is the source code of the method:
> public static String processIssuerAddress(OMElement issuerAddress)
> throws RampartException {
> if(issuerAddress != null && issuerAddress.getText() != null &&
> !"".equals(issuerAddress.getText())) {
> return issuerAddress.getText().trim();
> } else {
> throw new RampartException("invalidIssuerAddress",
> new String[] { issuerAddress.toString() });
> }
> }
> In its current version the method expects something like this:
> <wsa:Address>http://some.url/</wsa:Address>
> The method is called from getIssuedToken(...) in the same class with
> parameter issuedToken.getIssuerEpr().
> The variable issuedToken is of type org.apache.ws.secpolicy.model.IssuedToken.
> Correct me if I'm wrong, but as far as I understood, the property issuerEpr
> of class IssuedToken is meant to store a complete endpoint reference.
> This means that the method processIssuerAddress(...) is called with something
> like this:
> <wsa:EndpointReference>
> <wsa:Address>http://some.url/</wsa:Address>
> </wsa:EndpointReference>
> Thus, the source code of the method should be changed to:
> public static String processIssuerAddress(OMElement issuerEpr)
> throws RampartException {
> if(issuerEpr != null) {
> OMElement issuerAddress = issuerEpr.getFirstChildWithName(new
> QName(AddressingConstants.Final.WSA_NAMESPACE,
>
>
> AddressingConstants.EPR_ADDRESS));
> if(issuerAddress != null && issuerAddress.getText() != null &&
> !"".equals(issuerAddress.getText())) {
> return issuerAddress.getText().trim();
> } else {
> throw new RampartException("invalidIssuerAddress",
> new String[] { issuerAddress.toString() });
> }
> } else {
> throw new RampartException("invalidIssuerAddress",
> new String[] { issuerAddress.toString() });
> }
> }
> I hope you agree with me ;-)
> Best regards,
> Uwe Kylau
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
