[jira] Commented: (RAMPART-156) org.apache.rahas.Token constructor expects lifetimeelement to be present, but the element is optional according to the standard.

[Nandana Mihindukulasooriya (JIRA)]

    [ 
https://issues.apache.org/jira/browse/RAMPART-156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12597826#action_12597826
 ] 

Nandana Mihindukulasooriya commented on RAMPART-156:
----------------------------------------------------

I think this is bit tricky. As we can see, processTokenExpiry() in the 
org.apache.rahas.SimpleTokenStore uses "expires" value set by the 
processLifeTime(lifetimeElem) to set the State of the tokens. So the tokens 
state will be not properly set if the expires value of the token is not set 
correctly. Token state is used check the token validity. 
eg. org.apache.rampart.util.RampartUtil#isTokenValid method

So we need to think of a way of setting the State or expires/created values in 
the above scenario.

thanks,
nandana

> org.apache.rahas.Token constructor expects lifetimeelement to be present, but 
> the element is optional according to the standard.
> --------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: RAMPART-156
>                 URL: https://issues.apache.org/jira/browse/RAMPART-156
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-trust
>         Environment: Latest trunk of rampart  + wss4j on windows xp.
>            Reporter: Rasmus Rhein Helwigh
>            Assignee: Nandana Mihindukulasooriya
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> The org.apache.rahas.client.STSClient.processIssueResponse class tries to 
> create a Token object with lifetime object as an argument. This lifetime 
> object is optional, but the Token constructor fails if it's null.
> Since SAML1.1 has it's own lifetime element build into the assertion, it 
> doesn't need to use the Token lifetime element, so it would be nice if this 
> element could be optional.
> Index: 
> C:/src/Main/java/Rampart-svn/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
> ===================================================================
> --- 
> C:/src/Main/java/Rampart-svn/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
>       (revision 650441)
> +++ 
> C:/src/Main/java/Rampart-svn/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
>       (working copy)
> @@ -151,7 +151,8 @@
>                  tokenElem.getXMLStreamReader());
>          stAXOMBuilder.setNamespaceURIInterning(true);
>          this.token = stAXOMBuilder.getDocumentElement();
> -        this.processLifeTime(lifetimeElem);
> +        if ( lifetimeElem != null )
> +             this.processLifeTime(lifetimeElem);
>      }
>      
>      /**

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.