[
https://issues.apache.org/jira/browse/RAMPART-429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17893503#comment-17893503
]
Robert Lazarski commented on RAMPART-429:
-----------------------------------------
Those two issues got fixed after this Jira was created - so, I wonder if this
fix is still needed since there was an 1.7.0 after this with those updated
jars.
To clear, I am talking about a Rampart 1.8.0 that is about to be released with
a dependency of Axis2 1.8.2 with Axiom 1.4 and a subsequent Rampart 2.0.0 with
Axis2 2.0.0 and Axiom 2.0.0.
[~veithen] could shed any light on whether the code in question at this point
should be:
serializedToken = element.toStringWithConsume();
Or:
serializedToken = element.toString();
Right now I am inclined to leave it as is and mark the issue as won't fix since
best I can tell, the two referenced Jira issues fixed the problem.
> Invoking org.apache.rahas.Token.writeExternal(ObjectOutput) breaks token
> insertion when connecting to the serivce
> -----------------------------------------------------------------------------------------------------------------
>
> Key: RAMPART-429
> URL: https://issues.apache.org/jira/browse/RAMPART-429
> Project: Rampart
> Issue Type: Bug
> Components: rampart-trust
> Affects Versions: 1.6.2
> Reporter: Sundeep Garla
> Priority: Major
>
> Hello,
> In our usecase we serialize the Rampart token into secure storage using
> org.apache.rahas.Token.writeExternal(ObjectOutput out) before rampart handler
> executes to inject the SAML assertion into security header. Once serialized,
> It breaks with the following exception:
> {code:title=Error when inserting assertion into security header}
> java.util.NoSuchElementException: End of the document reached
> at
> org.apache.axiom.om.impl.llom.SwitchingWrapper.next(SwitchingWrapper.java:987)
> at
> javax.xml.stream.util.StreamReaderDelegate.next(StreamReaderDelegate.java:88)
> at
> org.apache.axiom.om.impl.builder.StAXOMBuilder.parserNext(StAXOMBuilder.java:668)
> at
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:214)
> at
> org.apache.axiom.om.impl.dom.ParentNode.buildNext(ParentNode.java:89)
> at
> org.apache.axiom.om.impl.dom.ChildNode.getNextOMSibling(ChildNode.java:103)
> at
> org.apache.axiom.om.impl.dom.ChildNode.getNextSibling(ChildNode.java:113)
> at
> org.apache.axiom.om.impl.dom.DocumentImpl.importNode(DocumentImpl.java:403)
> at
> org.apache.rampart.util.RampartUtil.appendChildToSecHeader(RampartUtil.java:826)
> at
> org.apache.rampart.util.RampartUtil.insertSiblingAfter(RampartUtil.java:834)
> at
> org.apache.rampart.builder.BindingBuilder.handleSupportingTokens(BindingBuilder.java:380)
> at
> org.apache.rampart.builder.TransportBindingBuilder.build(TransportBindingBuilder.java:148)
> at
> org.apache.rampart.MessageBuilder.build(MessageBuilder.java:140)
> at
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
> at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
> at
> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
> at
> org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:427)
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)
> at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
> at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:555)
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:531)
> {code}
> The above error reported in JIRA's:
> # https://issues.apache.org/jira/browse/AXIOM-439
> # https://issues.apache.org/jira/browse/RAMPART-392
> This is because of method:
> {code:title=org.apache.rahas.Token.java|borderStyle=solid}
> private String convertOMElementToString(OMElement element)
> throws IOException {
> String serializedToken = "";
> if (null == element) {
> return serializedToken;
> }
> try {
> serializedToken = element.toStringWithConsume();
> } catch (XMLStreamException e) {
> throw new IOException("Could not serialize token OM element");
> }
> return serializedToken;
> }
> {code}
> Invoking toStringWithConsume() causes the errors when RampartHandler tries to
> access the object model to insert <Assertion> into security header.
> I have patched the above code to invoke OMElement.toString() instead of
> toStringWithConsume() modified source as below:
> {code:title=org.apache.rahas.Token.java|borderStyle=solid}
> private String convertOMElementToString(OMElement element)
> throws IOException {
> String serializedToken = "";
> if (null == element) {
> return serializedToken;
> }
> serializedToken = element.toString();
> return serializedToken;
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
