[jira] Created: (RAMPART-33) Incorrect extraction of the issuer's address from property issuerEpr of org.apache.ws.secpolicy.model.IssuedToken

Uwe Kylau (JIRA) Sat, 21 Apr 2007 03:09:02 -0700

Incorrect extraction of the issuer's address from property issuerEpr of 
org.apache.ws.secpolicy.model.IssuedToken
-----------------------------------------------------------------------------------------------------------------


                 Key: RAMPART-33
                 URL: https://issues.apache.org/jira/browse/RAMPART-33
             Project: Rampart
          Issue Type: Bug
          Components: rampart-core
    Affects Versions: 1.1
            Reporter: Uwe Kylau



In class org.apache.rampart.util.RampartUtil there is a method 
processIssuerAddress(...) that takes an OMElement,
in order to extract the address string contained in the element.

This is the source code of the method:

    public static String processIssuerAddress(OMElement issuerAddress) 
        throws RampartException {
        if(issuerAddress != null && issuerAddress.getText() != null && 
                !"".equals(issuerAddress.getText())) {
            return issuerAddress.getText().trim();
        } else {
            throw new RampartException("invalidIssuerAddress",
                    new String[] { issuerAddress.toString() });
        }
    }


In its current version the method expects something like this:

<wsa:Address>http://some.url/</wsa:Address>


The method is called from getIssuedToken(...) in the same class with parameter 
issuedToken.getIssuerEpr().
The variable issuedToken is of type org.apache.ws.secpolicy.model.IssuedToken.

Correct me if I'm wrong, but as far as I understood, the property issuerEpr of 
class IssuedToken is meant to store a complete endpoint reference.
This means that the method processIssuerAddress(...) is called with something 
like this:

<wsa:EndpointReference>
    <wsa:Address>http://some.url/</wsa:Address>
</wsa:EndpointReference>

Thus, the source code of the method should be changed to:

    public static String processIssuerAddress(OMElement issuerEpr) 
        throws RampartException {

        if(issuerEpr != null) {
            OMElement issuerAddress = issuerEpr.getFirstChildWithName(new 
QName(AddressingConstants.Final.WSA_NAMESPACE, 
                                                                                
                                                                     
AddressingConstants.EPR_ADDRESS));
            if(issuerAddress != null && issuerAddress.getText() != null && 
                    !"".equals(issuerAddress.getText())) {
                return issuerAddress.getText().trim();
            } else {
                throw new RampartException("invalidIssuerAddress",
                        new String[] { issuerAddress.toString() });
            }
        } else {
            throw new RampartException("invalidIssuerAddress",
                    new String[] { issuerAddress.toString() });
        }
    }


I hope you agree with me ;-)

Best regards,
Uwe Kylau

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Created: (RAMPART-33) Incorrect extraction of the issuer's address from property issuerEpr of org.apache.ws.secpolicy.model.IssuedToken

Reply via email to