[jira] Resolved: (RAMPART-33) Incorrect extraction of the issuer's address from property issuerEpr of org.apache.ws.secpolicy.model.IssuedToken

[Nandana Mihindukulasooriya (JIRA)]

     [ 
https://issues.apache.org/jira/browse/RAMPART-33?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nandana Mihindukulasooriya resolved RAMPART-33.
-----------------------------------------------

    Resolution: Fixed

Hi Uwe,
     In the Issued Token Builder [1], we set the <Address/> element as 
issuerEpr.  So this is the correct way to go. 

/nandana


[1] - 
https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/IssuedTokenBuilder.java

> Incorrect extraction of the issuer's address from property issuerEpr of 
> org.apache.ws.secpolicy.model.IssuedToken
> -----------------------------------------------------------------------------------------------------------------
>
>                 Key: RAMPART-33
>                 URL: https://issues.apache.org/jira/browse/RAMPART-33
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-core
>    Affects Versions: 1.1
>            Reporter: Uwe Kylau
>
> In class org.apache.rampart.util.RampartUtil there is a method 
> processIssuerAddress(...) that takes an OMElement,
> in order to extract the address string contained in the element.
> This is the source code of the method:
>     public static String processIssuerAddress(OMElement issuerAddress) 
>         throws RampartException {
>         if(issuerAddress != null && issuerAddress.getText() != null && 
>                 !"".equals(issuerAddress.getText())) {
>             return issuerAddress.getText().trim();
>         } else {
>             throw new RampartException("invalidIssuerAddress",
>                     new String[] { issuerAddress.toString() });
>         }
>     }
> In its current version the method expects something like this:
> <wsa:Address>http://some.url/</wsa:Address>
> The method is called from getIssuedToken(...) in the same class with 
> parameter issuedToken.getIssuerEpr().
> The variable issuedToken is of type org.apache.ws.secpolicy.model.IssuedToken.
> Correct me if I'm wrong, but as far as I understood, the property issuerEpr 
> of class IssuedToken is meant to store a complete endpoint reference.
> This means that the method processIssuerAddress(...) is called with something 
> like this:
> <wsa:EndpointReference>
>     <wsa:Address>http://some.url/</wsa:Address>
> </wsa:EndpointReference>
> Thus, the source code of the method should be changed to:
>     public static String processIssuerAddress(OMElement issuerEpr) 
>         throws RampartException {
>         if(issuerEpr != null) {
>             OMElement issuerAddress = issuerEpr.getFirstChildWithName(new 
> QName(AddressingConstants.Final.WSA_NAMESPACE, 
>                                                                               
>                                                                        
> AddressingConstants.EPR_ADDRESS));
>             if(issuerAddress != null && issuerAddress.getText() != null && 
>                     !"".equals(issuerAddress.getText())) {
>                 return issuerAddress.getText().trim();
>             } else {
>                 throw new RampartException("invalidIssuerAddress",
>                         new String[] { issuerAddress.toString() });
>             }
>         } else {
>             throw new RampartException("invalidIssuerAddress",
>                     new String[] { issuerAddress.toString() });
>         }
>     }
> I hope you agree with me ;-)
> Best regards,
> Uwe Kylau

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.