[jira] Created: (CXF-2524) STSClient requires Lifetime element in RSTR

Thu, 05 Nov 2009 11:32:57 -0800 

STSClient requires Lifetime element in RSTR
-------------------------------------------

                 Key: CXF-2524
                 URL: https://issues.apache.org/jira/browse/CXF-2524
             Project: CXF
          Issue Type: Bug
    Affects Versions: 2.2.4
            Reporter: Oliver Wulff


The STSClient in CXF requires that an STS returns the Lifetime element which is 
optional as per WS-Trust 1.3 spec:
[http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html]
>>>
4.4 Returning a Security Token
...
wst:RequestSecurityTokenResponse/wst:Lifetime
This optional element specifies the lifetime of the issued security token.  If 
omitted the lifetime is unspecified (not necessarily unlimited).  It is 
RECOMMENDED that if a lifetime exists for a token that this element be included 
in the response.
>>>

STSClient.java:
...
        while (el != null) {
            String ln = el.getLocalName();
            if (namespace.equals(el.getNamespaceURI())) {
                if ("Lifetime".equals(ln)) {
                    lte = el;
...
        SecurityToken token = new SecurityToken(id, rstDec, lte);
...

SecurityToken.java:
...
    public SecurityToken(String id,
                 Element tokenElem,
                 Element lifetimeElem) {
        this.id = id;
        this.token = cloneElement(tokenElem);
        this.processLifeTime(lifetimeElem);
...
    /**
     * @param lifetimeElem
     * @throws TrustException 
     */
    private void processLifeTime(Element lifetimeElem) {
        try {
            DatatypeFactory factory = DatatypeFactory.newInstance();
            
            Element createdElem = 
                DOMUtils.getFirstChildWithName(lifetimeElem,
                                                WSConstants.WSU_NS,
                                                WSConstants.CREATED_LN);
            this.created = 
factory.newXMLGregorianCalendar(DOMUtils.getContent(createdElem))
                .toGregorianCalendar();

            Element expiresElem = 
                DOMUtils.getFirstChildWithName(lifetimeElem,
                                                WSConstants.WSU_NS,
                                                WSConstants.EXPIRES_LN);
            this.expires = 
factory.newXMLGregorianCalendar(DOMUtils.getContent(expiresElem))
                .toGregorianCalendar();
        } catch (DatatypeConfigurationException e) {
            //shouldn't happen

If "null" is passed to processLifeTime a NPE occurs. If the CXF internals don't 
depend on the lifetime the following might fix it already:
...
    public SecurityToken(String id,
                 Element tokenElem,
                 Element lifetimeElem) {
        this.id = id;
        this.token = cloneElement(tokenElem);
        if (lifetimeElem !=null) this.processLifeTime(lifetimeElem);
...


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to