| Summary: | security_saml QS fails during RequestedSecurityToken extraction. | ||
|---|---|---|---|
| Product: | [JBoss] JBoss Enterprise SOA Platform 5 | Reporter: | Marek Baluch <mbaluch> |
| Component: | Examples, PicketLink | Assignee: | Kevin Conner <kevin.conner> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 5.0.2 | CC: | darran.lofthouse |
| Target Milestone: | --- | ||
| Target Release: | 5.0.2 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| URL: | http://jira.jboss.org/jira/browse/SOA-2112 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-06-18 07:56:47 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
For more information see related issue. Link: Added: This issue is related to SOA-2111 Link: Added: This issue depends JBESB-3343 This is not an ESB issue, rather it is an issue within picketlink.
The bug relates to SOA-2111 but this was incorrectly created against jbossws rather than against picketlink.
The issue lies within org.picketlink.identity.federation.core.wstrust.STSClient, specifically the following code
private Element issueToken(RequestSecurityToken request) throws WSTrustException
{
request.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST));
request.setContext("context");
WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance();
DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityToken(request);
Source response = dispatchLocal.get().invoke(requestSource);
Node documentNode = ((DOMSource) response).getNode();
Document responseDoc = documentNode instanceof Document ? (Document) documentNode : documentNode.getOwnerDocument();
NodeList nodes;
try
{
Document myDocument = DocumentUtil.createDocument();
Node importedNode = myDocument.importNode(responseDoc.getDocumentElement(), true);
myDocument.appendChild(importedNode);
nodes = null;
if (responseDoc instanceof SOAPPart)
{
SOAPPart soapPart = (SOAPPart) responseDoc;
SOAPEnvelope env = soapPart.getEnvelope();
SOAPBody body = env.getBody();
Node data = body.getFirstChild();
nodes = ((Element) data).getElementsByTagName("RequestedSecurityToken");
}
else
nodes = responseDoc.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE, "RequestedSecurityToken");
}
catch (Exception e)
{
throw new WSTrustException("Exception in issuing token:", e);
}
if (nodes == null)
throw new WSTrustException("NodeList is null");
Node rstr = nodes.item(0);
return (Element) rstr.getFirstChild();
}
The invocation of getElementsByTagName is incorrect.
picketlink 1.0.2 seems to have a fix for this. The line in error has been replaced with the following
nodes = ((Element) data).getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE, "RequestedSecurityToken");
if (nodes == null || nodes.getLength() == 0)
nodes = ((Element) data).getElementsByTagName("RequestedSecurityToken");
Will try the QS using 1.0.2 classes and follow up.
Running the quickstart using the 1.0.2 picketlink binaries seems to address this issue. I'm not sure what differences exist between 1.0.1 and 1.0.2 so we need input from Anil. As picketlink is still technical preview we should look to move to the latest version (1.0.3.final) I'll download that version and run the QS again. 1.0.3.final works with this quickstart Kevin, you are right. This has been fixed for PL 1.0.2. We are releasing 1.0.3.SP1 today and I think it is a good idea to upgrade PL to this version in SOA-P. Link: Added: This issue depends JBESB-3352 Updated in ESB codebase, will be in next tag for platform. Verified on 5.0.2 CR2 |
Affects: Interactive Demo/Tutorial Date of First Response: 2010-06-15 10:35:54 project_key: SOA When running the QS we get the following exception: 12:14:00,857 ERROR [ActionProcessingPipeline] SecurityService exception : org.jboss.soa.esb.services.security.SecurityServiceException: Exception while trying to login: at org.jboss.internal.soa.esb.services.security.JaasSecurityService.authenticate(JaasSecurityService.java:102) at org.jboss.soa.esb.listeners.message.ActionProcessingPipeline.processPipeline(ActionProcessingPipeline.java:534) at org.jboss.soa.esb.listeners.message.ActionProcessingPipeline.process(ActionProcessingPipeline.java:419) at org.jboss.soa.esb.listeners.message.MessageAwareListener$TransactionalRunner.run(MessageAwareListener.java:540) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:619) Caused by: javax.security.auth.login.LoginException: java.lang.NullPointerException at org.picketlink.identity.federation.core.wstrust.STSClient.issueToken(STSClient.java:188) at org.picketlink.identity.federation.core.wstrust.STSClient.issueToken(STSClient.java:122) at org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule.invokeSTS(STSIssuingLoginModule.java:85) at org.picketlink.identity.federation.core.wstrust.auth.AbstractSTSLoginModule.login(AbstractSTSLoginModule.java:243) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:579) at org.jboss.internal.soa.esb.services.security.JaasSecurityService.authenticate(JaasSecurityService.java:94) at org.jboss.soa.esb.listeners.message.ActionProcessingPipeline.processPipeline(ActionProcessingPipeline.java:534) at org.jboss.soa.esb.listeners.message.ActionProcessingPipeline.process(ActionProcessingPipeline.java:419) at org.jboss.soa.esb.listeners.message.MessageAwareListener$TransactionalRunner.run(MessageAwareListener.java:540) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:619) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:872) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:579) at org.jboss.internal.soa.esb.services.security.JaasSecurityService.authenticate(JaasSecurityService.java:94) ... 6 more