[
https://issues.jboss.org/browse/SECURITY-653?page=com.atlassian.jira.plug...
]
Anil Saldhana commented on SECURITY-653:
----------------------------------------
The fix is attached in the jar. It needs to be verified.
JBossPDP isDirectory called should check if the argument is of file
pattern
---------------------------------------------------------------------------
Key: SECURITY-653
URL:
https://issues.jboss.org/browse/SECURITY-653
Project: PicketBox (JBoss Security and Identity Management)
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: JBossXACML
Affects Versions: jbossxacml_2.0.6.Final
Reporter: Anil Saldhana
Assignee: Anil Saldhana
Fix For: picketbox_xacml_2.0.8.Final
Attachments: jbossxacml-2.0.8-SNAPSHOT.jar
https://issues.jboss.org/browse/JBPAPP-8462 has an exception for the AS7 environment.
======================
15:51:51,112 ERROR
[org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/pdp].[SOAPSAMLXACMLPDPServlet]]
(http--127.0.0.1-8080-1) Allocate exception for servlet SOAPSAMLXACMLPDPServlet:
java.lang.IllegalArgumentException: URI scheme is not "file"
at java.io.File.<init>(File.java:366) [rt.jar:1.6.0_31]
at org.jboss.security.xacml.core.JBossPDP.isDirectory(JBossPDP.java:590)
[jbossxacml-2.0.6.Final.jar:2.0.6.Final]
at org.jboss.security.xacml.core.JBossPDP.addPolicySets(JBossPDP.java:466)
[jbossxacml-2.0.6.Final.jar:2.0.6.Final]
at org.jboss.security.xacml.core.JBossPDP.bootstrap(JBossPDP.java:344)
[jbossxacml-2.0.6.Final.jar:2.0.6.Final]
at org.jboss.security.xacml.core.JBossPDP.<init>(JBossPDP.java:157)
[jbossxacml-2.0.6.Final.jar:2.0.6.Final]
at
org.picketlink.identity.federation.core.pdp.SOAPSAMLXACMLPDP.getPDP(SOAPSAMLXACMLPDP.java:126)
[picketlink-fed-2.0.2.Final.jar:2.0.2.Final]
at
org.picketlink.identity.federation.core.pdp.SOAPSAMLXACMLPDP.<init>(SOAPSAMLXACMLPDP.java:75)
[picketlink-fed-2.0.2.Final.jar:2.0.2.Final]
==========================
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see:
http://www.atlassian.com/software/jira