[jboss-jira] [JBoss JIRA] Closed: (SECURITY-561) JBossResponseContext getResult strips multiple obligations from the evaluation response.

Anil Saldhana (JIRA) jira-events at lists.jboss.org
Fri Apr 1 11:34:38 EDT 2011 

     [ https://issues.jboss.org/browse/SECURITY-561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Anil Saldhana closed SECURITY-561.
----------------------------------

    Resolution: Done


> JBossResponseContext getResult strips multiple obligations from the evaluation response.
> ----------------------------------------------------------------------------------------
>
>                 Key: SECURITY-561
>                 URL: https://issues.jboss.org/browse/SECURITY-561
>             Project: PicketBox (JBoss Security and Identity Management)
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: JBossXACML
>         Environment: N/A
>            Reporter: Brian Krisler
>            Assignee: Anil Saldhana
>              Labels: obligations, xacml
>             Fix For: jbossxacml_2.0.6.Final
>
>
> The getResult() method in JBossResponseContext prevents multiple Obligations from getting returned to the PEP. The code block:
> //Obligations
> Set<Obligation> obligationsSet = result.getObligations();
> if(obligationsSet != null)
> {
>   for(Obligation obl:obligationsSet)
>   {
>     ObligationType obType = new ObligationType();
>     obType.setObligationId(obl.getId().toASCIIString());                  
>     obType.setFulfillOn(EffectType.fromValue(Result.DECISIONS[obl.getFulfillOn()]));
>             
>     ObligationsType obligationsType = new ObligationsType();
>     obligationsType.getObligation().add(obType);
>     resultType.setObligations(obligationsType);  
>   }
> }
> Causes the obligations to constantly get overwritten with the last one read in.
>   --> resultType.setObligations(obligationsType)
> To fix, do something more like:
> // Obligations
> Set<Obligation> obligationsSet = result.getObligations(); 
> if (obligationsSet != null && obligationsSet.size() > 0) {
>   ObligationsType obligationsType = new ObligationsType();
>   for (Obligation obl : obligationsSet) {
>    ObligationType obType = new ObligationType();
>    obType.setObligationId(obl.getId().toASCIIString());
>    obType.setFulfillOn(EffectType.fromValue(Result.DECISIONS[obl.getFulfillOn()]));
>    obligationsType.getObligation().add(obType);
>   }				
>   resultType.setObligations(obligationsType);
> }

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list