[jboss-jira] [JBoss JIRA] Updated: (SECURITY-561) JBossResponseContext getResult strips multiple obligations from the evaluation response.
Anil Saldhana (JIRA)
jira-events at lists.jboss.org
Thu Feb 3 14:36:39 EST 2011
[ https://issues.jboss.org/browse/SECURITY-561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anil Saldhana updated SECURITY-561:
-----------------------------------
Fix Version/s: jbossxacml_2.0.6.Final
Affects Version/s: (was: 2.0.2.CR12)
Component/s: JBossXACML
(was: PicketBox)
> JBossResponseContext getResult strips multiple obligations from the evaluation response.
> ----------------------------------------------------------------------------------------
>
> Key: SECURITY-561
> URL: https://issues.jboss.org/browse/SECURITY-561
> Project: PicketBox (JBoss Security and Identity Management)
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: JBossXACML
> Environment: N/A
> Reporter: Brian Krisler
> Assignee: Anil Saldhana
> Labels: obligations, xacml
> Fix For: jbossxacml_2.0.6.Final
>
>
> The getResult() method in JBossResponseContext prevents multiple Obligations from getting returned to the PEP. The code block:
> //Obligations
> Set<Obligation> obligationsSet = result.getObligations();
> if(obligationsSet != null)
> {
> for(Obligation obl:obligationsSet)
> {
> ObligationType obType = new ObligationType();
> obType.setObligationId(obl.getId().toASCIIString());
> obType.setFulfillOn(EffectType.fromValue(Result.DECISIONS[obl.getFulfillOn()]));
>
> ObligationsType obligationsType = new ObligationsType();
> obligationsType.getObligation().add(obType);
> resultType.setObligations(obligationsType);
> }
> }
> Causes the obligations to constantly get overwritten with the last one read in.
> --> resultType.setObligations(obligationsType)
> To fix, do something more like:
> // Obligations
> Set<Obligation> obligationsSet = result.getObligations();
> if (obligationsSet != null && obligationsSet.size() > 0) {
> ObligationsType obligationsType = new ObligationsType();
> for (Obligation obl : obligationsSet) {
> ObligationType obType = new ObligationType();
> obType.setObligationId(obl.getId().toASCIIString());
> obType.setFulfillOn(EffectType.fromValue(Result.DECISIONS[obl.getFulfillOn()]));
> obligationsType.getObligation().add(obType);
> }
> resultType.setObligations(obligationsType);
> }
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list