[jboss-jira] [JBoss JIRA] (SECURITY-590) RequestAttributeFactory.createTimeAttributeType(attName, issuer) API call causes a parsing exception

Dan Gradl (Commented) (JIRA) jira-events at lists.jboss.org
Tue Nov 15 18:26:40 EST 2011 

    [ https://issues.jboss.org/browse/SECURITY-590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12643126#comment-12643126 ] 

Dan Gradl commented on SECURITY-590:
------------------------------------

Actually, what you have created is an invalid RequestContext.   The XACML 2.0 context schema requires that all Attributes have 1 or more AttributeValues.    In this case you aren't constructing the XML according to the schema, but you are instantiating a XACML request from the object model.  However, this is still an invalid XACML request context.   

Rather than throwing a cryptic ParsingException, it probably should validate the RequestContext according to the same rules in the access_control-xacml-2.0-context-schema-os.xsd and inform you that this context is incorrectly formed.

Perhaps you were thinking about a Policy?  There you can have a date time attribute and when the policy is evaluated it will get the current environment time.
                
> RequestAttributeFactory.createTimeAttributeType(attName, issuer) API call causes a parsing exception
> ----------------------------------------------------------------------------------------------------
>
>                 Key: SECURITY-590
>                 URL: https://issues.jboss.org/browse/SECURITY-590
>             Project: PicketBox (JBoss Security and Identity Management)
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: JBossXACML
>         Environment: Version was 2.0.6.Final
>            Reporter: Asankha Perera
>            Assignee: Anil Saldhana
>            Priority: Minor
>
> Using the API call RequestAttributeFactory.createTimeAttributeType(attName, issuer) causes a "ParsingException: couldn't create http://www.w3.org/2001/XMLSchema#time attribute based on DOM node"
> Note that with the above API call, we do not supply any time string, but assume that the current time is used. As a comparison the similar API call RequestAttributeFactory.createDateTimeAttributeType(attName, issuer) works without any issues - hence it seems logical that the createTimeAttributeType() contains a possible bug

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list