[jboss-jira] [JBoss JIRA] (SECURITY-653) JBossPDP isDirectory called should check if the argument is of file pattern

Josef Cacek (JIRA) jira-events at lists.jboss.org
Thu Apr 5 02:45:47 EDT 2012 

    [ https://issues.jboss.org/browse/SECURITY-653?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12681911#comment-12681911 ] 

Josef Cacek commented on SECURITY-653:
--------------------------------------

The fix solves the mentioned use-case, but I think it's still not correct and it will cause problems if the policies location is a directory.
There is no guarantee the folder path will be prefixed by the scheme (file:).

E.g. there could be policyConfig.xml with
<{urn:jboss:xacml:2.0}Location>path/to/policies/folder</{urn:jboss:xacml:2.0}Location>
for which the isDirectory() call returns false, because it's not starting with "file".
                
> JBossPDP isDirectory called should check if the argument is of file pattern
> ---------------------------------------------------------------------------
>
>                 Key: SECURITY-653
>                 URL: https://issues.jboss.org/browse/SECURITY-653
>             Project: PicketBox (JBoss Security and Identity Management)
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: JBossXACML
>    Affects Versions: jbossxacml_2.0.6.Final
>            Reporter: Anil Saldhana
>            Assignee: Anil Saldhana
>             Fix For: picketbox_xacml_2.0.8.Final
>
>         Attachments: jbossxacml-2.0.8-SNAPSHOT.jar
>
>
> https://issues.jboss.org/browse/JBPAPP-8462 has an exception for the AS7 environment.
> ======================
> 15:51:51,112 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/pdp].[SOAPSAMLXACMLPDPServlet]] (http--127.0.0.1-8080-1) Allocate exception for servlet SOAPSAMLXACMLPDPServlet: java.lang.IllegalArgumentException: URI scheme is not "file"
> 	at java.io.File.<init>(File.java:366) [rt.jar:1.6.0_31]
> 	at org.jboss.security.xacml.core.JBossPDP.isDirectory(JBossPDP.java:590) [jbossxacml-2.0.6.Final.jar:2.0.6.Final]
> 	at org.jboss.security.xacml.core.JBossPDP.addPolicySets(JBossPDP.java:466) [jbossxacml-2.0.6.Final.jar:2.0.6.Final]
> 	at org.jboss.security.xacml.core.JBossPDP.bootstrap(JBossPDP.java:344) [jbossxacml-2.0.6.Final.jar:2.0.6.Final]
> 	at org.jboss.security.xacml.core.JBossPDP.<init>(JBossPDP.java:157) [jbossxacml-2.0.6.Final.jar:2.0.6.Final]
> 	at org.picketlink.identity.federation.core.pdp.SOAPSAMLXACMLPDP.getPDP(SOAPSAMLXACMLPDP.java:126) [picketlink-fed-2.0.2.Final.jar:2.0.2.Final]
> 	at org.picketlink.identity.federation.core.pdp.SOAPSAMLXACMLPDP.<init>(SOAPSAMLXACMLPDP.java:75) [picketlink-fed-2.0.2.Final.jar:2.0.2.Final]
> ==========================

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list