[jboss-jira] [JBoss JIRA] (SECURITY-669) JBossResponseContext getResult() does not copy obligation assignments

Dominic Messenger (JIRA) jira-events at lists.jboss.org
Thu Jul 19 07:15:06 EDT 2012 

Dominic Messenger created SECURITY-669:
------------------------------------------

             Summary: JBossResponseContext getResult() does not copy obligation assignments
                 Key: SECURITY-669
                 URL: https://issues.jboss.org/browse/SECURITY-669
             Project: PicketBox (JBoss Security and Identity Management)
          Issue Type: Bug
      Security Level: Public (Everyone can see)
          Components: JBossXACML
    Affects Versions: jbossxacml_2.0.6.Final
            Reporter: Dominic Messenger
            Assignee: Anil Saldhana


Affects jbossxacml 2.0.8.Final and below.

JBossresponseContext.getResult() copies obligations from the sunxacml result, but does not copy the attribute assignments:

The code block (lines 156-164):
    ObligationsType obligationsType = new ObligationsType();
    for(Obligation obl:obligationsSet)
    {
        ObligationType obType = new ObligationType();
        obType.setObligationId(obl.getId().toASCIIString());
        obType.setFulfillOn(EffectType.fromValue(Result.DECISIONS[obl.getFulfillOn()]));

        obligationsType.getObligation().add(obType);
    }


Should read something like:

ObligationsType obligationsType = new ObligationsType();
            for(Obligation obl:obligationsSet)
            {
               ObligationType obType = new ObligationType();
               obType.setObligationId(obl.getId().toASCIIString());
               obType.setFulfillOn(EffectType.fromValue(Result.DECISIONS[obl.getFulfillOn()]));
               for(Object attrValue : obl.getAssignments()) {
            	   Attribute attr = (Attribute)attrValue;
            	   AttributeAssignmentType aaType = new AttributeAssignmentType();
            	   aaType.setAttributeId(attr.getId().toASCIIString());
            	   aaType.setDataType(attr.getType().toASCIIString());
            	   aaType.getContent().add(attr.getValue());
            	   obType.getAttributeAssignment().add(aaType);
               }
               
               obligationsType.getObligation().add(obType);
            }

    

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list