Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-669

JBossResponseContext getResult() does not copy obligation assignments

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • jbossxacml_2.0.6.Final
    • JBossXACML
    • None
    • Low

      Affects jbossxacml 2.0.8.Final and below.

      JBossresponseContext.getResult() copies obligations from the sunxacml result, but does not copy the attribute assignments:

      The code block (lines 156-164):
      ObligationsType obligationsType = new ObligationsType();
      for(Obligation obl:obligationsSet)

      { ObligationType obType = new ObligationType(); obType.setObligationId(obl.getId().toASCIIString()); obType.setFulfillOn(EffectType.fromValue(Result.DECISIONS[obl.getFulfillOn()])); obligationsType.getObligation().add(obType); }

      Should read something like:

      ObligationsType obligationsType = new ObligationsType();
      for(Obligation obl:obligationsSet)
      {
      ObligationType obType = new ObligationType();
      obType.setObligationId(obl.getId().toASCIIString());
      obType.setFulfillOn(EffectType.fromValue(Result.DECISIONS[obl.getFulfillOn()]));
      for(Object attrValue : obl.getAssignments())

      { Attribute attr = (Attribute)attrValue; AttributeAssignmentType aaType = new AttributeAssignmentType(); aaType.setAttributeId(attr.getId().toASCIIString()); aaType.setDataType(attr.getType().toASCIIString()); aaType.getContent().add(attr.getValue()); obType.getAttributeAssignment().add(aaType); }

      obligationsType.getObligation().add(obType);
      }

              Unassigned Unassigned
              dominic.messenger Dominic Messenger (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: