Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Eating the exception incase of error while processSAMLToken [SWS-1080] #1146

Open
gregturn opened this issue Dec 17, 2019 · 0 comments
Open

Eating the exception incase of error while processSAMLToken [SWS-1080] #1146

gregturn opened this issue Dec 17, 2019 · 0 comments

Comments

@gregturn
Copy link
Member

@gregturn gregturn commented Dec 17, 2019

muralidev81 opened SWS-1080 and commented

https://mvnrepository.com/artifact/com.sun.xml.xws/xws-security/3.0

 

We observed exceptions around processSAMLToken is eaten inside and not throwing to the caller. Due to this Authentication failed is also treating as successful authentication and getting access to the underlying service resource.

 

Expected: Let the exception be thrown to the caller and let it handle accordingly.

Don't wrap with try-catch. Its just similar to how other tokens are being processing.

 

More details are as follow:

jar: xws-security-3.0.jar

Package: com.sun.xml.wss.impl.

Class: HarnessUtil

Method: processWSSPolicy(final FilterProcessingContext fpContext).

 

try{
 if (samlPolicy.getAssertionType() == 
 AuthenticationTokenPolicy.SAMLAssertionBinding.SV_ASSERTION) {
 AuthenticationTokenFilter.processSamlToken(fpContext);
 }
}catch(Exception ex){
 //ignore it
}

 

 

 


Affects: 3.0.0.RELEASE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
You can’t perform that action at this time.