mace-opensaml-users - Re: Validation woes
Subject: OpenSAML user discussion
List archive
- From: Chad La Joie <>
- To:
- Subject: Re: Validation woes
- Date: Wed, 20 Sep 2006 07:16:29 -0400
- Organization: UIS - middleware
When you construct an XMLObject it does not yet carry any validators, they must be added. So validate(boolean) doesn't do anything until you have your validators registered. The idea I had here was that people would be able to afix validators to objects and throw them over a wall. The code on the other side doesn't need to know anything about the SAML configuration (see below), can mess with the objects, and still validate them afterwords.
I think what you want to do is use some of the preconfigured validator suites, these contain validators for trees of XMLObjects (SAMLObjects in this case).
https://authdev.it.ohio-state.edu/twiki/bin/view/Shibboleth/OSTwoUserManJavaValidation
Chris Palmer wrote:
I've struck what seem to be a whole set of problems with validation. The
following test program demonstrates them. I'm using opensaml2 rev 793
and xmltooling rev 189.
-----------------------------------------------------------------------------------------------------------
import java.io.StringWriter;
import java.io.PrintWriter;
import org.apache.log4j.Logger;
import org.opensaml.Configuration;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.impl.AuthnStatementBuilder;
import org.opensaml.xml.validation.ValidationException;
import org.opensaml.saml2.core.validator.AuthnStatementSchemaValidator;
public class val {
public static void main (String [] args) throws Exception {
Logger logger = Logger.getLogger (val.class);
try {
Configuration.init ();
XMLObjectBuilderFactory builderFactory =
Configuration.getBuilderFactory ();
AuthnStatementBuilder authnStatementBuilder =
(AuthnStatementBuilder)builderFactory.getBuilder
(AuthnStatement.DEFAULT_ELEMENT_NAME);
AuthnStatement authnStatement =
authnStatementBuilder.buildObject ();
logger.debug ("Calling authnStatement.validate(false)");
authnStatement.validate (false);
logger.debug ("Calling AuthnStatementSchemaValidator ().validate");
try {
new AuthnStatementSchemaValidator ().validate (authnStatement);
} catch (ValidationException e) {
logger.debug (e);
}
logger.debug ("Calling authnStatement.validate(true)");
authnStatement.validate (true);
logger.debug ("finished");
} catch (NullPointerException e) {
StringWriter sw = new StringWriter ();
e.printStackTrace (new PrintWriter (sw));
logger.debug (sw.toString ());
}
}
}
------------------------------------------------------------------------------------------
0 [main] DEBUG val - Calling authnStatement.validate(false)
20 [main] DEBUG val - Calling AuthnStatementSchemaValidator ().validate
20 [main] DEBUG val -
org.opensaml.xml.validation.ValidationException: AuthnInstant required
20 [main] DEBUG val - Calling authnStatement.validate(true)
20 [main] DEBUG AbstractValidatingXMLObject - Validating descendants
of {urn:oasis:names:tc:SAML:2.0:assertion}AuthnStatement
20 [main] DEBUG val - java.lang.NullPointerException
at
org.opensaml.xml.validation.AbstractValidatingXMLObject.validateChildren(AbstractValidatingXMLObject.java:104)
at
org.opensaml.xml.validation.AbstractValidatingXMLObject.validate(AbstractValidatingXMLObject.java:86)
at val.main(val.java:36)
-------------------------------------------------------------------------------------------------------------------------
(a) authnStatement.validate(false) should have spotted that AuthnInstant
is required
(b) AuthnStatementSchemaValidator.validate did correctly spot that
AuthnInstant is required
(c) authnStatement.validate(true) does not attempt validation of
authnStatement itself (debug statement at
AbstractValidatingXMLObject.java:76 is not called)
(d) authnStatement.validate(true) dies with a NullPointerException at
AbstractValidatingXMLObject.java:104
Have I got something fundamentally wrong? I was assuming that calling
authnStatement.validate(true) would perform all of the available
validation for that element and all its children.
One further question: the assertion schema (for example) has a second
validator (AssertionSpecValidator). Will/should this (and any other
similar ones for other schemas) be called using the
ValidatingXMLObject.validate(true) method?
This is my only problem so far by the way - it's a very nice implementation.
Chris
--
Chad La Joie 2052-C Harris Bldg
OIS-Middleware 202.687.0124
- Validation woes, Chris Palmer, 09/15/2006
- Re: Validation woes, Chad La Joie, 09/20/2006
- <Possible follow-up(s)>
- Re: Validation woes, chris . palmer, 09/19/2006
- Re: Re: Validation woes, chris . palmer, 09/19/2006
- Re: Validation woes, Chad La Joie, 09/20/2006
Archive powered by MHonArc 2.6.16.