OpenSAML user discussion

[Chad La Joie <>]

When you construct an XMLObject it does not yet carry any validators, 
they must be added.  So validate(boolean) doesn't do anything until you 
have your validators registered.  The idea I had here was that people 
would be able to afix validators to objects and throw them over a wall. 
 The code on the other side doesn't need to know anything about the 
SAML configuration (see below), can mess with the objects, and still 
validate them afterwords.

I think what you want to do is use some of the preconfigured validator 
suites, these contain validators for trees of XMLObjects (SAMLObjects in 
this case).

https://authdev.it.ohio-state.edu/twiki/bin/view/Shibboleth/OSTwoUserManJavaValidation


Chris Palmer wrote:
> I've struck what seem to be a whole set of problems with validation. The
> following test program demonstrates them. I'm using opensaml2 rev 793
> and xmltooling rev 189.
>
> -----------------------------------------------------------------------------------------------------------
>
> import java.io.StringWriter;
> import java.io.PrintWriter;
> import org.apache.log4j.Logger;
> import org.opensaml.Configuration;
> import org.opensaml.xml.XMLObjectBuilderFactory;
> import org.opensaml.saml2.core.AuthnStatement;
> import org.opensaml.saml2.core.impl.AuthnStatementBuilder;
> import org.opensaml.xml.validation.ValidationException;
> import org.opensaml.saml2.core.validator.AuthnStatementSchemaValidator;
>
> public class val {
>
> public static void main (String [] args) throws Exception {
>
>     Logger logger = Logger.getLogger (val.class);
>
>     try {
>        
>         Configuration.init ();
>         XMLObjectBuilderFactory builderFactory =
> Configuration.getBuilderFactory ();
>         AuthnStatementBuilder authnStatementBuilder =
> (AuthnStatementBuilder)builderFactory.getBuilder
> (AuthnStatement.DEFAULT_ELEMENT_NAME);
>
>         AuthnStatement authnStatement =
> authnStatementBuilder.buildObject ();
>
>         logger.debug ("Calling authnStatement.validate(false)");
>         authnStatement.validate (false);
>
>         logger.debug ("Calling AuthnStatementSchemaValidator ().validate");
>         try {
>             new AuthnStatementSchemaValidator ().validate (authnStatement);
>         } catch (ValidationException e) {
>             logger.debug (e);
>         }
>
>         logger.debug ("Calling authnStatement.validate(true)");
>         authnStatement.validate (true);
>    
>         logger.debug ("finished");
>    
>     } catch (NullPointerException e) {
>         StringWriter sw = new StringWriter ();
>         e.printStackTrace (new PrintWriter (sw));
>         logger.debug (sw.toString ());
>     }   
>
> }
>
> }
>
> ------------------------------------------------------------------------------------------
>
> 0    [main] DEBUG val  - Calling authnStatement.validate(false)
> 20   [main] DEBUG val  - Calling AuthnStatementSchemaValidator ().validate
> 20   [main] DEBUG val  -
> org.opensaml.xml.validation.ValidationException: AuthnInstant required
> 20   [main] DEBUG val  - Calling authnStatement.validate(true)
> 20   [main] DEBUG AbstractValidatingXMLObject  - Validating descendants
> of {urn:oasis:names:tc:SAML:2.0:assertion}AuthnStatement
> 20   [main] DEBUG val  - java.lang.NullPointerException
>     at
> org.opensaml.xml.validation.AbstractValidatingXMLObject.validateChildren(AbstractValidatingXMLObject.java:104)
>     at
> org.opensaml.xml.validation.AbstractValidatingXMLObject.validate(AbstractValidatingXMLObject.java:86)
>     at val.main(val.java:36)
>
> -------------------------------------------------------------------------------------------------------------------------
>
> (a) authnStatement.validate(false) should have spotted that AuthnInstant
> is required
> (b) AuthnStatementSchemaValidator.validate did correctly spot that
> AuthnInstant is required
> (c) authnStatement.validate(true) does not attempt validation of
> authnStatement itself (debug statement at
> AbstractValidatingXMLObject.java:76 is not called)
> (d) authnStatement.validate(true) dies with a NullPointerException at
> AbstractValidatingXMLObject.java:104
>
>
> Have I got something fundamentally wrong? I was assuming that calling
> authnStatement.validate(true) would perform all of the available
> validation for that element and all its children.
>
> One further question: the assertion schema (for example) has a second
> validator (AssertionSpecValidator). Will/should this (and any other
> similar ones for other schemas) be called using the
> ValidatingXMLObject.validate(true) method?
>
> This is my only problem so far by the way - it's a very nice implementation.
>
> Chris

--
Chad La Joie             2052-C Harris Bldg
OIS-Middleware           202.687.0124