Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] XACML providers not correctly registered by DefaultBootstrap?

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] XACML providers not correctly registered by DefaultBootstrap?


Chronological Thread 
  • From: Kenny Pearce <>
  • To:
  • Subject: Re: [OpenSAML] XACML providers not correctly registered by DefaultBootstrap?
  • Date: Wed, 30 Apr 2008 12:29:32 -0400
  • Organization: Hx Technologies
I have looked at this before. The only difference I see between what you
are doing and what I am doing is that you call the "get" methods of all
of the members. Is this step needed for some reason? You are reading in
and unmarshalling XML and putting the very same objects inyour statement
without releasing anything. This doesn't cause an error for you?

By the way, I am also having another problem: some pieces of my policy
disappear when I embed it in the response. This includes all
Descriptions, the content of my Subject element, and the content of one
Rule, at least. This is very odd behavior to say the least.

On Wed, 2008-04-30 at 17:58 +0200, Håkon Sagehaug wrote:
> Hi
>
> Have you looked at this site
>
> http://www.bccs.uib.no/~hakont/SAMLXACMLExtension/
>
> Here you will find an example project in how to create and
> unmarshaling a XACMLPolicyStatement I think, and the other xacml
> elements as well.
>
> This is done with the latest jar the realease 2.1
>
> cheers, Håkon
>
> 2008/4/30 Kenny Pearce
> <>:
> Update on this error: it is caused by the fact that I have my
> policies
> in XML, and I unmarshall them and then try to add them. If I
> release the
> DOM for the policy and it's children, I don't get this error,
> but I get
> a different error. I marshall the whole response to DOM and I
> can print
> it out and it looks fine. I then return a DOMSource object
> (I'm using
> the JAX-WS Provider interface to implement my IdP). When
> JAX-WS tries to
> write this to the stream it gives this error:
> "javax.xml.stream.XMLStreamException: xmlns has been already
> bound to
> urn:oasis:names:tc:xacml:2.0:policy:schema:os. Rebinding it
> to is an
> error". So it appears that an xmlns="" is being added.
>
> Should I have to release the DOM manually? Is there a good way
> to deal
> with the namespace issue?
>
> Thanks.
>
>
> On Wed, 2008-04-30 at 09:42 -0400, Kenny Pearce wrote:
> > So, I got the previous problem fixed, but now marshalling is
> failing
> > with:
> >
> > org.w3c.dom.DOMException: WRONG_DOCUMENT_ERR: A node is used
> in a
> > different document than the one that created it.
> > at
> org.apache.xerces.dom.ParentNode.internalInsertBefore(Unknown
> > Source)
> > at
> org.apache.xerces.dom.ParentNode.insertBefore(Unknown Source)
> > at
> org.apache.xerces.dom.NodeImpl.appendChild(Unknown Source)
> > at
> >
>
> org.opensaml.xml.util.XMLHelper.appendChildElement(XMLHelper.java:468)
> > at
> >
>
> org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:162)
> > at
> >
>
> org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallChildElements(AbstractXMLObjectMarshaller.java:317)
> > etc.
> >
> > I only have this problem when XACML elements are used. Any
> ideas?
> >
> > On Tue, 2008-04-29 at 17:30 -0400, Brent Putman wrote:
> > >
> > > Kenny Pearce wrote:
> > > > Hi,
> > > > I am using the latest OpenSAML binary release (2.1.0)
> and trying to
> > > > construct an XACMLPolicyStatement. The
> XMLObjectBuilderFactory cannot
> > > > find a builder for it.
> > >
> > >
> > > I'm not sure why that is, it is there in the provider
> config file
> > > xacml2-saml2-profile-config.xml:
> > >
> > > <!-- XACMLPolicyStatement -->
> > > <ObjectProvider
> qualifiedName="xacml-saml:XACMLPolicyStatement">
> > > <BuilderClass
> > >
>
> className="org.opensaml.xacml.profile.saml.impl.XACMLPolicyStatementTypeImplBuilder"
> > > />
> > > <MarshallingClass
> > >
>
> className="org.opensaml.xacml.profile.saml.impl.XACMLPolicyStatementTypeMarshaller"
> > > />
> > > <UnmarshallingClass
> > >
>
> className="org.opensaml.xacml.profile.saml.impl.XACMLPolicyStatementTypeUnmarshaller"
> > > />
> > > </ObjectProvider>
> > >
> > > <ObjectProvider
> qualifiedName="xacml-saml:XACMLPolicyStatementType">
> > > <BuilderClass
> > >
>
> className="org.opensaml.xacml.profile.saml.impl.XACMLPolicyStatementTypeImplBuilder"
> > > />
> > > <MarshallingClass
> > >
>
> className="org.opensaml.xacml.profile.saml.impl.XACMLPolicyStatementTypeMarshaller"
> > > />
> > > <UnmarshallingClass
> > >
>
> className="org.opensaml.xacml.profile.saml.impl.XACMLPolicyStatementTypeUnmarshaller"
> > > />
> > > </ObjectProvider>
> > >
> > >
> > >
> > > Are you trying to lookup by the type or element QName?
> > >
> > > Also, don't know for what purpose you are using the XACML
> policy
> > > statement, but just pointing out that if this is intended
> to go as a
> > > statement in a saml:Assertion, you have to use a Statement
> element with
> > > an xsi:type, becuase of the way the SAML schema is
> defined.
> > >
> > >
> > > > If I manually instantiate an
> > > > XACMLPolicyStatementTypeImplBuilder, then it crashes
> later on because it
> > > > can't find the marshaller and tries to use the
> XSAnyMarshaller. I have
> > > > double-checked that I have an OpenSAML jar version with
> the relevant XML
> > > > files. The only thing I can think of is that it may have
> to do with my
> > > > version of xmltooling - I have built that from the
> latest SVN because I
> > > > need my XSDateTime patch.
> > >
> > > FYI, I don't think xmltooling is relevant to your problem,
> but I would
> > > say in general:
> > > 1) you probably do want to keep your version of xmltooling
> (openws) in
> > > sync with what's released with a particular version of
> opensaml2, just
> > > to avoid problems
> > > 2) if you have your own object provider impls, you might
> want to keep
> > > and package those separate from our libraries, for the
> above reason. Or
> > > submit this as a feature request/patch via Jira, and we
> could include it
> > > with the distribution, subject to whatever contributer
> agreements, etc
> > > that might be neccesary. I'd have to check on that, or
> maybe Chad or
> > > Scott knows more.
> > >
> > > > However, it doesn't seem that there is an
> > > > xacml-integration branch on xmltooling or anything like
> that.
> > >
> > > No, there's not. FYI, again not necessarily related to
> your problem:
> > > all development in these projects is being done on the
> REL_X branch that
> > > corresponds to the current major release, *not* on the
> trunk, so if
> > > you want the latest "current" code, that's what you should
> be pulling.
> > >
> > > > Besides,
> > > > it seems to me that as long as DefaultBootstrap is right
> it shouldn't
> > > > matter. Any idea why this would not work?
> > > >
> > >
> > > Correct it should work as long as DefaultBootstrap is
> right, which it
> > > appears to be. See my followup on your next message.
> > >
> >
>
>
> --
> Kenny Pearce
> <>
> Hx Technologies
>
>
>
>
>
> --
> Håkon Sagehaug, Software Developer
> Parallab, Bergen Center for Computational Science (BCCS)
> UNIFOB AS (University of Bergen Research Company)


Archive powered by MHonArc 2.6.16.

Top of Page