OpenSAML user discussion

[Brent Putman <>]

On 4/23/10 11:45 AM, Anthony Whitehead wrote:
> 
> Here is the exception:
> 
> java.lang.ClassCastException: org.opensaml.xml.schema.impl.
> XSAnyImpl
> 



The actual runtime object that's getting unmarshalled appears to be an
XSAny, which is the default object provider that's used when the Element
or type QName is not one that has registered support in the providers
registered with the unmarshaller factory.



> 
> Here is the simple testing code:
> 
> 
>         Unmarshaller queryUnmarshaller =
> Configuration.getUnmarshallerFactory().getUnmarshaller(XACMLAuthzDecisionQueryType.DEFAULT_ELEMENT_NAME_XACML20);
> 


That actual cast error above is happening ultimately b/c you're
explictly getting an unmarshaller for that specific type, as opposed to
using getUnmarshaller(element) and letting it up the right unmarshaller
impl based on the actual element that you are using.  Although doing
that wouldn't solve your problem (see below), you'd basically just be
pushing the casting error to a different point in your processing
(assuming you eventually cast it in your code to a
XACMLAuthzDecisionQueryType).




> 
> And here is the simple XACML data:
> <?xml version="1.0"
> encoding="UTF-8"?><xacml-samlp:XACMLAuthzDecisionQuery
> xmlns:xacml-samlp="urn:oasis:xacml:2.0:saml:protocol:schema:os"


But you're real problem is here.  The SAML profile of XACML that's
supported in OpenSAML is not that one.  See this Jira issue, which will
hopefully explain things:


https://bugs.internet2.edu/jira/browse/JOST-34


Basically, there is no object provider support in OpenSAML for a
XACMLAuthzDecisionQuery element from the namespace
urn:oasis:xacml:2.0:saml:protocol:schema:os.  The OpenSAML supports is
from namespace
urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:protocol.


HTH,
Brent