Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-1080

Eating the exception incase of error while processSAMLToken

    Details

      Description

      https://mvnrepository.com/artifact/com.sun.xml.xws/xws-security/3.0

       

      We observed exceptions around processSAMLToken is eaten inside and not throwing to the caller. Due to this Authentication failed is also treating as successful authentication and getting access to the underlying service resource.

       

      Expected: Let the exception be thrown to the caller and let it handle accordingly.

      Don't wrap with try-catch. Its just similar to how other tokens are being processing.

       

      More details are as follow:

      jar: xws-security-3.0.jar

      Package: com.sun.xml.wss.impl.

      Class: HarnessUtil

      Method: processWSSPolicy(final FilterProcessingContext fpContext).

       

      try{
       if (samlPolicy.getAssertionType() == 
       AuthenticationTokenPolicy.SAMLAssertionBinding.SV_ASSERTION) {
       AuthenticationTokenFilter.processSamlToken(fpContext);
       }
      }catch(Exception ex){
       //ignore it
      }
      

       

       

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              muralidev81 muralidev81
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: