Project

General

Profile

Task #2431

Bug #2429: knb mn's failing certain authorization tests

Session object with invalid subjectInfo xml

Added by Rob Nahf almost 13 years ago. Updated almost 13 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ben Leinfelder
Category:
-
Start date:
2012-03-02
Due date:
% Done:

100%

Milestone:
CCI-1.0.0
Product Version:
*
Story Points:
Sprint:

Description

need to decide whether invalid subjectInfo in general should throw an InvalidToken exception, or the service should see if it can answer the isAuthorized question without using the SubjectInfo.

metacat seems to allow it to try to succeed.
http://dev-testing.dataone.org:8080/hudson/job/d1_integration/org.dataone$d1_integration/1016/testReport/org.dataone.integration.it/MNodeTier2IT/testIsAuthorized_vs_NullPolicy_personOwner_3/

gmn throws InvalidToken

History

#1 Updated by Ben Leinfelder almost 13 years ago

  • Assignee set to Ben Leinfelder

I suppose we should through an InvalidToken when there is junk in the certificate where SubjectInfo is concerned, though I don't think it's a huge issue if we just treat this case as we would if it was missing altogether.

#2 Updated by Ben Leinfelder almost 13 years ago

  • Status changed from New to Closed

Now throwing InvalidToken when junk SubjectInfo is embedded in the certificate.
Note: it appeared that Metacat (because of it's use of CertificateManager) was not actually getting at any of those subjectinfo details. Now it will (with latest d1_libclient_java changes)

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)