Task #2431
Bug #2429: knb mn's failing certain authorization tests
Session object with invalid subjectInfo xml
100%
Description
need to decide whether invalid subjectInfo in general should throw an InvalidToken exception, or the service should see if it can answer the isAuthorized question without using the SubjectInfo.
metacat seems to allow it to try to succeed.
http://dev-testing.dataone.org:8080/hudson/job/d1_integration/org.dataone$d1_integration/1016/testReport/org.dataone.integration.it/MNodeTier2IT/testIsAuthorized_vs_NullPolicy_personOwner_3/
gmn throws InvalidToken
History
#1 Updated by Ben Leinfelder almost 13 years ago
- Assignee set to Ben Leinfelder
I suppose we should through an InvalidToken when there is junk in the certificate where SubjectInfo is concerned, though I don't think it's a huge issue if we just treat this case as we would if it was missing altogether.
#2 Updated by Ben Leinfelder almost 13 years ago
- Status changed from New to Closed
Now throwing InvalidToken when junk SubjectInfo is embedded in the certificate.
Note: it appeared that Metacat (because of it's use of CertificateManager) was not actually getting at any of those subjectinfo details. Now it will (with latest d1_libclient_java changes)