Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-1764

SecurityConfiguration -LookupFunctions not doing null check at RP level

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.1.0
    • Component/s: Configuration
    • Labels:
      None

      Description

      All 6 of the -LookupFunction impls which resolve -Configuration instances from the various levels of SecurityConfiguration are missing the null check on the configs at the RP-specific level. These are marked @Nullable on the class interface, so the null check is necessary.

      The null check is being done properly on the per-profile configs, so this seems just like an error on the first impl that was then replicated to all the others by copy/paste (they're all basically identical).

      In particular this means that currently if you supply an override SecurityConfiguration at the RP level, you must supply all 6 -Configuration items, which is neither desirable nor intended. I guess we've not noticed this before because some of our instructions imply to use the convenience bean shibboleth.DefaultSecurityConfiguration as the parent and then override individual props. That's actually also not the best way to do this, b/c if you do have per-profile config, you are overriding it completely with the per-RP config.

        Attachments

          Activity

            People

            Assignee:
            putmanb@shibboleth.net Brent Putman
            Reporter:
            putmanb@shibboleth.net Brent Putman
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: