Bug 5076 - Authorization interface declares serializable, but impls are not
: Authorization interface declares serializable, but impls are not
Status: RESOLVED FIXED
: Java WS Security
Authorization
: unspecified
: All All
: P2 normal
: 4.2.0
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2007-03-05 04:47 by
Modified: 2008-03-14 15:25 (History)


Attachments
JUnit test case describing the problem (1.21 KB, text/plain)
2007-03-05 04:55, Olle Mulmo
Details


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2007-03-05 04:47:00
The Authorization interface declares Serializable but the implementations are
not. Furthermore, they use internal member objects that are non-serializable
and thus make hibernation/persistance of e.g. ClientSecurityDescriptor
instances fail.
------- Comment #1 From 2007-03-05 04:55:28 -------
Created an attachment (id=1198) [details]
JUnit test case describing the problem

Attaching a Junit test case that examplifies the problem: in this case,
HostAuthorization has a non-serializable GSSName member variable 'expected'
that makes serialization fail.

It should be pointed out that the same problem of declaring Serializable while
not really supporting it exists for the other implementations of the
Authorization interface as well.
------- Comment #2 From 2007-11-28 00:03:46 -------
       Hi all!
       I want to extends authentication method by change verifyCertChain method
in x509 class. I want to write MyX509.class to resign this method but I don't
know to configure in globus GSI.
       Can you help me config in order to globus perform my new class.
       Thanks!!!
------- Comment #3 From 2008-02-27 15:46:00 -------
This is not an interface change, so changing it to P2, to better track core and
security freeze for 4.2 release.
------- Comment #4 From 2008-03-13 23:16:06 -------
Thanks Olle for reporting the issue and test attachment.

Client side authorization implementations have been fixed and test has been
augmented to explicitly exercise the code. 

Leaving bug open to ensure server side authorization implementations are also
fixed similarly. 
------- Comment #5 From 2008-03-14 15:25:44 -------
Similar fixes committed to trunk for supported PDPs.