You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/09/06 10:04:15 UTC

cxf git commit: CXF-7039 - JAX-RS Security SAML web SSO consumer service can not validate SAML response behind reverse proxy

Repository: cxf
Updated Branches:
  refs/heads/master e1fe28c72 -> 9247aad0c


CXF-7039 - JAX-RS Security SAML web SSO consumer service can not validate SAML response behind reverse proxy


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9247aad0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9247aad0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9247aad0

Branch: refs/heads/master
Commit: 9247aad0cf49619fe207559c9e4e60f1e0150e0d
Parents: e1fe28c
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Sep 6 11:03:55 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Sep 6 11:03:55 2016 +0100

----------------------------------------------------------------------
 .../AbstractRequestAssertionConsumerHandler.java    | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/9247aad0/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
index 0e801f3..7486313 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
@@ -72,6 +72,7 @@ public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSS
     private MessageContext messageContext;
     private String applicationURL;
     private boolean parseApplicationURLFromRelayState;
+    private String assertionConsumerServiceAddress;
     
     @Context 
     public void setMessageContext(MessageContext mc) {
@@ -334,8 +335,11 @@ public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSS
     ) {
         try {
             SAMLSSOResponseValidator ssoResponseValidator = new SAMLSSOResponseValidator();
-            ssoResponseValidator.setAssertionConsumerURL(
-                messageContext.getUriInfo().getAbsolutePath().toString());
+            String racsAddress = assertionConsumerServiceAddress;
+            if (racsAddress == null) {
+                racsAddress = messageContext.getUriInfo().getAbsolutePath().toString();
+            }
+            ssoResponseValidator.setAssertionConsumerURL(racsAddress);
 
             ssoResponseValidator.setClientAddress(
                  messageContext.getHttpServletRequest().getRemoteAddr());
@@ -402,4 +406,12 @@ public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSS
         this.parseApplicationURLFromRelayState = parseApplicationURLFromRelayState;
     }
 
+    public String getAssertionConsumerServiceAddress() {
+        return assertionConsumerServiceAddress;
+    }
+
+    public void setAssertionConsumerServiceAddress(String assertionConsumerServiceAddress) {
+        this.assertionConsumerServiceAddress = assertionConsumerServiceAddress;
+    }
+
 }