You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ws.apache.org by co...@apache.org on 2012/11/22 11:18:05 UTC

svn commit: r1412481 - /webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java

Author: coheigea
Date: Thu Nov 22 10:18:05 2012
New Revision: 1412481

URL: http://svn.apache.org/viewvc?rev=1412481&view=rev
Log:
Stop calling SignatureProfileValidator twice

Modified:
    webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java

Modified: webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java?rev=1412481&r1=1412480&r2=1412481&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java (original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java Thu Nov 22 10:18:05 2012
@@ -34,10 +34,8 @@ import org.apache.ws.security.util.DOM2W
 import org.apache.ws.security.validate.Credential;
 import org.apache.ws.security.validate.Validator;
 
-import org.opensaml.security.SAMLSignatureProfileValidator;
 import org.opensaml.xml.signature.KeyInfo;
 import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.validation.ValidationException;
 import org.w3c.dom.Element;
 
 import java.security.NoSuchProviderException;
@@ -133,18 +131,10 @@ public class SAMLTokenProcessor implemen
     ) throws WSSecurityException {
         AssertionWrapper assertion = new AssertionWrapper(token);
         if (assertion.isSigned()) {
-            Signature sig = assertion.getSignature();
-
-            SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
-            try {
-                profileValidator.validate(sig);
-            } catch (ValidationException ex) {
-                throw new WSSecurityException("SAML signature validation failed", ex);
-            }
-            
             // Check for compliance against the defined AlgorithmSuite
             AlgorithmSuite algorithmSuite = data.getSamlAlgorithmSuite();
             
+            Signature sig = assertion.getSignature();
             KeyInfo keyInfo = sig.getKeyInfo();
             SAMLKeyInfo samlKeyInfo = 
                 SAMLUtil.getCredentialDirectlyFromKeyInfo(