You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/11/27 13:44:01 UTC

[3/3] cxf git commit: Avoid a bug that a bearer subject conf is not enforced if the subject conf list is not empty

Avoid a bug that a bearer subject conf is not enforced if the subject conf list is not empty


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/cb5681f7
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/cb5681f7
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/cb5681f7

Branch: refs/heads/master
Commit: cb5681f71eb562b9d437fd637a0de8b3b35793c2
Parents: d4e1d30
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Nov 27 12:04:48 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Nov 27 12:04:48 2015 +0000

----------------------------------------------------------------------
 .../rs/security/oauth2/saml/SamlOAuthValidator.java  | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/cb5681f7/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
index 5a87fd4..48830b0 100644
--- a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
+++ b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
@@ -124,17 +124,18 @@ public class SamlOAuthValidator {
     private boolean validateAuthenticationSubject(Message m, 
                                                   Conditions cs,
                                                   org.opensaml.saml.saml2.core.Subject subject) {
-        if (subject.getSubjectConfirmations() == null) {
-            return false;
-        }
         // We need to find a Bearer Subject Confirmation method
-        for (SubjectConfirmation subjectConf : subject.getSubjectConfirmations()) {
-            if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) {
-                validateSubjectConfirmation(m, cs, subjectConf.getSubjectConfirmationData());
+        boolean bearerSubjectConfFound = false;
+        if (subject.getSubjectConfirmations() != null) {
+            for (SubjectConfirmation subjectConf : subject.getSubjectConfirmations()) {
+                if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) {
+                    validateSubjectConfirmation(m, cs, subjectConf.getSubjectConfirmationData());
+                    bearerSubjectConfFound = true;
+                }
             }
         }
           
-        return true;
+        return bearerSubjectConfFound;
     }
       
       /**