You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2012/05/29 12:44:27 UTC
svn commit: r1343656 - in /cxf/fediz/trunk/plugins/core/src/main:
java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
resources/schemas/FedizConfig.xsd
Author: coheigea
Date: Tue May 29 10:44:26 2012
New Revision: 1343656
URL: http://svn.apache.org/viewvc?rev=1343656&view=rev
Log:
Wiring the schema max clock skew into the SAMLTokenValidator
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java?rev=1343656&r1=1343655&r2=1343656&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java (original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java Tue May 29 10:44:26 2012
@@ -73,12 +73,6 @@ public class SAMLTokenValidator implemen
private static final Logger LOG = LoggerFactory.getLogger(SAMLTokenValidator.class);
- /**
- * The time in seconds in the future within which the NotBefore time of an incoming
- * Assertion is valid. The default is 60 seconds.
- */
- private int futureTTL = 60;
-
// [TODO] make sure we answer true only for cases we actually can handle
@Override
public boolean canHandleTokenType(String tokenType) {
@@ -90,14 +84,6 @@ public class SAMLTokenValidator implemen
return true;
}
- /**
- * Set the time in seconds in the future within which the NotBefore time of an incoming
- * Assertion is valid. The default is 60 seconds.
- */
- public void setFutureTTL(int newFutureTTL) {
- futureTTL = newFutureTTL;
- }
-
public TokenValidatorResponse validateAndProcessToken(Element token,
FederationContext config) {
@@ -143,7 +129,7 @@ public class SAMLTokenValidator implemen
validateAssertion(assertion);
// Validate Conditions
- if (config.isDetectExpiredTokens() && !validateConditions(assertion)) {
+ if (config.isDetectExpiredTokens() && !validateConditions(assertion, config)) {
throw new RuntimeException(
"Error in validating conditions of the received Assertion"
);
@@ -435,7 +421,8 @@ public class SAMLTokenValidator implemen
}
protected boolean validateConditions(
- AssertionWrapper assertion
+ AssertionWrapper assertion,
+ FederationContext config
) {
DateTime validFrom = null;
DateTime validTill = null;
@@ -449,7 +436,7 @@ public class SAMLTokenValidator implemen
if (validFrom != null) {
DateTime currentTime = new DateTime();
- currentTime = currentTime.plusSeconds(futureTTL);
+ currentTime = currentTime.plusSeconds(config.getMaximumClockSkew().intValue());
if (validFrom.isAfter(currentTime)) {
LOG.warn("SAML Token condition (Not Before) not met");
return false;
Modified: cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd?rev=1343656&r1=1343655&r2=1343656&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd (original)
+++ cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd Tue May 29 10:44:26 2012
@@ -76,7 +76,7 @@
- <xs:element name="maximumClockSkew" type="xs:integer" />
+ <xs:element name="maximumClockSkew" type="xs:integer" default="60"/>
<xs:element name="tokenReplayCache" type="xs:string" />