You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/09/13 12:04:24 UTC
svn commit: r1522841 - in /cxf/trunk/services/sts:
sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml
Author: coheigea
Date: Fri Sep 13 10:04:24 2013
New Revision: 1522841
URL: http://svn.apache.org/r1522841
Log:
Set the audience restriction check in the STS to "false" by default
Modified:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java?rev=1522841&r1=1522840&r2=1522841&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java Fri Sep 13 10:04:24 2013
@@ -37,14 +37,15 @@ import org.opensaml.saml1.core.AudienceR
/**
* The SAML TokenDelegationHandler implementation. It disallows ActAs or OnBehalfOf for
* all cases apart from the case of a Bearer SAML Token. In addition, the AppliesTo
- * address (if supplied) must match an AudienceRestriction address (if in token)
+ * address (if supplied) must match an AudienceRestriction address (if in token), if the
+ * "checkAudienceRestriction" property is set to "true".
*/
public class SAMLDelegationHandler implements TokenDelegationHandler {
private static final Logger LOG =
LogUtils.getL7dLogger(SAMLDelegationHandler.class);
- private boolean checkAudienceRestriction = true;
+ private boolean checkAudienceRestriction;
public boolean canHandleToken(ReceivedToken delegateTarget) {
Object token = delegateTarget.getToken();
@@ -137,7 +138,7 @@ public class SAMLDelegationHandler imple
/**
* Set whether to perform a check that the received AppliesTo address is contained in the
- * token as one of the AudienceRestriction URIs. The default is true.
+ * token as one of the AudienceRestriction URIs. The default is false.
* @param checkAudienceRestriction whether to perform an audience restriction check or not
*/
public void setCheckAudienceRestriction(boolean checkAudienceRestriction) {
Modified: cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml?rev=1522841&r1=1522840&r2=1522841&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml Fri Sep 13 10:04:24 2013
@@ -48,9 +48,7 @@
</cxf:bus>
<bean id="hokDelegationHandler"
- class="org.apache.cxf.sts.token.delegation.HOKDelegationHandler">
- <property name="checkAudienceRestriction" value="false"/>
- </bean>
+ class="org.apache.cxf.sts.token.delegation.HOKDelegationHandler" />
<bean id="transportSTSProviderBean2"
class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">