You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/11/30 14:13:23 UTC
[2/3] cxf git commit: Some minor changes to the SAML Grant Handler
Some minor changes to the SAML Grant Handler
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/203dd29b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/203dd29b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/203dd29b
Branch: refs/heads/3.0.x-fixes
Commit: 203dd29bac42b738480bbc3991c8c9cf8c26d2ed
Parents: b7ba15d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Nov 30 12:57:18 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Nov 30 13:03:13 2015 +0000
----------------------------------------------------------------------
.../grants/saml/Saml2BearerGrantHandler.java | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/203dd29b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
index 3be0905..3ac98f7 100644
--- a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
@@ -38,7 +38,6 @@ import org.apache.cxf.common.util.Base64Exception;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.jaxrs.utils.HttpUtils;
import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.rs.security.common.CryptoLoader;
import org.apache.cxf.rs.security.common.SecurityUtils;
@@ -64,7 +63,6 @@ import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.handler.RequestData;
-import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor;
import org.apache.wss4j.dom.validate.Credential;
import org.apache.wss4j.dom.validate.SamlAssertionValidator;
@@ -186,8 +184,15 @@ public class Saml2BearerGrantHandler extends AbstractGrantHandler {
} catch (IOException ex) {
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}
- data.setEnableRevocation(MessageUtils.isTrue(
- message.getContextualProperty(WSHandlerConstants.ENABLE_REVOCATION)));
+
+ boolean enableRevocation = false;
+ String enableRevocationStr =
+ (String)org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(
+ SecurityConstants.ENABLE_REVOCATION, message);
+ if (enableRevocationStr != null) {
+ enableRevocation = Boolean.parseBoolean(enableRevocationStr);
+ }
+ data.setEnableRevocation(enableRevocation);
Signature sig = assertion.getSignature();
WSDocInfo docInfo = new WSDocInfo(sig.getDOM().getOwnerDocument());
@@ -199,7 +204,10 @@ public class Saml2BearerGrantHandler extends AbstractGrantHandler {
data.getSigVerCrypto()
);
assertion.verifySignature(samlKeyInfo);
-
+ assertion.parseSubject(
+ new WSSSAMLKeyInfoProcessor(data, null), data.getSigVerCrypto(),
+ data.getCallbackHandler()
+ );
} else if (getTLSCertificates(message) == null) {
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}