You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/01/12 15:14:42 UTC
[2/3] cxf git commit: Fallback to the SubjectConfirmationData
NotOnOrAfter if there is no Session NotOnOrAfter value
Fallback to the SubjectConfirmationData NotOnOrAfter if there is no Session NotOnOrAfter value
# Conflicts:
# rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3940f80c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3940f80c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3940f80c
Branch: refs/heads/3.0.x-fixes
Commit: 3940f80c19c32e0b465b796e1366f023b9f82c60
Parents: e3ada01
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Jan 12 14:08:37 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Jan 12 14:10:38 2016 +0000
----------------------------------------------------------------------
.../saml/sso/SAMLSSOResponseValidator.java | 24 ++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/3940f80c/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index d41f3bd..e7aabcf 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -117,8 +117,15 @@ public class SAMLSSOResponseValidator {
// Check for AuthnStatements and validate the Subject accordingly
if (assertion.getAuthnStatements() != null
&& !assertion.getAuthnStatements().isEmpty()) {
+<<<<<<< HEAD
org.opensaml.saml2.core.Subject subject = assertion.getSubject();
if (validateAuthenticationSubject(subject, assertion.getID(), postBinding)) {
+=======
+ org.opensaml.saml.saml2.core.Subject subject = assertion.getSubject();
+ org.opensaml.saml.saml2.core.SubjectConfirmation subjectConf =
+ validateAuthenticationSubject(subject, assertion.getID(), postBinding);
+ if (subjectConf != null) {
+>>>>>>> ebc5032... Fallback to the SubjectConfirmationData NotOnOrAfter if there is no Session NotOnOrAfter value
validateAudienceRestrictionCondition(assertion.getConditions());
validAssertion = assertion;
// Store Session NotOnOrAfter
@@ -127,6 +134,10 @@ public class SAMLSSOResponseValidator {
sessionNotOnOrAfter = authnStatment.getSessionNotOnOrAfter().toDate();
}
}
+ // Fall back to the SubjectConfirmationData NotOnOrAfter if we have no session NotOnOrAfter
+ if (sessionNotOnOrAfter == null) {
+ sessionNotOnOrAfter = subjectConf.getSubjectConfirmationData().getNotOnOrAfter().toDate();
+ }
}
}
}
@@ -179,24 +190,29 @@ public class SAMLSSOResponseValidator {
/**
* Validate the Subject (of an Authentication Statement).
*/
+<<<<<<< HEAD
private boolean validateAuthenticationSubject(
org.opensaml.saml2.core.Subject subject, String id, boolean postBinding
+=======
+ private org.opensaml.saml.saml2.core.SubjectConfirmation validateAuthenticationSubject(
+ org.opensaml.saml.saml2.core.Subject subject, String id, boolean postBinding
+>>>>>>> ebc5032... Fallback to the SubjectConfirmationData NotOnOrAfter if there is no Session NotOnOrAfter value
) throws WSSecurityException {
if (subject.getSubjectConfirmations() == null) {
- return false;
+ return null;
}
- boolean foundBearerSubjectConf = false;
+ org.opensaml.saml.saml2.core.SubjectConfirmation validSubjectConf = null;
// We need to find a Bearer Subject Confirmation method
for (org.opensaml.saml2.core.SubjectConfirmation subjectConf
: subject.getSubjectConfirmations()) {
if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) {
- foundBearerSubjectConf = true;
validateSubjectConfirmation(subjectConf.getSubjectConfirmationData(), id, postBinding);
+ validSubjectConf = subjectConf;
}
}
- return foundBearerSubjectConf;
+ return validSubjectConf;
}
/**