You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/01/12 15:14:42 UTC

[2/3] cxf git commit: Fallback to the SubjectConfirmationData NotOnOrAfter if there is no Session NotOnOrAfter value

Fallback to the SubjectConfirmationData NotOnOrAfter if there is no Session NotOnOrAfter value

# Conflicts:
#	rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3940f80c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3940f80c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3940f80c

Branch: refs/heads/3.0.x-fixes
Commit: 3940f80c19c32e0b465b796e1366f023b9f82c60
Parents: e3ada01
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Jan 12 14:08:37 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Jan 12 14:10:38 2016 +0000

----------------------------------------------------------------------
 .../saml/sso/SAMLSSOResponseValidator.java      | 24 ++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/3940f80c/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index d41f3bd..e7aabcf 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -117,8 +117,15 @@ public class SAMLSSOResponseValidator {
             // Check for AuthnStatements and validate the Subject accordingly
             if (assertion.getAuthnStatements() != null
                 && !assertion.getAuthnStatements().isEmpty()) {
+<<<<<<< HEAD
                 org.opensaml.saml2.core.Subject subject = assertion.getSubject();
                 if (validateAuthenticationSubject(subject, assertion.getID(), postBinding)) {
+=======
+                org.opensaml.saml.saml2.core.Subject subject = assertion.getSubject();
+                org.opensaml.saml.saml2.core.SubjectConfirmation subjectConf = 
+                    validateAuthenticationSubject(subject, assertion.getID(), postBinding);
+                if (subjectConf != null) {
+>>>>>>> ebc5032... Fallback to the SubjectConfirmationData NotOnOrAfter if there is no Session NotOnOrAfter value
                     validateAudienceRestrictionCondition(assertion.getConditions());
                     validAssertion = assertion;
                     // Store Session NotOnOrAfter
@@ -127,6 +134,10 @@ public class SAMLSSOResponseValidator {
                             sessionNotOnOrAfter = authnStatment.getSessionNotOnOrAfter().toDate();
                         }
                     }
+                    // Fall back to the SubjectConfirmationData NotOnOrAfter if we have no session NotOnOrAfter
+                    if (sessionNotOnOrAfter == null) {
+                        sessionNotOnOrAfter = subjectConf.getSubjectConfirmationData().getNotOnOrAfter().toDate();
+                    }
                 }
             }
         }
@@ -179,24 +190,29 @@ public class SAMLSSOResponseValidator {
     /**
      * Validate the Subject (of an Authentication Statement).
      */
+<<<<<<< HEAD
     private boolean validateAuthenticationSubject(
         org.opensaml.saml2.core.Subject subject, String id, boolean postBinding
+=======
+    private org.opensaml.saml.saml2.core.SubjectConfirmation validateAuthenticationSubject(
+        org.opensaml.saml.saml2.core.Subject subject, String id, boolean postBinding
+>>>>>>> ebc5032... Fallback to the SubjectConfirmationData NotOnOrAfter if there is no Session NotOnOrAfter value
     ) throws WSSecurityException {
         if (subject.getSubjectConfirmations() == null) {
-            return false;
+            return null;
         }
         
-        boolean foundBearerSubjectConf = false;
+        org.opensaml.saml.saml2.core.SubjectConfirmation validSubjectConf = null;
         // We need to find a Bearer Subject Confirmation method
         for (org.opensaml.saml2.core.SubjectConfirmation subjectConf 
             : subject.getSubjectConfirmations()) {
             if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) {
-                foundBearerSubjectConf = true;
                 validateSubjectConfirmation(subjectConf.getSubjectConfirmationData(), id, postBinding);
+                validSubjectConf = subjectConf;
             }
         }
         
-        return foundBearerSubjectConf;
+        return validSubjectConf;
     }
     
     /**