You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/03/08 11:04:09 UTC
[cxf-fediz] branch 1.4.x-fixes updated: Adding the secure
processing feature in the IdP
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
The following commit(s) were added to refs/heads/1.4.x-fixes by this push:
new a390914 Adding the secure processing feature in the IdP
a390914 is described below
commit a39091461c15827e0802b019a9c63c67eea7b06e
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Mar 8 10:42:25 2018 +0000
Adding the secure processing feature in the IdP
---
.../java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java
index e36ecf4..e044943 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java
@@ -20,6 +20,7 @@ package org.apache.cxf.fediz.service.idp.beans;
import java.io.StringWriter;
+import javax.xml.XMLConstants;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
@@ -46,7 +47,9 @@ public class TokenSerializer {
if (rpToken != null) {
StringWriter sw = new StringWriter();
try {
- Transformer t = TransformerFactory.newInstance().newTransformer();
+ TransformerFactory tf = TransformerFactory.newInstance();
+ tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ Transformer t = tf.newTransformer();
t.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
t.transform(new DOMSource(rpToken), new StreamResult(sw));
} catch (TransformerException te) {
--
To stop receiving notification emails like this one, please contact
coheigea@apache.org.