You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/03/08 11:04:09 UTC

[cxf-fediz] branch 1.4.x-fixes updated: Adding the secure processing feature in the IdP

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git


The following commit(s) were added to refs/heads/1.4.x-fixes by this push:
     new a390914  Adding the secure processing feature in the IdP
a390914 is described below

commit a39091461c15827e0802b019a9c63c67eea7b06e
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Mar 8 10:42:25 2018 +0000

    Adding the secure processing feature in the IdP
---
 .../java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java
index e36ecf4..e044943 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java
@@ -20,6 +20,7 @@ package org.apache.cxf.fediz.service.idp.beans;
 
 import java.io.StringWriter;
 
+import javax.xml.XMLConstants;
 import javax.xml.transform.OutputKeys;
 import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerException;
@@ -46,7 +47,9 @@ public class TokenSerializer {
         if (rpToken != null) {
             StringWriter sw = new StringWriter();
             try {
-                Transformer t = TransformerFactory.newInstance().newTransformer();
+                TransformerFactory tf = TransformerFactory.newInstance();
+                tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+                Transformer t = tf.newTransformer();
                 t.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
                 t.transform(new DOMSource(rpToken), new StreamResult(sw));
             } catch (TransformerException te) {

-- 
To stop receiving notification emails like this one, please contact
coheigea@apache.org.