You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2014/07/25 15:24:30 UTC
[1/2] git commit: Fixing a SAML SSO validation issue
Repository: cxf
Updated Branches:
refs/heads/3.0.x-fixes 4b788d337 -> 390665f20
Fixing a SAML SSO validation issue
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/43c9a1c0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/43c9a1c0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/43c9a1c0
Branch: refs/heads/3.0.x-fixes
Commit: 43c9a1c0331238fe22d4c103cf7fa7833994739a
Parents: 4b788d3
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Jul 25 13:33:35 2014 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Jul 25 14:05:32 2014 +0100
----------------------------------------------------------------------
.../security/saml/sso/SAMLSSOResponseValidator.java | 5 ++++-
.../org/apache/cxf/systest/ws/x509/X509TokenTest.java | 14 +++++++-------
.../ws-security/src/test/resources/logging.properties | 2 +-
.../org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl | 2 --
4 files changed, 12 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/43c9a1c0/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index 9c4f558..1a735b90 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -174,15 +174,18 @@ public class SAMLSSOResponseValidator {
if (subject.getSubjectConfirmations() == null) {
return false;
}
+
+ boolean foundBearerSubjectConf = false;
// We need to find a Bearer Subject Confirmation method
for (org.opensaml.saml2.core.SubjectConfirmation subjectConf
: subject.getSubjectConfirmations()) {
if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) {
+ foundBearerSubjectConf = true;
validateSubjectConfirmation(subjectConf.getSubjectConfirmationData(), id, postBinding);
}
}
- return true;
+ return foundBearerSubjectConf;
}
/**
http://git-wip-us.apache.org/repos/asf/cxf/blob/43c9a1c0/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
index 633116c..7a1c59e 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
@@ -95,9 +95,9 @@ public class X509TokenTest extends AbstractBusClientServerTestBase {
public static Collection<TestParam[]> data() {
return Arrays.asList(new TestParam[][] {{new TestParam(PORT, false)},
- {new TestParam(PORT, true)},
- {new TestParam(STAX_PORT, false)},
- {new TestParam(STAX_PORT, true)},
+ // {new TestParam(PORT, true)},
+ //{new TestParam(STAX_PORT, false)},
+ // {new TestParam(STAX_PORT, true)},
});
}
@@ -106,7 +106,7 @@ public class X509TokenTest extends AbstractBusClientServerTestBase {
SecurityTestUtil.cleanup();
stopAllServers();
}
-
+/*
@org.junit.Test
public void testSymmetricErrorMessage() throws Exception {
@@ -362,7 +362,7 @@ public class X509TokenTest extends AbstractBusClientServerTestBase {
((java.io.Closeable)x509Port).close();
bus.shutdown(true);
}
-
+ */
@org.junit.Test
public void testSymmetricThumbprintEndorsing() throws Exception {
@@ -387,7 +387,7 @@ public class X509TokenTest extends AbstractBusClientServerTestBase {
((java.io.Closeable)x509Port).close();
bus.shutdown(true);
}
-
+ /*
@org.junit.Test
public void testSymmetricEndorsingEncrypted() throws Exception {
@@ -1379,5 +1379,5 @@ public class X509TokenTest extends AbstractBusClientServerTestBase {
((java.io.Closeable)x509Port).close();
bus.shutdown(true);
}
-
+ */
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/43c9a1c0/systests/ws-security/src/test/resources/logging.properties
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/logging.properties b/systests/ws-security/src/test/resources/logging.properties
index b2e5a79..2c78acd 100644
--- a/systests/ws-security/src/test/resources/logging.properties
+++ b/systests/ws-security/src/test/resources/logging.properties
@@ -35,7 +35,7 @@
# Note that these classes must be on the system classpath.
# By default we only configure a ConsoleHandler, which will only
# show messages at the INFO and above levels.
-#handlers= java.util.logging.ConsoleHandler
+handlers= java.util.logging.ConsoleHandler
# To also add the FileHandler, use the following line instead.
#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
http://git-wip-us.apache.org/repos/asf/cxf/blob/43c9a1c0/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
index 2e170ff..a6ba8a8 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
@@ -912,7 +912,6 @@
<sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<sp:WssX509V3Token10/>
- <sp:RequireDerivedKeys/>
<sp:RequireThumbprintReference/>
</wsp:Policy>
</sp:X509Token>
@@ -924,7 +923,6 @@
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
- <sp:EncryptSignature/>
<sp:OnlySignEntireHeadersAndBody/>
<sp:AlgorithmSuite>
<wsp:Policy>
[2/2] git commit: Removing some code from last commit
Posted by co...@apache.org.
Removing some code from last commit
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/390665f2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/390665f2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/390665f2
Branch: refs/heads/3.0.x-fixes
Commit: 390665f203c2ef3d2651cbd7e8cfd12d12420329
Parents: 43c9a1c
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Jul 25 14:05:02 2014 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Jul 25 14:05:35 2014 +0100
----------------------------------------------------------------------
.../org/apache/cxf/systest/ws/x509/X509TokenTest.java | 14 +++++++-------
.../ws-security/src/test/resources/logging.properties | 2 +-
.../org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl | 2 ++
3 files changed, 10 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/390665f2/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
index 7a1c59e..633116c 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
@@ -95,9 +95,9 @@ public class X509TokenTest extends AbstractBusClientServerTestBase {
public static Collection<TestParam[]> data() {
return Arrays.asList(new TestParam[][] {{new TestParam(PORT, false)},
- // {new TestParam(PORT, true)},
- //{new TestParam(STAX_PORT, false)},
- // {new TestParam(STAX_PORT, true)},
+ {new TestParam(PORT, true)},
+ {new TestParam(STAX_PORT, false)},
+ {new TestParam(STAX_PORT, true)},
});
}
@@ -106,7 +106,7 @@ public class X509TokenTest extends AbstractBusClientServerTestBase {
SecurityTestUtil.cleanup();
stopAllServers();
}
-/*
+
@org.junit.Test
public void testSymmetricErrorMessage() throws Exception {
@@ -362,7 +362,7 @@ public class X509TokenTest extends AbstractBusClientServerTestBase {
((java.io.Closeable)x509Port).close();
bus.shutdown(true);
}
- */
+
@org.junit.Test
public void testSymmetricThumbprintEndorsing() throws Exception {
@@ -387,7 +387,7 @@ public class X509TokenTest extends AbstractBusClientServerTestBase {
((java.io.Closeable)x509Port).close();
bus.shutdown(true);
}
- /*
+
@org.junit.Test
public void testSymmetricEndorsingEncrypted() throws Exception {
@@ -1379,5 +1379,5 @@ public class X509TokenTest extends AbstractBusClientServerTestBase {
((java.io.Closeable)x509Port).close();
bus.shutdown(true);
}
- */
+
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/390665f2/systests/ws-security/src/test/resources/logging.properties
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/logging.properties b/systests/ws-security/src/test/resources/logging.properties
index 2c78acd..b2e5a79 100644
--- a/systests/ws-security/src/test/resources/logging.properties
+++ b/systests/ws-security/src/test/resources/logging.properties
@@ -35,7 +35,7 @@
# Note that these classes must be on the system classpath.
# By default we only configure a ConsoleHandler, which will only
# show messages at the INFO and above levels.
-handlers= java.util.logging.ConsoleHandler
+#handlers= java.util.logging.ConsoleHandler
# To also add the FileHandler, use the following line instead.
#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
http://git-wip-us.apache.org/repos/asf/cxf/blob/390665f2/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
index a6ba8a8..2e170ff 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
@@ -912,6 +912,7 @@
<sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys/>
<sp:RequireThumbprintReference/>
</wsp:Policy>
</sp:X509Token>
@@ -923,6 +924,7 @@
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
<sp:OnlySignEntireHeadersAndBody/>
<sp:AlgorithmSuite>
<wsp:Policy>