You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cxf.apache.org by co...@apache.org on 2012/10/11 17:56:42 UTC

svn commit: r1397129 - /cxf/branches/2.6.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java

Author: coheigea
Date: Thu Oct 11 15:56:41 2012
New Revision: 1397129

URL: http://svn.apache.org/viewvc?rev=1397129&view=rev
Log:
Merged revisions 1397127 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1397127 | coheigea | 2012-10-11 16:54:53 +0100 (Thu, 11 Oct 2012) | 2 lines

  [CXF-4556] - JAX-RS SAML TLS HolderOfKey check does not work

........

Modified:
    cxf/branches/2.6.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java?rev=1397129&r1=1397128&r2=1397129&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java Thu Oct 11 15:56:41 2012
@@ -216,9 +216,6 @@ public abstract class AbstractSamlInHand
         for (String confirmationMethod : confirmationMethods) {
             if (OpenSAMLUtil.isMethodHolderOfKey(confirmationMethod)) {
                 XMLSignature sig = message.getContent(XMLSignature.class);
-                if (tlsCerts == null || sig == null) {
-                    return false;
-                }
                 SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo();
                 if (!compareCredentials(subjectKeyInfo, sig, tlsCerts)) {
                     return false;
@@ -255,6 +252,10 @@ public abstract class AbstractSamlInHand
             return true;
         }
         
+        if (sig == null) {
+            return false;
+        }
+        
         //
         // Now try the message-level signatures
         //