You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2012/10/11 17:56:42 UTC
svn commit: r1397129 -
/cxf/branches/2.6.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
Author: coheigea
Date: Thu Oct 11 15:56:41 2012
New Revision: 1397129
URL: http://svn.apache.org/viewvc?rev=1397129&view=rev
Log:
Merged revisions 1397127 via git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1397127 | coheigea | 2012-10-11 16:54:53 +0100 (Thu, 11 Oct 2012) | 2 lines
[CXF-4556] - JAX-RS SAML TLS HolderOfKey check does not work
........
Modified:
cxf/branches/2.6.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
Modified: cxf/branches/2.6.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java?rev=1397129&r1=1397128&r2=1397129&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java Thu Oct 11 15:56:41 2012
@@ -216,9 +216,6 @@ public abstract class AbstractSamlInHand
for (String confirmationMethod : confirmationMethods) {
if (OpenSAMLUtil.isMethodHolderOfKey(confirmationMethod)) {
XMLSignature sig = message.getContent(XMLSignature.class);
- if (tlsCerts == null || sig == null) {
- return false;
- }
SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo();
if (!compareCredentials(subjectKeyInfo, sig, tlsCerts)) {
return false;
@@ -255,6 +252,10 @@ public abstract class AbstractSamlInHand
return true;
}
+ if (sig == null) {
+ return false;
+ }
+
//
// Now try the message-level signatures
//