You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2012/01/27 13:23:12 UTC
svn commit: r1236649 -
/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
Author: coheigea
Date: Fri Jan 27 12:23:11 2012
New Revision: 1236649
URL: http://svn.apache.org/viewvc?rev=1236649&view=rev
Log:
Enforcing that only one Timestamp is allowed per security header
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java?rev=1236649&r1=1236648&r2=1236649&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java Fri Jan 27 12:23:11 2012
@@ -74,12 +74,13 @@ public abstract class AbstractBindingPol
WSSecurityUtil.fetchAllActionResults(results, WSConstants.TS, timestampResults);
// Check whether we received a timestamp and compare it to the policy
- if (includeTimestamp && timestampResults.isEmpty()) {
- return false;
- } else if (!includeTimestamp && !timestampResults.isEmpty()) {
+ if (includeTimestamp && timestampResults.size() != 1) {
return false;
} else if (!includeTimestamp) {
- return true;
+ if (timestampResults.isEmpty()) {
+ return true;
+ }
+ return false;
}
// At this point we received a (required) Timestamp. Now check that it is integrity protected.