cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1338600 - in /cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso: Messages.properties RequestAssertionConsumerService.java SAMLSSOResponseValidator.java filter/AbstractServiceProviderFilter.java
Date Tue, 15 May 2012 08:47:52 GMT
Author: coheigea
Date: Tue May 15 08:47:51 2012
New Revision: 1338600

URL: http://svn.apache.org/viewvc?rev=1338600&view=rev
Log:
Some RelayState updates to the SAML SSO code

Modified:
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/Messages.properties
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/Messages.properties
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/Messages.properties?rev=1338600&r1=1338599&r2=1338600&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/Messages.properties
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/Messages.properties
Tue May 15 08:47:51 2012
@@ -21,6 +21,7 @@
 MISSING_TARGET_URI=Target URI is missing
 INVALID_TARGET_URI=Target URI is invalid
 MISSING_RELAY_STATE=RelayState parameter is missing
+INVALID_RELAY_STATE=RelayState parameter is invalid
 MISSING_REQUEST_STATE=Request State is not available
 EXPIRED_REQUEST_STATE=Request State has expired
 MISSING_SAML_RESPONSE=SamlResponse parameter is missing

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java?rev=1338600&r1=1338599&r2=1338600&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
Tue May 15 08:47:51 2012
@@ -91,6 +91,10 @@ public class RequestAssertionConsumerSer
             reportError("MISSING_RELAY_STATE");
             throw new WebApplicationException(400);
         }
+        if (relayState.getBytes().length < 0 || relayState.getBytes().length > 80)
{
+            reportError("INVALID_RELAY_STATE");
+            throw new WebApplicationException(400);
+        }
         RequestState requestState = getStateProvider().removeRequestState(relayState);
         if (requestState == null) {
             reportError("MISSING_REQUEST_STATE");

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java?rev=1338600&r1=1338599&r2=1338600&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
Tue May 15 08:47:51 2012
@@ -67,6 +67,15 @@ public class SAMLSSOResponseValidator {
             throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
         }
         
+        // The Response must contain a Destination that matches the assertionConsumerURL
if it is
+        // signed and received over the POST Binding.
+        String destination = samlResponse.getDestination();
+        if (postBinding && samlResponse.isSigned()
+            && (destination == null || !destination.equals(assertionConsumerURL)))
{
+            LOG.fine("The Response must contain a destination that matches the assertion
consumer URL");
+            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+        }
+        
         // Validate Assertions
         boolean foundValidSubject = false;
         for (org.opensaml.saml2.core.Assertion assertion : samlResponse.getAssertions())
{

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java?rev=1338600&r1=1338599&r2=1338600&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
Tue May 15 08:47:51 2012
@@ -196,7 +196,7 @@ public abstract class AbstractServicePro
                                                      webAppContext,
                                                      System.currentTimeMillis());
         
-        String relayState = UUID.randomUUID().toString();
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         getStateProvider().setRequestState(relayState, requestState);
         info.setRelayState(relayState);
         info.setWebAppContext(webAppContext);



Mime
View raw message