cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1343656 - in /cxf/fediz/trunk/plugins/core/src/main: java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java resources/schemas/FedizConfig.xsd
Date Tue, 29 May 2012 10:44:27 GMT
Author: coheigea
Date: Tue May 29 10:44:26 2012
New Revision: 1343656

URL: http://svn.apache.org/viewvc?rev=1343656&view=rev
Log:
Wiring the schema max clock skew into the SAMLTokenValidator

Modified:
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
    cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java?rev=1343656&r1=1343655&r2=1343656&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
Tue May 29 10:44:26 2012
@@ -73,12 +73,6 @@ public class SAMLTokenValidator implemen
 
     private static final Logger LOG = LoggerFactory.getLogger(SAMLTokenValidator.class);
     
-    /**
-     * The time in seconds in the future within which the NotBefore time of an incoming 
-     * Assertion is valid. The default is 60 seconds.
-     */
-    private int futureTTL = 60;
-
     // [TODO] make sure we answer true only for cases we actually can handle
     @Override
     public boolean canHandleTokenType(String tokenType) {
@@ -90,14 +84,6 @@ public class SAMLTokenValidator implemen
         return true;
     }
     
-    /**
-     * Set the time in seconds in the future within which the NotBefore time of an incoming

-     * Assertion is valid. The default is 60 seconds.
-     */
-    public void setFutureTTL(int newFutureTTL) {
-        futureTTL = newFutureTTL;
-    }
-
     public TokenValidatorResponse validateAndProcessToken(Element token,
             FederationContext config) {
 
@@ -143,7 +129,7 @@ public class SAMLTokenValidator implemen
             validateAssertion(assertion);
             
             // Validate Conditions
-            if (config.isDetectExpiredTokens() && !validateConditions(assertion))
{
+            if (config.isDetectExpiredTokens() && !validateConditions(assertion,
config)) {
                 throw new RuntimeException(
                     "Error in validating conditions of the received Assertion"
                 );
@@ -435,7 +421,8 @@ public class SAMLTokenValidator implemen
     }
     
     protected boolean validateConditions(
-        AssertionWrapper assertion
+        AssertionWrapper assertion,
+        FederationContext config
     ) {
         DateTime validFrom = null;
         DateTime validTill = null;
@@ -449,7 +436,7 @@ public class SAMLTokenValidator implemen
         
         if (validFrom != null) {
             DateTime currentTime = new DateTime();
-            currentTime = currentTime.plusSeconds(futureTTL);
+            currentTime = currentTime.plusSeconds(config.getMaximumClockSkew().intValue());
             if (validFrom.isAfter(currentTime)) {
                 LOG.warn("SAML Token condition (Not Before) not met");
                 return false;

Modified: cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd?rev=1343656&r1=1343655&r2=1343656&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd (original)
+++ cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd Tue May 29 10:44:26
2012
@@ -76,7 +76,7 @@
 
 
 
-	<xs:element name="maximumClockSkew" type="xs:integer" />
+	<xs:element name="maximumClockSkew" type="xs:integer" default="60"/>
 	
 	<xs:element name="tokenReplayCache" type="xs:string" />
 



Mime
View raw message