Return-Path: 
 <commits-return-20102-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-commits-archive@www.apache.org
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 0D264CF5F
	for <apmail-cxf-commits-archive@www.apache.org>;
 Tue, 29 May 2012 10:44:53 +0000 (UTC)
Received: (qmail 25076 invoked by uid 500); 29 May 2012 10:44:52 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 24972 invoked by uid 500); 29 May 2012 10:44:52 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 24946 invoked by uid 99); 29 May 2012 10:44:51 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 May 2012 10:44:51 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 May 2012 10:44:48 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
	by eris.apache.org (Postfix) with ESMTP id 42E7023889E7;
	Tue, 29 May 2012 10:44:27 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1343656 - in /cxf/fediz/trunk/plugins/core/src/main:
 java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
 resources/schemas/FedizConfig.xsd
Date: Tue, 29 May 2012 10:44:27 -0000
To: commits@cxf.apache.org
From: coheigea@apache.org
X-Mailer: svnmailer-1.0.8-patched
Message-Id: <20120529104427.42E7023889E7@eris.apache.org>

Author: coheigea
Date: Tue May 29 10:44:26 2012
New Revision: 1343656

URL: http://svn.apache.org/viewvc?rev=1343656&view=rev
Log:
Wiring the schema max clock skew into the SAMLTokenValidator

Modified:
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
    cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java?rev=1343656&r1=1343655&r2=1343656&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java (original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java Tue May 29 10:44:26 2012
@@ -73,12 +73,6 @@ public class SAMLTokenValidator implemen
 
     private static final Logger LOG = LoggerFactory.getLogger(SAMLTokenValidator.class);
     
-    /**
-     * The time in seconds in the future within which the NotBefore time of an incoming 
-     * Assertion is valid. The default is 60 seconds.
-     */
-    private int futureTTL = 60;
-
     // [TODO] make sure we answer true only for cases we actually can handle
     @Override
     public boolean canHandleTokenType(String tokenType) {
@@ -90,14 +84,6 @@ public class SAMLTokenValidator implemen
         return true;
     }
     
-    /**
-     * Set the time in seconds in the future within which the NotBefore time of an incoming 
-     * Assertion is valid. The default is 60 seconds.
-     */
-    public void setFutureTTL(int newFutureTTL) {
-        futureTTL = newFutureTTL;
-    }
-
     public TokenValidatorResponse validateAndProcessToken(Element token,
             FederationContext config) {
 
@@ -143,7 +129,7 @@ public class SAMLTokenValidator implemen
             validateAssertion(assertion);
             
             // Validate Conditions
-            if (config.isDetectExpiredTokens() && !validateConditions(assertion)) {
+            if (config.isDetectExpiredTokens() && !validateConditions(assertion, config)) {
                 throw new RuntimeException(
                     "Error in validating conditions of the received Assertion"
                 );
@@ -435,7 +421,8 @@ public class SAMLTokenValidator implemen
     }
     
     protected boolean validateConditions(
-        AssertionWrapper assertion
+        AssertionWrapper assertion,
+        FederationContext config
     ) {
         DateTime validFrom = null;
         DateTime validTill = null;
@@ -449,7 +436,7 @@ public class SAMLTokenValidator implemen
         
         if (validFrom != null) {
             DateTime currentTime = new DateTime();
-            currentTime = currentTime.plusSeconds(futureTTL);
+            currentTime = currentTime.plusSeconds(config.getMaximumClockSkew().intValue());
             if (validFrom.isAfter(currentTime)) {
                 LOG.warn("SAML Token condition (Not Before) not met");
                 return false;

Modified: cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd?rev=1343656&r1=1343655&r2=1343656&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd (original)
+++ cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd Tue May 29 10:44:26 2012
@@ -76,7 +76,7 @@
 
 
 
-	<xs:element name="maximumClockSkew" type="xs:integer" />
+	<xs:element name="maximumClockSkew" type="xs:integer" default="60"/>
 	
 	<xs:element name="tokenReplayCache" type="xs:string" />