cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1457832 - /cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
Date Mon, 18 Mar 2013 15:59:44 GMT
Author: coheigea
Date: Mon Mar 18 15:59:44 2013
New Revision: 1457832

URL: http://svn.apache.org/r1457832
Log:
Merged revisions 1457825 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/branches/2.7.x-fixes

........
  r1457825 | coheigea | 2013-03-18 15:46:26 +0000 (Mon, 18 Mar 2013) | 10 lines

  Merged revisions 1457781 via  git cherry-pick from
  https://svn.apache.org/repos/asf/cxf/trunk

  ........
    r1457781 | coheigea | 2013-03-18 14:39:26 +0000 (Mon, 18 Mar 2013) | 2 lines

    SamlTokenInterceptor is not checking version of received token against the policy

  ........

........

Modified:
    cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java

Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java?rev=1457832&r1=1457831&r2=1457832&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
Mon Mar 18 15:59:44 2013
@@ -113,6 +113,20 @@ public class SamlTokenInterceptor extend
                         }
                         assertTokens(message, SP12Constants.SAML_TOKEN, signed);
                         
+                        // Check version against policy
+                        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+                        for (AssertionInfo ai : aim.getAssertionInfo(SP12Constants.SAML_TOKEN))
{
+                            SamlToken samlToken = (SamlToken)ai.getAssertion();
+                            for (WSSecurityEngineResult result : samlResults) {
+                                AssertionWrapper assertionWrapper = 
+                                    (AssertionWrapper)result.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+
+                                if (!checkVersion(samlToken, assertionWrapper)) {
+                                    ai.setNotAsserted("Wrong SAML Version");
+                                }
+                            }
+                        }
+                        
                         Principal principal = 
                             (Principal)samlResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
                         message.put(WSS4JInInterceptor.PRINCIPAL_RESULT, principal);    
              
@@ -339,4 +353,19 @@ public class SamlTokenInterceptor extend
         return crypto;
     }
 
+    /**
+     * Check the policy version against the received assertion
+     */
+    private boolean checkVersion(SamlToken samlToken, AssertionWrapper assertionWrapper)
{
+        if ((samlToken.isUseSamlVersion11Profile10()
+            || samlToken.isUseSamlVersion11Profile11())
+            && assertionWrapper.getSamlVersion() != SAMLVersion.VERSION_11) {
+            return false;
+        } else if (samlToken.isUseSamlVersion20Profile11()
+            && assertionWrapper.getSamlVersion() != SAMLVersion.VERSION_20) {
+            return false;
+        }
+        return true;
+    }
+    
 }



Mime
View raw message