cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1522530 - in /cxf/branches/2.6.x-fixes/services/sts: sts-core/src/main/java/org/apache/cxf/sts/token/delegation/ systests/basic/src/test/java/org/apache/cxf/systest/sts/common/ systests/basic/src/test/resources/org/apache/cxf/systest/sts/d...
Date Thu, 12 Sep 2013 11:22:01 GMT
Author: coheigea
Date: Thu Sep 12 11:22:01 2013
New Revision: 1522530

URL: http://svn.apache.org/r1522530
Log:
Merged revisions 1522519 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/branches/2.7.x-fixes

........
  r1522519 | coheigea | 2013-09-12 11:58:26 +0100 (Thu, 12 Sep 2013) | 2 lines

  Make it easier to relax the AudienceRestriction requirement for OnBehalfOf SAML Tokens

........

Removed:
    cxf/branches/2.6.x-fixes/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/HOKDelegationHandler.java
Modified:
    cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/HOKDelegationHandler.java
    cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
    cxf/branches/2.6.x-fixes/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml

Modified: cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/HOKDelegationHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/HOKDelegationHandler.java?rev=1522530&r1=1522529&r2=1522530&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/HOKDelegationHandler.java
(original)
+++ cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/HOKDelegationHandler.java
Thu Sep 12 11:22:01 2013
@@ -60,7 +60,7 @@ public class HOKDelegationHandler extend
                 }
             }
 
-            if (appliesToAddress != null) {
+            if (isCheckAudienceRestriction() && appliesToAddress != null) {
                 List<String> addresses = getAudienceRestrictions(assertion);
                 if (!(addresses.isEmpty() || addresses.contains(appliesToAddress))) {
                     return false;

Modified: cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java?rev=1522530&r1=1522529&r2=1522530&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
(original)
+++ cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
Thu Sep 12 11:22:01 2013
@@ -44,6 +44,8 @@ public class SAMLDelegationHandler imple
     private static final Logger LOG = 
         LogUtils.getL7dLogger(SAMLDelegationHandler.class);
     
+    private boolean checkAudienceRestriction = true;
+    
     public boolean canHandleToken(ReceivedToken delegateTarget) {
         Object token = delegateTarget.getToken();
         if (token instanceof Element) {
@@ -92,7 +94,7 @@ public class SAMLDelegationHandler imple
                 }
             }
 
-            if (appliesToAddress != null) {
+            if (checkAudienceRestriction && appliesToAddress != null) {
                 List<String> addresses = getAudienceRestrictions(assertion);
                 if (!(addresses.isEmpty() || addresses.contains(appliesToAddress))) {
                     LOG.fine("The AppliesTo address " + appliesToAddress + " is not contained"
@@ -129,4 +131,16 @@ public class SAMLDelegationHandler imple
         return addresses;
     }
     
+    public boolean isCheckAudienceRestriction() {
+        return checkAudienceRestriction;
+    }
+
+    /**
+     * Set whether to perform a check that the received AppliesTo address is contained in
the
+     * token as one of the AudienceRestriction URIs. The default is true.
+     * @param checkAudienceRestriction whether to perform an audience restriction check or
not
+     */
+    public void setCheckAudienceRestriction(boolean checkAudienceRestriction) {
+        this.checkAudienceRestriction = checkAudienceRestriction;
+    }
 }

Modified: cxf/branches/2.6.x-fixes/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml?rev=1522530&r1=1522529&r2=1522530&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml
(original)
+++ cxf/branches/2.6.x-fixes/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml
Thu Sep 12 11:22:01 2013
@@ -48,7 +48,9 @@
     </cxf:bus>
 
     <bean id="hokDelegationHandler"
-          class="org.apache.cxf.systest.sts.common.HOKDelegationHandler" />
+          class="org.apache.cxf.sts.token.delegation.HOKDelegationHandler">
+        <property name="checkAudienceRestriction" value="false"/>
+    </bean>
 
     <bean id="transportSTSProviderBean"
         class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">



Mime
View raw message