cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1522847 - in /cxf/branches/2.6.x-fixes/services/sts: sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml
Date Fri, 13 Sep 2013 10:19:04 GMT
Author: coheigea
Date: Fri Sep 13 10:19:03 2013
New Revision: 1522847

URL: http://svn.apache.org/r1522847
Log:
Merged revisions 1522845 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/branches/2.7.x-fixes

........
  r1522845 | coheigea | 2013-09-13 11:13:00 +0100 (Fri, 13 Sep 2013) | 10 lines

  Merged revisions 1522841 via  git cherry-pick from
  https://svn.apache.org/repos/asf/cxf/trunk

  ........
    r1522841 | coheigea | 2013-09-13 11:04:24 +0100 (Fri, 13 Sep 2013) | 2 lines

    Set the audience restriction check in the STS to "false" by default

  ........

........

Modified:
    cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
    cxf/branches/2.6.x-fixes/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml

Modified: cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java?rev=1522847&r1=1522846&r2=1522847&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
(original)
+++ cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
Fri Sep 13 10:19:03 2013
@@ -37,14 +37,15 @@ import org.opensaml.saml1.core.AudienceR
 /**
  * The SAML TokenDelegationHandler implementation. It disallows ActAs or OnBehalfOf for
  * all cases apart from the case of a Bearer SAML Token. In addition, the AppliesTo
- * address (if supplied) must match an AudienceRestriction address (if in token)
+ * address (if supplied) must match an AudienceRestriction address (if in token), if the
+ * "checkAudienceRestriction" property is set to "true".
  */
 public class SAMLDelegationHandler implements TokenDelegationHandler {
     
     private static final Logger LOG = 
         LogUtils.getL7dLogger(SAMLDelegationHandler.class);
     
-    private boolean checkAudienceRestriction = true;
+    private boolean checkAudienceRestriction;
     
     public boolean canHandleToken(ReceivedToken delegateTarget) {
         Object token = delegateTarget.getToken();
@@ -137,7 +138,7 @@ public class SAMLDelegationHandler imple
 
     /**
      * Set whether to perform a check that the received AppliesTo address is contained in
the
-     * token as one of the AudienceRestriction URIs. The default is true.
+     * token as one of the AudienceRestriction URIs. The default is false.
      * @param checkAudienceRestriction whether to perform an audience restriction check or
not
      */
     public void setCheckAudienceRestriction(boolean checkAudienceRestriction) {

Modified: cxf/branches/2.6.x-fixes/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml?rev=1522847&r1=1522846&r2=1522847&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml
(original)
+++ cxf/branches/2.6.x-fixes/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml
Fri Sep 13 10:19:03 2013
@@ -48,9 +48,7 @@
     </cxf:bus>
 
     <bean id="hokDelegationHandler"
-          class="org.apache.cxf.sts.token.delegation.HOKDelegationHandler">
-        <property name="checkAudienceRestriction" value="false"/>
-    </bean>
+          class="org.apache.cxf.sts.token.delegation.HOKDelegationHandler" />
 
     <bean id="transportSTSProviderBean"
         class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">



Mime
View raw message