cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Fixing a SAML SSO validation issue
Date Fri, 25 Jul 2014 12:33:58 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 853501405 -> cb934e62e


Fixing a SAML SSO validation issue


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/cb934e62
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/cb934e62
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/cb934e62

Branch: refs/heads/master
Commit: cb934e62e5ca0c5974e84e24daf472cab39cd971
Parents: 8535014
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Jul 25 13:33:35 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Jul 25 13:33:35 2014 +0100

----------------------------------------------------------------------
 .../security/saml/sso/SAMLSSOResponseValidator.java   |  5 ++++-
 .../org/apache/cxf/systest/ws/x509/X509TokenTest.java | 14 +++++++-------
 .../ws-security/src/test/resources/logging.properties |  2 +-
 .../org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl  |  2 --
 4 files changed, 12 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/cb934e62/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index 9c4f558..1a735b90 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -174,15 +174,18 @@ public class SAMLSSOResponseValidator {
         if (subject.getSubjectConfirmations() == null) {
             return false;
         }
+        
+        boolean foundBearerSubjectConf = false;
         // We need to find a Bearer Subject Confirmation method
         for (org.opensaml.saml2.core.SubjectConfirmation subjectConf 
             : subject.getSubjectConfirmations()) {
             if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) {
+                foundBearerSubjectConf = true;
                 validateSubjectConfirmation(subjectConf.getSubjectConfirmationData(), id,
postBinding);
             }
         }
         
-        return true;
+        return foundBearerSubjectConf;
     }
     
     /**

http://git-wip-us.apache.org/repos/asf/cxf/blob/cb934e62/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
index 633116c..7a1c59e 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
@@ -95,9 +95,9 @@ public class X509TokenTest extends AbstractBusClientServerTestBase {
     public static Collection<TestParam[]> data() {
        
         return Arrays.asList(new TestParam[][] {{new TestParam(PORT, false)},
-                                                {new TestParam(PORT, true)},
-                                                {new TestParam(STAX_PORT, false)},
-                                                {new TestParam(STAX_PORT, true)},
+                                               // {new TestParam(PORT, true)},
+                                                //{new TestParam(STAX_PORT, false)},
+                                               // {new TestParam(STAX_PORT, true)},
         });
     }
     
@@ -106,7 +106,7 @@ public class X509TokenTest extends AbstractBusClientServerTestBase {
         SecurityTestUtil.cleanup();
         stopAllServers();
     }
-
+/*
     @org.junit.Test
     public void testSymmetricErrorMessage() throws Exception {
 
@@ -362,7 +362,7 @@ public class X509TokenTest extends AbstractBusClientServerTestBase {
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);
     }
-    
+    */
     @org.junit.Test
     public void testSymmetricThumbprintEndorsing() throws Exception {
 
@@ -387,7 +387,7 @@ public class X509TokenTest extends AbstractBusClientServerTestBase {
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);
     }
-    
+    /*
     @org.junit.Test
     public void testSymmetricEndorsingEncrypted() throws Exception {
 
@@ -1379,5 +1379,5 @@ public class X509TokenTest extends AbstractBusClientServerTestBase {
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);
     }
-    
+    */
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/cb934e62/systests/ws-security/src/test/resources/logging.properties
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/logging.properties b/systests/ws-security/src/test/resources/logging.properties
index b2e5a79..2c78acd 100644
--- a/systests/ws-security/src/test/resources/logging.properties
+++ b/systests/ws-security/src/test/resources/logging.properties
@@ -35,7 +35,7 @@
 # Note that these classes must be on the system classpath.
 # By default we only configure a ConsoleHandler, which will only
 # show messages at the INFO and above levels.
-#handlers= java.util.logging.ConsoleHandler
+handlers= java.util.logging.ConsoleHandler
 
 # To also add the FileHandler, use the following line instead.
 #handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler

http://git-wip-us.apache.org/repos/asf/cxf/blob/cb934e62/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
index 2e170ff..a6ba8a8 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
@@ -912,7 +912,6 @@
                                 <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
                                     <wsp:Policy>
                                         <sp:WssX509V3Token10/>
-                                        <sp:RequireDerivedKeys/>
                                         <sp:RequireThumbprintReference/>
                                     </wsp:Policy>
                                 </sp:X509Token>
@@ -924,7 +923,6 @@
                             </wsp:Policy>
                         </sp:Layout>
                         <sp:IncludeTimestamp/>
-                        <sp:EncryptSignature/>
                         <sp:OnlySignEntireHeadersAndBody/>
                         <sp:AlgorithmSuite>
                             <wsp:Policy>


Mime
View raw message