cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/2] cxf git commit: Fixed multiple AudienceRestriction functionality
Date Tue, 13 Jan 2015 15:45:38 GMT
Repository: cxf
Updated Branches:
  refs/heads/2.7.x-fixes 0fbebbbce -> 464bacb3b


Fixed multiple AudienceRestriction functionality


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/df41f504
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/df41f504
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/df41f504

Branch: refs/heads/2.7.x-fixes
Commit: df41f5042ce9ab5e609996dbfc99ba217cd376a0
Parents: 0fbebbb
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Jan 13 14:13:40 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Jan 13 15:42:54 2015 +0000

----------------------------------------------------------------------
 .../rs/security/saml/sso/SAMLSSOResponseValidator.java  | 12 +++++++++---
 .../security/saml/sso/SAMLSSOResponseValidatorTest.java |  7 ++++++-
 2 files changed, 15 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/df41f504/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index 9de1b85..56d6b5f 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -268,20 +268,26 @@ public class SAMLSSOResponseValidator {
     private boolean matchSaml2AudienceRestriction(
         String appliesTo, List<AudienceRestriction> audienceRestrictions
     ) {
-        boolean found = false;
+        boolean oneMatchFound = false;
         if (audienceRestrictions != null && !audienceRestrictions.isEmpty()) {
             for (AudienceRestriction audienceRestriction : audienceRestrictions) {
                 if (audienceRestriction.getAudiences() != null) {
+                    boolean matchFound = false;
                     for (org.opensaml.saml2.core.Audience audience : audienceRestriction.getAudiences())
{
                         if (appliesTo.equals(audience.getAudienceURI())) {
-                            return true;
+                            matchFound = true;
+                            oneMatchFound = true;
+                            break;
                         }
                     }
+                    if (!matchFound) {
+                        return false;
+                    }
                 }
             }
         }
 
-        return found;
+        return oneMatchFound;
     }
 
     public String getIssuerIDP() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/df41f504/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
index 11d8471..b8618b7 100644
--- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
+++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
@@ -477,7 +477,12 @@ public class SAMLSSOResponseValidatorTest extends org.junit.Assert {
         validator.setRequestId("12345");
         validator.setSpIdentifier("http://service.apache.org");
         
-        validator.validateSamlResponse(response, false);
+        try {
+            validator.validateSamlResponse(response, false);
+            fail("Expected failure on bad response");
+        } catch (WSSecurityException ex) {
+            // expected
+        }
     }
     
     @SuppressWarnings("deprecation")


Mime
View raw message