cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/3] cxf git commit: Make sure delegation is only allowed if the token is valid for the SAML case
Date Mon, 09 Mar 2015 15:47:07 GMT
Make sure delegation is only allowed if the token is valid for the SAML case

Conflicts:
	services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c4dd99b7
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c4dd99b7
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c4dd99b7

Branch: refs/heads/2.7.x-fixes
Commit: c4dd99b7cb0ea8a36e48e29ff68fe1c9d87be640
Parents: 778495e
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Mar 9 15:17:20 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Mar 9 15:32:01 2015 +0000

----------------------------------------------------------------------
 .../cxf/sts/token/delegation/SAMLDelegationHandler.java | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/c4dd99b7/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
index 197faac..f078f8c 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
@@ -24,14 +24,22 @@ import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import org.w3c.dom.Element;
-
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.sts.request.ReceivedToken;
+<<<<<<< HEAD
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.saml.ext.AssertionWrapper;
 import org.apache.ws.security.saml.ext.builder.SAML1Constants;
 import org.apache.ws.security.saml.ext.builder.SAML2Constants;
+=======
+import org.apache.cxf.sts.request.ReceivedToken.STATE;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.saml.builder.SAML1Constants;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.apache.wss4j.dom.WSConstants;
+>>>>>>> 57822c1... Make sure delegation is only allowed if the token
is valid for the SAML case
 import org.opensaml.saml1.core.AudienceRestrictionCondition;
 
 /**
@@ -66,7 +74,7 @@ public class SAMLDelegationHandler implements TokenDelegationHandler {
         ReceivedToken delegateTarget = tokenParameters.getToken();
         response.setToken(delegateTarget);
         
-        if (!delegateTarget.isDOMElement()) {
+        if (delegateTarget.getState() != STATE.VALID || !delegateTarget.isDOMElement()) {
             return response;
         }
         


Mime
View raw message