cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/2] cxf-fediz git commit: Don't require deflate encoding by default
Date Fri, 17 Apr 2015 13:41:11 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 9d8f98acd -> db91db46e


Don't require deflate encoding by default


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/921fd68f
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/921fd68f
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/921fd68f

Branch: refs/heads/master
Commit: 921fd68f4bbe222300dcf01fbdce2eabb740b1fa
Parents: 9d8f98a
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Apr 17 14:25:04 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Apr 17 14:25:04 2015 +0100

----------------------------------------------------------------------
 .../protocols/TrustedIdpSAMLProtocolHandler.java | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/921fd68f/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
index 3d14d4a..7b0a747 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
@@ -106,7 +106,7 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
     public static final String SUPPORT_BASE64_ENCODING = "support.base64.encoding";
     
     /**
-     * Whether we support Deflate encoding or not. The default is "true".
+     * Whether we support Deflate encoding or not. The default is "false".
      */
     public static final String SUPPORT_DEFLATE_ENCODING = "support.deflate.encoding";
 
@@ -144,7 +144,7 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
                     null, idp.getRealm(), idp.getIdpUrl().toString()
                 );
             
-            boolean signRequest = isPropertyConfigured(trustedIdp, SIGN_REQUEST);
+            boolean signRequest = isPropertyConfigured(trustedIdp, SIGN_REQUEST, true);
             if (signRequest) {
                 authnRequest.setDestination(trustedIdp.getUrl());
             }
@@ -340,10 +340,10 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
         String samlResponseDecoded = samlResponse;
         
         InputStream tokenStream = null;
-        if (isPropertyConfigured(trustedIdp, SUPPORT_BASE64_ENCODING)) {
+        if (isPropertyConfigured(trustedIdp, SUPPORT_BASE64_ENCODING, true)) {
             try {
                 byte[] deflatedToken = Base64Utility.decode(samlResponseDecoded);
-                tokenStream = isPropertyConfigured(trustedIdp, SUPPORT_DEFLATE_ENCODING)
+                tokenStream = isPropertyConfigured(trustedIdp, SUPPORT_DEFLATE_ENCODING,
false)
                     ? new DeflateEncoderDecoder().inflateToken(deflatedToken)
                     : new ByteArrayInputStream(deflatedToken); 
             } catch (Base64Exception ex) {
@@ -390,7 +390,7 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
         try {
             SAMLProtocolResponseValidator protocolValidator = new SAMLProtocolResponseValidator();
             protocolValidator.setKeyInfoMustBeAvailable(
-                isPropertyConfigured(trustedIdp, REQUIRE_KNOWN_ISSUER));
+                isPropertyConfigured(trustedIdp, REQUIRE_KNOWN_ISSUER, true));
             protocolValidator.validateSamlResponse(samlResponse, crypto, null);
         } catch (WSSecurityException ex) {
             LOG.debug(ex.getMessage(), ex);
@@ -423,9 +423,9 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
             ssoResponseValidator.setRequestId(requestId);
             ssoResponseValidator.setSpIdentifier(idp.getRealm());
             ssoResponseValidator.setEnforceAssertionsSigned(
-                isPropertyConfigured(trustedIdp, REQUIRE_SIGNED_ASSERTIONS));
+                isPropertyConfigured(trustedIdp, REQUIRE_SIGNED_ASSERTIONS, true));
             ssoResponseValidator.setEnforceKnownIssuer(
-                isPropertyConfigured(trustedIdp, REQUIRE_KNOWN_ISSUER));
+                isPropertyConfigured(trustedIdp, REQUIRE_KNOWN_ISSUER, true));
 
             return ssoResponseValidator.validateSamlResponse(samlResponse, false);
         } catch (WSSecurityException ex) {
@@ -435,14 +435,13 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
     }
 
     // Is a property configured. Defaults to "true" if not
-    private boolean isPropertyConfigured(TrustedIdp trustedIdp, String property) {
+    private boolean isPropertyConfigured(TrustedIdp trustedIdp, String property, boolean
defaultValue) {
         Map<String, String> parameters = trustedIdp.getParameters();
         
         if (parameters != null && parameters.containsKey(property)) {
             return Boolean.parseBoolean(parameters.get(property));
         }
         
-        // Require KeyInfo by default
-        return true;
+        return defaultValue;
     }
 }


Mime
View raw message