cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [3/3] cxf git commit: Avoid a bug that a bearer subject conf is not enforced if the subject conf list is not empty
Date Fri, 27 Nov 2015 13:05:45 GMT
Avoid a bug that a bearer subject conf is not enforced if the subject conf list is not empty


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6b355293
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6b355293
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6b355293

Branch: refs/heads/3.1.x-fixes
Commit: 6b355293a7510afc7a40372e0e4b0265cfc3d0f2
Parents: 6c9121b
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Nov 27 12:04:48 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Nov 27 12:44:12 2015 +0000

----------------------------------------------------------------------
 .../rs/security/oauth2/saml/SamlOAuthValidator.java  | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/6b355293/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
index 5a87fd4..48830b0 100644
--- a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
+++ b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
@@ -124,17 +124,18 @@ public class SamlOAuthValidator {
     private boolean validateAuthenticationSubject(Message m, 
                                                   Conditions cs,
                                                   org.opensaml.saml.saml2.core.Subject subject)
{
-        if (subject.getSubjectConfirmations() == null) {
-            return false;
-        }
         // We need to find a Bearer Subject Confirmation method
-        for (SubjectConfirmation subjectConf : subject.getSubjectConfirmations()) {
-            if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) {
-                validateSubjectConfirmation(m, cs, subjectConf.getSubjectConfirmationData());
+        boolean bearerSubjectConfFound = false;
+        if (subject.getSubjectConfirmations() != null) {
+            for (SubjectConfirmation subjectConf : subject.getSubjectConfirmations()) {
+                if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) {
+                    validateSubjectConfirmation(m, cs, subjectConf.getSubjectConfirmationData());
+                    bearerSubjectConfFound = true;
+                }
             }
         }
           
-        return true;
+        return bearerSubjectConfFound;
     }
       
       /**


Mime
View raw message