cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/3] cxf git commit: Explicitly disallow SAML 1.1 in OAuth
Date Fri, 27 Nov 2015 13:05:44 GMT
Explicitly disallow SAML 1.1 in OAuth


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6c9121be
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6c9121be
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6c9121be

Branch: refs/heads/3.1.x-fixes
Commit: 6c9121bedf128099603305107dc7b54e09a6f2fa
Parents: e81610d
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Nov 27 11:25:08 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Nov 27 12:44:10 2015 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/oauth2/saml/SamlOAuthValidator.java       | 7 +++++++
 1 file changed, 7 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/6c9121be/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
index ffb8719..5a87fd4 100644
--- a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
+++ b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
@@ -62,6 +62,7 @@ public class SamlOAuthValidator {
     }
     
     public void validate(Message message, SamlAssertionWrapper wrapper) {
+        validateSAMLVersion(wrapper);
         
         Conditions cs = wrapper.getSaml2().getConditions();
         validateAudience(message, cs);
@@ -79,6 +80,12 @@ public class SamlOAuthValidator {
         }
     }
     
+    private void validateSAMLVersion(SamlAssertionWrapper assertionW) {
+        if (assertionW.getSaml2() == null) {
+            throw ExceptionUtils.toNotAuthorizedException(null, null);
+        }
+    }
+    
     private String getIssuer(SamlAssertionWrapper assertionW) {
         Issuer samlIssuer = assertionW.getSaml2().getIssuer();
         return samlIssuer == null ? null : samlIssuer.getValue();


Mime
View raw message