cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Fallback to the SubjectConfirmationData NotOnOrAfter if there is no Session NotOnOrAfter value
Date Tue, 12 Jan 2016 14:08:58 GMT
Repository: cxf
Updated Branches:
  refs/heads/master fe89bf0fb -> 273e294c8


Fallback to the SubjectConfirmationData NotOnOrAfter if there is no Session NotOnOrAfter value


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/273e294c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/273e294c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/273e294c

Branch: refs/heads/master
Commit: 273e294c8438441e9dc04c8f57a9fa3659541091
Parents: fe89bf0
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Jan 12 14:08:37 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Jan 12 14:08:37 2016 +0000

----------------------------------------------------------------------
 .../saml/sso/SAMLSSOResponseValidator.java        | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/273e294c/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index 702145b..3ee7005 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -118,7 +118,9 @@ public class SAMLSSOResponseValidator {
             if (assertion.getAuthnStatements() != null
                 && !assertion.getAuthnStatements().isEmpty()) {
                 org.opensaml.saml.saml2.core.Subject subject = assertion.getSubject();
-                if (validateAuthenticationSubject(subject, assertion.getID(), postBinding))
{
+                org.opensaml.saml.saml2.core.SubjectConfirmation subjectConf = 
+                    validateAuthenticationSubject(subject, assertion.getID(), postBinding);
+                if (subjectConf != null) {
                     validateAudienceRestrictionCondition(assertion.getConditions());
                     validAssertion = assertion;
                     // Store Session NotOnOrAfter
@@ -127,6 +129,10 @@ public class SAMLSSOResponseValidator {
                             sessionNotOnOrAfter = authnStatment.getSessionNotOnOrAfter().toDate();
                         }
                     }
+                    // Fall back to the SubjectConfirmationData NotOnOrAfter if we have no
session NotOnOrAfter
+                    if (sessionNotOnOrAfter == null) {
+                        sessionNotOnOrAfter = subjectConf.getSubjectConfirmationData().getNotOnOrAfter().toDate();
+                    }
                 }
             }
         }
@@ -179,24 +185,24 @@ public class SAMLSSOResponseValidator {
     /**
      * Validate the Subject (of an Authentication Statement).
      */
-    private boolean validateAuthenticationSubject(
+    private org.opensaml.saml.saml2.core.SubjectConfirmation validateAuthenticationSubject(
         org.opensaml.saml.saml2.core.Subject subject, String id, boolean postBinding
     ) throws WSSecurityException {
         if (subject.getSubjectConfirmations() == null) {
-            return false;
+            return null;
         }
         
-        boolean foundBearerSubjectConf = false;
+        org.opensaml.saml.saml2.core.SubjectConfirmation validSubjectConf = null;
         // We need to find a Bearer Subject Confirmation method
         for (org.opensaml.saml.saml2.core.SubjectConfirmation subjectConf 
             : subject.getSubjectConfirmations()) {
             if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) {
-                foundBearerSubjectConf = true;
                 validateSubjectConfirmation(subjectConf.getSubjectConfirmationData(), id,
postBinding);
+                validSubjectConf = subjectConf;
             }
         }
         
-        return foundBearerSubjectConf;
+        return validSubjectConf;
     }
     
     /**


Mime
View raw message