cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Fallback to the SubjectConfirmationData NotOnOrAfter if there is no Session NotOnOrAfter value
Date Tue, 12 Jan 2016 14:10:16 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes e5bd083e9 -> ebc50327c


Fallback to the SubjectConfirmationData NotOnOrAfter if there is no Session NotOnOrAfter value


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ebc50327
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ebc50327
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ebc50327

Branch: refs/heads/3.1.x-fixes
Commit: ebc50327c28b1a8e185b1f41dc0914e52e8c1190
Parents: e5bd083
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Jan 12 14:08:37 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Jan 12 14:09:35 2016 +0000

----------------------------------------------------------------------
 .../saml/sso/SAMLSSOResponseValidator.java        | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/ebc50327/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index 702145b..3ee7005 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -118,7 +118,9 @@ public class SAMLSSOResponseValidator {
             if (assertion.getAuthnStatements() != null
                 && !assertion.getAuthnStatements().isEmpty()) {
                 org.opensaml.saml.saml2.core.Subject subject = assertion.getSubject();
-                if (validateAuthenticationSubject(subject, assertion.getID(), postBinding))
{
+                org.opensaml.saml.saml2.core.SubjectConfirmation subjectConf = 
+                    validateAuthenticationSubject(subject, assertion.getID(), postBinding);
+                if (subjectConf != null) {
                     validateAudienceRestrictionCondition(assertion.getConditions());
                     validAssertion = assertion;
                     // Store Session NotOnOrAfter
@@ -127,6 +129,10 @@ public class SAMLSSOResponseValidator {
                             sessionNotOnOrAfter = authnStatment.getSessionNotOnOrAfter().toDate();
                         }
                     }
+                    // Fall back to the SubjectConfirmationData NotOnOrAfter if we have no
session NotOnOrAfter
+                    if (sessionNotOnOrAfter == null) {
+                        sessionNotOnOrAfter = subjectConf.getSubjectConfirmationData().getNotOnOrAfter().toDate();
+                    }
                 }
             }
         }
@@ -179,24 +185,24 @@ public class SAMLSSOResponseValidator {
     /**
      * Validate the Subject (of an Authentication Statement).
      */
-    private boolean validateAuthenticationSubject(
+    private org.opensaml.saml.saml2.core.SubjectConfirmation validateAuthenticationSubject(
         org.opensaml.saml.saml2.core.Subject subject, String id, boolean postBinding
     ) throws WSSecurityException {
         if (subject.getSubjectConfirmations() == null) {
-            return false;
+            return null;
         }
         
-        boolean foundBearerSubjectConf = false;
+        org.opensaml.saml.saml2.core.SubjectConfirmation validSubjectConf = null;
         // We need to find a Bearer Subject Confirmation method
         for (org.opensaml.saml.saml2.core.SubjectConfirmation subjectConf 
             : subject.getSubjectConfirmations()) {
             if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) {
-                foundBearerSubjectConf = true;
                 validateSubjectConfirmation(subjectConf.getSubjectConfirmationData(), id,
postBinding);
+                validSubjectConf = subjectConf;
             }
         }
         
-        return foundBearerSubjectConf;
+        return validSubjectConf;
     }
     
     /**


Mime
View raw message