Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EC50518CA5 for ; Tue, 12 Jan 2016 14:14:41 +0000 (UTC) Received: (qmail 47766 invoked by uid 500); 12 Jan 2016 14:14:41 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 47576 invoked by uid 500); 12 Jan 2016 14:14:41 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 47556 invoked by uid 99); 12 Jan 2016 14:14:41 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Jan 2016 14:14:41 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 1AD64E0998; Tue, 12 Jan 2016 14:14:41 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Date: Tue, 12 Jan 2016 14:14:42 -0000 Message-Id: <8440c06916a64896b9b8eace25e147dd@git.apache.org> In-Reply-To: <8c40a4045e614e9084ffdc4fddebd399@git.apache.org> References: <8c40a4045e614e9084ffdc4fddebd399@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [2/3] cxf git commit: Fallback to the SubjectConfirmationData NotOnOrAfter if there is no Session NotOnOrAfter value Fallback to the SubjectConfirmationData NotOnOrAfter if there is no Session NotOnOrAfter value # Conflicts: # rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3940f80c Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3940f80c Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3940f80c Branch: refs/heads/3.0.x-fixes Commit: 3940f80c19c32e0b465b796e1366f023b9f82c60 Parents: e3ada01 Author: Colm O hEigeartaigh Authored: Tue Jan 12 14:08:37 2016 +0000 Committer: Colm O hEigeartaigh Committed: Tue Jan 12 14:10:38 2016 +0000 ---------------------------------------------------------------------- .../saml/sso/SAMLSSOResponseValidator.java | 24 ++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/3940f80c/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java index d41f3bd..e7aabcf 100644 --- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java +++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java @@ -117,8 +117,15 @@ public class SAMLSSOResponseValidator { // Check for AuthnStatements and validate the Subject accordingly if (assertion.getAuthnStatements() != null && !assertion.getAuthnStatements().isEmpty()) { +<<<<<<< HEAD org.opensaml.saml2.core.Subject subject = assertion.getSubject(); if (validateAuthenticationSubject(subject, assertion.getID(), postBinding)) { +======= + org.opensaml.saml.saml2.core.Subject subject = assertion.getSubject(); + org.opensaml.saml.saml2.core.SubjectConfirmation subjectConf = + validateAuthenticationSubject(subject, assertion.getID(), postBinding); + if (subjectConf != null) { +>>>>>>> ebc5032... Fallback to the SubjectConfirmationData NotOnOrAfter if there is no Session NotOnOrAfter value validateAudienceRestrictionCondition(assertion.getConditions()); validAssertion = assertion; // Store Session NotOnOrAfter @@ -127,6 +134,10 @@ public class SAMLSSOResponseValidator { sessionNotOnOrAfter = authnStatment.getSessionNotOnOrAfter().toDate(); } } + // Fall back to the SubjectConfirmationData NotOnOrAfter if we have no session NotOnOrAfter + if (sessionNotOnOrAfter == null) { + sessionNotOnOrAfter = subjectConf.getSubjectConfirmationData().getNotOnOrAfter().toDate(); + } } } } @@ -179,24 +190,29 @@ public class SAMLSSOResponseValidator { /** * Validate the Subject (of an Authentication Statement). */ +<<<<<<< HEAD private boolean validateAuthenticationSubject( org.opensaml.saml2.core.Subject subject, String id, boolean postBinding +======= + private org.opensaml.saml.saml2.core.SubjectConfirmation validateAuthenticationSubject( + org.opensaml.saml.saml2.core.Subject subject, String id, boolean postBinding +>>>>>>> ebc5032... Fallback to the SubjectConfirmationData NotOnOrAfter if there is no Session NotOnOrAfter value ) throws WSSecurityException { if (subject.getSubjectConfirmations() == null) { - return false; + return null; } - boolean foundBearerSubjectConf = false; + org.opensaml.saml.saml2.core.SubjectConfirmation validSubjectConf = null; // We need to find a Bearer Subject Confirmation method for (org.opensaml.saml2.core.SubjectConfirmation subjectConf : subject.getSubjectConfirmations()) { if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) { - foundBearerSubjectConf = true; validateSubjectConfirmation(subjectConf.getSubjectConfirmationData(), id, postBinding); + validSubjectConf = subjectConf; } } - return foundBearerSubjectConf; + return validSubjectConf; } /**