cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbernha...@apache.org
Subject cxf git commit: [CXF-6809][FEDIZ-156] SAMLRequest ID must not start with a number
Date Tue, 01 Mar 2016 08:13:00 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 8f226d9ed -> 073529c95


[CXF-6809][FEDIZ-156] SAMLRequest ID must not start with a number


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/073529c9
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/073529c9
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/073529c9

Branch: refs/heads/3.1.x-fixes
Commit: 073529c953211160cf9392334a1f9546cb4e0a45
Parents: 8f226d9
Author: Jan Bernhardt <jbernhardt@talend.com>
Authored: Tue Mar 1 08:43:32 2016 +0100
Committer: Jan Bernhardt <jbernhardt@talend.com>
Committed: Tue Mar 1 08:59:50 2016 +0100

----------------------------------------------------------------------
 .../security/saml/sso/SamlpRequestComponentBuilder.java  |  2 +-
 .../rs/security/saml/sso/AuthnRequestBuilderTest.java    | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/073529c9/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlpRequestComponentBuilder.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlpRequestComponentBuilder.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlpRequestComponentBuilder.java
index 1125c27..69c4cea3 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlpRequestComponentBuilder.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlpRequestComponentBuilder.java
@@ -78,7 +78,7 @@ public final class SamlpRequestComponentBuilder {
         AuthnRequest authnRequest = authnRequestBuilder.buildObject();
         authnRequest.setAssertionConsumerServiceURL(serviceURL);
         authnRequest.setForceAuthn(forceAuthn);
-        authnRequest.setID(UUID.randomUUID().toString());
+        authnRequest.setID("_" + UUID.randomUUID());
         authnRequest.setIsPassive(isPassive);
         authnRequest.setIssueInstant(new DateTime());
         authnRequest.setProtocolBinding(protocolBinding);

http://git-wip-us.apache.org/repos/asf/cxf/blob/073529c9/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java
index 93b0230..8b58799 100644
--- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java
+++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java
@@ -104,4 +104,15 @@ public class AuthnRequestBuilderTest extends org.junit.Assert {
         assertNotNull(policyElement);
     }
     
+    @org.junit.Test
+    public void testAuthnRequestID() throws Exception {
+        AuthnRequestBuilder authnRequestBuilder = new DefaultAuthnRequestBuilder();
+        AuthnRequest authnRequest = 
+            authnRequestBuilder.createAuthnRequest(
+                new MessageImpl(), "http://localhost:9001/app", "http://localhost:9001/sso"
+            );
+        assertTrue("ID must start with a letter or underscore, and can only contain letters,
digits, "
+            + "underscores, hyphens, and periods.", authnRequest.getID().matches("^[_a-zA-Z][-_0-9a-zA-Z\\.]+$"));
+    }
+    
 }


Mime
View raw message