cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [3/6] cxf-fediz git commit: [FEDIZ-168] Making audience restriction validation optional if no audienceURIs are defined within the fediz plugin configuration
Date Fri, 03 Jun 2016 13:10:25 GMT
[FEDIZ-168] Making audience restriction validation optional if no audienceURIs are defined
within the fediz plugin configuration


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/7ff10899
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/7ff10899
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/7ff10899

Branch: refs/heads/1.2.x-fixes
Commit: 7ff10899b88ec3c163732ebb70777a443c1c285b
Parents: 3d97f13
Author: Jan Bernhardt <jbernhardt@talend.com>
Authored: Thu Jun 2 09:13:51 2016 +0200
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Jun 3 14:05:34 2016 +0100

----------------------------------------------------------------------
 .../org/apache/cxf/fediz/core/config/FedizContext.java   |  3 +++
 .../org/apache/cxf/fediz/core/handler/SigninHandler.java | 11 ++++++-----
 plugins/core/src/main/resources/schemas/FedizConfig.xsd  |  4 ++--
 3 files changed, 11 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/7ff10899/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
index 65b7fa9..2c07d61 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
@@ -83,6 +83,9 @@ public class FedizContext implements Closeable {
     }
 
     public List<String> getAudienceUris() {
+        if (config.getAudienceUris() == null) {
+            return new ArrayList<String>();
+        }
         return config.getAudienceUris().getAudienceItem();
     }
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/7ff10899/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
index c2b8a67..6da695f 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
@@ -103,11 +103,12 @@ public class SigninHandler<T> implements RequestHandler<T>
{
     }
 
     protected boolean validateAudienceRestrictions(String audience, String requestURL) {
-        // Validate the AudienceRestriction in Security Token (e.g. SAML) 
-        boolean validAudience = audience == null;
-        if (!validAudience) {
-            // validate against the configured list of audienceURIs
-            List<String> audienceURIs = fedizContext.getAudienceUris();
+        // Validate the AudienceRestriction in Security Token (e.g. SAML)
+     // validate against the configured list of audienceURIs
+        List<String> audienceURIs = fedizContext.getAudienceUris();
+        boolean validAudience = audienceURIs.isEmpty() && audience == null;
+        if (!validAudience && audience != null) {
+            
             for (String a : audienceURIs) {
                 if (audience.startsWith(a)) {
                     validAudience = true;

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/7ff10899/plugins/core/src/main/resources/schemas/FedizConfig.xsd
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/resources/schemas/FedizConfig.xsd b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
index f763bfd..d8a6ff3 100644
--- a/plugins/core/src/main/resources/schemas/FedizConfig.xsd
+++ b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
@@ -13,7 +13,7 @@
     <xs:element name="contextConfig">
         <xs:complexType>
             <xs:sequence>
-                <xs:element ref="audienceUris" />
+                <xs:element ref="audienceUris" minOccurs="0" />
                 <xs:element ref="certificateValidation" />
                 <xs:element ref="certificateStores" />
                 <xs:element ref="tokenExpirationValidation" minOccurs="0" />
@@ -62,7 +62,7 @@
             </xs:documentation>
         </xs:annotation>
         <xs:complexType>
-            <xs:sequence minOccurs="1" maxOccurs="unbounded">
+            <xs:sequence minOccurs="0" maxOccurs="unbounded">
                 <xs:element ref="audienceItem" />
             </xs:sequence>
         </xs:complexType>


Mime
View raw message