cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: CXF-7039 - JAX-RS Security SAML web SSO consumer service can not validate SAML response behind reverse proxy
Date Tue, 06 Sep 2016 10:09:13 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes fc2c300d3 -> dac029e0e


CXF-7039 - JAX-RS Security SAML web SSO consumer service can not validate SAML response behind
reverse proxy


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/dac029e0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/dac029e0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/dac029e0

Branch: refs/heads/3.1.x-fixes
Commit: dac029e0ec994f3872b47e6c404a0f207dd3fd3c
Parents: fc2c300
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Sep 6 11:03:55 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Sep 6 11:07:00 2016 +0100

----------------------------------------------------------------------
 .../AbstractRequestAssertionConsumerHandler.java    | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/dac029e0/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
index 0e801f3..7486313 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
@@ -72,6 +72,7 @@ public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSS
     private MessageContext messageContext;
     private String applicationURL;
     private boolean parseApplicationURLFromRelayState;
+    private String assertionConsumerServiceAddress;
     
     @Context 
     public void setMessageContext(MessageContext mc) {
@@ -334,8 +335,11 @@ public abstract class AbstractRequestAssertionConsumerHandler extends
AbstractSS
     ) {
         try {
             SAMLSSOResponseValidator ssoResponseValidator = new SAMLSSOResponseValidator();
-            ssoResponseValidator.setAssertionConsumerURL(
-                messageContext.getUriInfo().getAbsolutePath().toString());
+            String racsAddress = assertionConsumerServiceAddress;
+            if (racsAddress == null) {
+                racsAddress = messageContext.getUriInfo().getAbsolutePath().toString();
+            }
+            ssoResponseValidator.setAssertionConsumerURL(racsAddress);
 
             ssoResponseValidator.setClientAddress(
                  messageContext.getHttpServletRequest().getRemoteAddr());
@@ -402,4 +406,12 @@ public abstract class AbstractRequestAssertionConsumerHandler extends
AbstractSS
         this.parseApplicationURLFromRelayState = parseApplicationURLFromRelayState;
     }
 
+    public String getAssertionConsumerServiceAddress() {
+        return assertionConsumerServiceAddress;
+    }
+
+    public void setAssertionConsumerServiceAddress(String assertionConsumerServiceAddress)
{
+        this.assertionConsumerServiceAddress = assertionConsumerServiceAddress;
+    }
+
 }


Mime
View raw message