cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf-fediz git commit: Fixing findbugs problems identified in the plugins
Date Tue, 22 Nov 2016 15:49:31 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/1.2.x-fixes 0f5ae8cea -> f1159f3a7


Fixing findbugs problems identified in the plugins


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/f1159f3a
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/f1159f3a
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/f1159f3a

Branch: refs/heads/1.2.x-fixes
Commit: f1159f3a74055b58b6a5e7c536b08892c578b910
Parents: 0f5ae8c
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Nov 22 15:15:42 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Nov 22 15:49:22 2016 +0000

----------------------------------------------------------------------
 .../cxf/fediz/core/TokenValidatorRequest.java   | 12 +++++--
 .../cxf/fediz/core/TokenValidatorResponse.java  | 22 +++++++++---
 .../org/apache/cxf/fediz/core/config/Claim.java | 13 +++++++-
 .../fediz/core/config/FedizConfigurator.java    | 16 +++++++--
 .../cxf/fediz/core/config/FedizContext.java     | 14 ++++----
 .../apache/cxf/fediz/core/config/Protocol.java  | 15 +++++++--
 .../cxf/fediz/core/config/TrustManager.java     | 18 +++++++---
 .../cxf/fediz/core/config/TrustedIssuer.java    | 16 ++++++++-
 .../cxf/fediz/core/handler/LogoutHandler.java   |  8 +++--
 .../cxf/fediz/core/handler/SigninHandler.java   |  4 +--
 .../core/processor/FederationProcessorImpl.java | 35 ++++++++++++++------
 .../cxf/fediz/core/processor/FedizRequest.java  | 14 ++++++--
 .../cxf/fediz/core/processor/FedizResponse.java | 20 ++++++++---
 .../fediz/core/processor/SAMLProcessorImpl.java |  5 +++
 .../cxf/fediz/core/saml/SAMLTokenValidator.java |  4 ++-
 .../core/samlsso/SSOValidatorResponse.java      | 11 ++++--
 .../samlsso/SamlpRequestComponentBuilder.java   |  2 +-
 .../plugin/AbstractServiceProviderFilter.java   |  2 +-
 .../cxf/plugin/FedizRedirectBindingFilter.java  |  5 +--
 .../fediz/jetty/FederationAuthenticator.java    | 12 +++----
 .../cxf/fediz/jetty/FederationUserIdentity.java |  5 ++-
 ...erationPreAuthenticatedProcessingFilter.java | 10 +++---
 .../web/FederationAuthenticationEntryPoint.java |  5 +--
 .../FederationAuthenticationFailureHandler.java |  5 +--
 .../web/FederationLogoutSuccessHandler.java     |  5 +--
 ...erationPreAuthenticatedProcessingFilter.java | 10 +++---
 .../web/FederationAuthenticationEntryPoint.java |  5 +--
 .../web/FederationAuthenticationFilter.java     |  5 +--
 .../fediz/tomcat/FederationAuthenticator.java   | 14 ++++----
 29 files changed, 227 insertions(+), 85 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorRequest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorRequest.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorRequest.java
index 828b8e9..05178bb 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorRequest.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorRequest.java
@@ -20,6 +20,7 @@
 package org.apache.cxf.fediz.core;
 
 import java.security.cert.Certificate;
+import java.util.Arrays;
 
 import org.w3c.dom.Element;
 
@@ -30,7 +31,11 @@ public class TokenValidatorRequest {
 
     public TokenValidatorRequest(Element token, Certificate[] certs) {
         this.token = token;
-        this.certs = certs;
+        if (certs != null) {
+            this.certs = Arrays.copyOf(certs, certs.length);
+        } else {
+            this.certs = null;
+        }
     }
 
     public Element getToken() {
@@ -38,7 +43,10 @@ public class TokenValidatorRequest {
     }
 
     public Certificate[] getCerts() {
-        return certs;
+        if (certs != null) {
+            return Arrays.copyOf(certs, certs.length);
+        }
+        return null;
     }
 
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java
index a52638f..11a2740 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java
@@ -66,21 +66,35 @@ public class TokenValidatorResponse {
     }
 
     public Date getExpires() {
-        return expires;
+        if (expires != null) {
+            return new Date(expires.getTime());
+        }
+        return null;
     }
 
     public void setExpires(Date expires) {
-        this.expires = expires;
+        if (expires != null) {
+            this.expires = new Date(expires.getTime());
+        } else {
+            this.expires = null;
+        }
     }
 
 
     public Date getCreated() {
-        return created;
+        if (created != null) {
+            return new Date(created.getTime());
+        }
+        return null;
     }
 
 
     public void setCreated(Date created) {
-        this.created = created;
+        if (created != null) {
+            this.created = new Date(created.getTime());
+        } else {
+            this.created = null;
+        }
     }
 
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Claim.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Claim.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Claim.java
index 657890d..080d2ae 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Claim.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Claim.java
@@ -59,7 +59,18 @@ public class Claim {
     }
 
     public boolean equals(Object obj) {
-        return claimType.equals(obj);
+        if (!(obj instanceof Claim)) {
+            return false;
+        }
+        
+        Claim that = (Claim)obj;
+        if (claimType != null && !claimType.equals(that.getClaimType())) {
+            return false;
+        } else if (claimType == null && that.getClaimType() != null) {
+            return false;
+        }
+        
+        return true;
     }
 
     public String toString() {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizConfigurator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizConfigurator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizConfigurator.java
index 8cd0b91..28a58c1 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizConfigurator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizConfigurator.java
@@ -21,7 +21,8 @@ package org.apache.cxf.fediz.core.config;
 
 import java.io.File;
 import java.io.FileInputStream;
-import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
 import java.io.Reader;
 import java.io.Writer;
 import java.util.ArrayList;
@@ -41,8 +42,17 @@ public class FedizConfigurator {
     
     private List<FedizContext> fedizContextList;
 
-    public FedizConfig loadConfig(File f) throws JAXBException, FileNotFoundException {
-        rootConfig = (FedizConfig) getJaxbContext().createUnmarshaller().unmarshal(new FileInputStream(f));
+    public FedizConfig loadConfig(File f) throws JAXBException, IOException {
+        InputStream input = null;
+        try {
+            input = new FileInputStream(f);
+            rootConfig = (FedizConfig) getJaxbContext().createUnmarshaller().unmarshal(input);
+        } finally {
+            if (input != null) {
+                input.close();
+            }
+        }
+       
         parseFedizContextList();
         return rootConfig;
     }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
index 85f136f..b5dd37d 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
@@ -131,11 +131,7 @@ public class FedizContext implements Closeable {
     }
 
     public BigInteger getMaximumClockSkew() {
-        if (config.getMaximumClockSkew() == null) {
-            return BigInteger.valueOf(5L);
-        } else {
-            return config.getMaximumClockSkew();
-        }
+        return config.getMaximumClockSkew();
     }
     
     public void setMaximumClockSkew(BigInteger maximumClockSkew) {
@@ -293,7 +289,9 @@ public class FedizContext implements Closeable {
                 // WSS4J will re-load the resource anyway
                 trustStoreFile = ks.getResource();
             }
-        } else {
+        }
+        
+        if (trustStoreFile == null) {
             throw new IllegalStateException("No certificate store configured");
         }
         File f = new File(trustStoreFile);
@@ -331,7 +329,9 @@ public class FedizContext implements Closeable {
                 // WSS4J will re-load the resource anyway
                 keyStoreFile = ks.getResource();
             }
-        } else {
+        }
+        
+        if (keyStoreFile == null) {
             throw new IllegalStateException("No certificate store configured");
         }
         File f = new File(keyStoreFile);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
index 8f82cdf..9f22b32 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
@@ -78,7 +78,18 @@ public abstract class Protocol {
     }
 
     public boolean equals(Object obj) {
-        return protocolType.equals(obj);
+        if (!(obj instanceof Protocol)) {
+            return false;
+        }
+        
+        Protocol that = (Protocol)obj;
+        if (protocolType != null && !protocolType.equals(that.getProtocolType())) {
+            return false;
+        } else if (protocolType == null && that.getProtocolType() != null) {
+            return false;
+        }
+        
+        return true;
     }
 
     public String toString() {
@@ -168,7 +179,7 @@ public abstract class Protocol {
             return null;
         }
         if (cbt.getType() == null || cbt.getType().equals(ArgumentType.STRING)) {
-            return new String(cbt.getValue());
+            return cbt.getValue();
         } else if (cbt.getType().equals(ArgumentType.CLASS)) {
             try {
                 if (getClassloader() == null) {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
index cb94615..c82b719 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
@@ -74,11 +74,18 @@ public class TrustManager {
     }
     
     public boolean equals(Object obj) {
-        if (trustManagerType == null) {
-            return super.equals(obj);
-        } else {
-            return trustManagerType.equals(obj);
+        if (!(obj instanceof TrustManager)) {
+            return false;
+        }
+        
+        TrustManager that = (TrustManager)obj;
+        if (trustManagerType != null && !trustManagerType.equals(that.getTrustManagersType())) {
+            return false;
+        } else if (trustManagerType == null && that.getTrustManagersType() != null) {
+            return false;
         }
+        
+        return true;
     }
 
     public String toString() {
@@ -89,5 +96,8 @@ public class TrustManager {
         }
     }
     
+    public TrustManagersType getTrustManagersType() {
+        return trustManagerType;
+    }
 
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java
index 697fa87..322a451 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java
@@ -98,12 +98,26 @@ public class TrustedIssuer {
     }
     
     public boolean equals(Object obj) {
-        return trustedIssuerType.equals(obj);
+        if (!(obj instanceof TrustedIssuer)) {
+            return false;
+        }
+        
+        TrustedIssuer that = (TrustedIssuer)obj;
+        if (trustedIssuerType != null && !trustedIssuerType.equals(that.getTrustedIssuerType())) {
+            return false;
+        } else if (trustedIssuerType == null && that.getTrustedIssuerType() != null) {
+            return false;
+        }
+        
+        return true;
     }
 
     public String toString() {
         return trustedIssuerType.toString();
     }
     
+    public TrustedIssuerType getTrustedIssuerType() {
+        return trustedIssuerType;
+    }
 
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/LogoutHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/LogoutHandler.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/LogoutHandler.java
index af532ae..79d6fce 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/LogoutHandler.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/LogoutHandler.java
@@ -20,7 +20,9 @@ package org.apache.cxf.fediz.core.handler;
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.net.URLEncoder;
 import java.util.Map;
+import java.util.Map.Entry;
 
 import javax.servlet.ServletOutputStream;
 import javax.servlet.http.HttpServletRequest;
@@ -90,7 +92,7 @@ public class LogoutHandler implements RequestHandler<Boolean> {
         if (wreply != null && !wreply.isEmpty()) {
             try {
                 LOG.debug("Redirecting user after logout to: {}", wreply);
-                response.sendRedirect(wreply);
+                response.sendRedirect(URLEncoder.encode(wreply, "UTF-8"));
             } catch (IOException e) {
                 LOG.error("Error redirecting user after logout: {}", e.getMessage());
             }
@@ -119,8 +121,8 @@ public class LogoutHandler implements RequestHandler<Boolean> {
             if (redirectURL != null) {
                 Map<String, String> headers = redirectionResponse.getHeaders();
                 if (!headers.isEmpty()) {
-                    for (String headerName : headers.keySet()) {
-                        response.addHeader(headerName, headers.get(headerName));
+                    for (Entry<String, String> entry : headers.entrySet()) {
+                        response.addHeader(entry.getKey(), entry.getValue());
                     }
                 }
                 response.sendRedirect(redirectURL);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
index a214d9e..11cf3b6 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
@@ -137,12 +137,12 @@ public class SigninHandler<T> implements RequestHandler<T> {
         if (fedizContext.getProtocol() instanceof FederationProtocol) {
             token = request.getParameter(FederationConstants.PARAM_RESULT);
             if (token == null) {
-                new RuntimeException("Missing required parameter 'wresult'");
+                throw new RuntimeException("Missing required parameter 'wresult'");
             }
         } else if (fedizContext.getProtocol() instanceof SAMLProtocol) {
             token = request.getParameter(SAMLSSOConstants.SAML_RESPONSE);
             if (token == null) {
-                new RuntimeException("Missing required parameter 'SAMLResponse'");
+                throw new RuntimeException("Missing required parameter 'SAMLResponse'");
             }
         }
         return token;

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
index 4e285f9..1e822e3 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
@@ -32,6 +32,7 @@ import java.util.Collections;
 import java.util.Date;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
 import java.util.UUID;
 
 import javax.security.auth.callback.Callback;
@@ -316,22 +317,36 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
         }
     }
 
-    public class LifeTime {
+    public static class LifeTime {
 
-        private Date created;
-        private Date expires;
+        private final Date created;
+        private final Date expires;
 
         public LifeTime(Date created, Date expires) {
-            this.created = created;
-            this.expires = expires;
+            if (created != null) {
+                this.created = new Date(created.getTime());
+            } else {
+                this.created = null;
+            }
+            if (expires != null) {
+                this.expires = new Date(expires.getTime());
+            } else {
+                this.expires = null;
+            }
         }
 
         public Date getCreated() {
-            return created;
+            if (created != null) {
+                return new Date(created.getTime());
+            }
+            return null;
         }
 
         public Date getExpires() {
-            return expires;
+            if (expires != null) {
+                return new Date(expires.getTime());
+            }
+            return null;
         }
 
     }
@@ -457,7 +472,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
             redirectURL = redirectURL + "?" + sb.toString();
         } catch (Exception ex) {
             LOG.error("Failed to create SignInRequest", ex);
-            throw new ProcessingException("Failed to create SignInRequest");
+            throw new ProcessingException("Failed to create SignInRequest", ex);
         }
 
         RedirectionResponse response = new RedirectionResponse();
@@ -529,11 +544,11 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
                 });
                 Map<String, String> signInQueryMap = callback.getSignInQueryParamMap();
                 StringBuilder sbQuery = new StringBuilder();
-                for (String key : signInQueryMap.keySet()) {
+                for (Entry<String, String> entry : signInQueryMap.entrySet()) {
                     if (sbQuery.length() > 0) {
                         sbQuery.append("&");
                     }
-                    sbQuery.append(key).append('=').append(URLEncoder.encode(signInQueryMap.get(key), "UTF-8"));
+                    sbQuery.append(entry.getKey()).append('=').append(URLEncoder.encode(entry.getValue(), "UTF-8"));
                 }
                 signInQuery = sbQuery.toString();
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
index bce07ee..e71c0cb 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
@@ -21,6 +21,7 @@ package org.apache.cxf.fediz.core.processor;
 
 import java.io.Serializable;
 import java.security.cert.Certificate;
+import java.util.Arrays;
 
 import javax.servlet.http.HttpServletRequest;
 
@@ -35,14 +36,21 @@ public class FedizRequest implements Serializable {
     private String freshness;
     private String state;
     private Certificate[] certs;
-    private HttpServletRequest request;
+    private transient HttpServletRequest request;
     private RequestState requestState;
 
     public Certificate[] getCerts() {
-        return certs;
+        if (certs != null) {
+            return Arrays.copyOf(certs, certs.length);
+        }
+        return null;
     }
     public void setCerts(Certificate[] certs) {
-        this.certs = certs;
+        if (certs != null) {
+            this.certs = Arrays.copyOf(certs, certs.length);
+        } else {
+            this.certs = null;
+        }
     }
     public String getResponseToken() {
         return responseToken;

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizResponse.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizResponse.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizResponse.java
index e1a1e01..255765d 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizResponse.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizResponse.java
@@ -37,7 +37,7 @@ public class FedizResponse implements Serializable {
     private List<String> roles;
     private String issuer;
     private List<Claim> claims;
-    private Element token;
+    private transient Element token;
     private String uniqueTokenId;
 
     /**
@@ -58,8 +58,12 @@ public class FedizResponse implements Serializable {
         this.roles = roles;
         this.claims = claims;
         this.audience = audience;
-        this.tokenCreated = created;
-        this.tokenExpires = expires;
+        if (created != null) {
+            this.tokenCreated = new Date(created.getTime());
+        }
+        if (expires != null) {
+            this.tokenExpires = new Date(expires.getTime());
+        }
         this.token = token;
         this.uniqueTokenId = uniqueTokenId;
     }
@@ -95,11 +99,17 @@ public class FedizResponse implements Serializable {
     }
 
     public Date getTokenCreated() {
-        return tokenCreated;
+        if (tokenCreated != null) {
+            return new Date(tokenCreated.getTime());
+        }
+        return null;
     }
 
     public Date getTokenExpires() {
-        return tokenExpires;
+        if (tokenExpires != null) {
+            return new Date(tokenExpires.getTime());
+        }
+        return null;
     }
 
     public Element getToken() {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
index ed6dd31..4d7a390 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
@@ -201,6 +201,11 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
             }
         }
         
+        if (validatorResponse == null) {
+            LOG.warn("No token validation response was available");
+            throw new ProcessingException(TYPE.BAD_REQUEST);
+        }
+        
         // Check whether token already used for signin
         Date expires = validatorResponse.getExpires();
         if (expires == null) {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
index 7174afc..620ab54 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
@@ -195,8 +195,10 @@ public class SAMLTokenValidator implements TokenValidator {
                     .equals(SAMLVersion.VERSION_11)) {
                 claims = parseClaimsInAssertion(assertion.getSaml1());
                 audience = getAudienceRestriction(assertion.getSaml1());
+            } else {
+                claims = Collections.emptyList();
             }
-
+            
             List<String> roles = parseRoles(config, claims);
             
             SAMLTokenPrincipal p = new SAMLTokenPrincipalImpl(assertion);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java
index 61e748d..b8b3969 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java
@@ -40,11 +40,18 @@ public class SSOValidatorResponse {
     }
     
     public Date getSessionNotOnOrAfter() {
-        return sessionNotOnOrAfter;
+        if (sessionNotOnOrAfter != null) {
+            return new Date(sessionNotOnOrAfter.getTime());
+        }
+        return null;
     }
     
     public void setSessionNotOnOrAfter(Date sessionNotOnOrAfter) {
-        this.sessionNotOnOrAfter = sessionNotOnOrAfter;
+        if (sessionNotOnOrAfter != null) {
+            this.sessionNotOnOrAfter = new Date(sessionNotOnOrAfter.getTime());
+        } else {
+            this.sessionNotOnOrAfter = null;
+        }
     }
     
     public String getResponseId() {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java
index 12bec45..a2f7cac 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java
@@ -215,4 +215,4 @@ public final class SamlpRequestComponentBuilder {
         return authnCtxClassRef;
     }
     
-}
\ No newline at end of file
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
index b9e89a9..e673c6c 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
@@ -243,7 +243,7 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
         return getContextConfiguration(contextName);
     }
     
-    protected FedizContext getContextConfiguration(String contextName) {
+    protected synchronized FedizContext getContextConfiguration(String contextName) {
         if (configurator == null) {
             throw new IllegalStateException("No Fediz configuration available");
         }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
index 1f1e3c8..4b37650 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
@@ -25,6 +25,7 @@ import java.util.Collections;
 import java.util.Date;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
 import java.util.UUID;
 
 import javax.servlet.ServletOutputStream;
@@ -277,8 +278,8 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter {
                         ResponseBuilder response = Response.seeOther(new URI(redirectURL));
                         Map<String, String> headers = redirectionResponse.getHeaders();
                         if (!headers.isEmpty()) {
-                            for (String headerName : headers.keySet()) {
-                                response.header(headerName, headers.get(headerName));
+                            for (Entry<String, String> entry : headers.entrySet()) {
+                                response.header(entry.getKey(), entry.getValue());
                             }
                         }
     

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
index 75b19ed..9b2c684 100644
--- a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
+++ b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
@@ -20,7 +20,6 @@
 package org.apache.cxf.fediz.jetty;
 
 import java.io.File;
-import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.PrintWriter;
@@ -28,6 +27,7 @@ import java.io.UnsupportedEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.Date;
 import java.util.Map;
+import java.util.Map.Entry;
 
 import javax.servlet.ServletOutputStream;
 import javax.servlet.ServletRequest;
@@ -125,7 +125,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
                     e);
             //throw new ServerAuthException("Failed to load Fediz configuration",
             //                              e);
-        } catch (FileNotFoundException e) {
+        } catch (IOException e) {
             //[TODO] use other exception
             throw new RuntimeException("Failed to load Fediz configuration",
                     e);
@@ -503,8 +503,8 @@ public class FederationAuthenticator extends LoginAuthenticator {
             if (redirectURL != null) {
                 Map<String, String> headers = redirectionResponse.getHeaders();
                 if (!headers.isEmpty()) {
-                    for (String headerName : headers.keySet()) {
-                        response.addHeader(headerName, headers.get(headerName));
+                    for (Entry<String, String> entry : headers.entrySet()) {
+                        response.addHeader(entry.getKey(), entry.getValue());
                     }
                 }
                 
@@ -539,8 +539,8 @@ public class FederationAuthenticator extends LoginAuthenticator {
             if (redirectURL != null) {
                 Map<String, String> headers = redirectionResponse.getHeaders();
                 if (!headers.isEmpty()) {
-                    for (String headerName : headers.keySet()) {
-                        response.addHeader(headerName, headers.get(headerName));
+                    for (Entry<String, String> entry : headers.entrySet()) {
+                        response.addHeader(entry.getKey(), entry.getValue());
                     }
                 }
                 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserIdentity.java
----------------------------------------------------------------------
diff --git a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserIdentity.java b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserIdentity.java
index ffe4372..524877a 100644
--- a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserIdentity.java
+++ b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserIdentity.java
@@ -21,6 +21,7 @@ package org.apache.cxf.fediz.jetty;
 
 
 import java.security.Principal;
+import java.util.Arrays;
 import java.util.Date;
 
 import javax.security.auth.Subject;
@@ -40,7 +41,9 @@ public class FederationUserIdentity implements UserIdentity {
                                   String[] roles, FedizResponse fedResponse) {
         this.subject = subject;
         this.principal = principal;
-        this.roles = roles;
+        if (roles != null) {
+            this.roles = Arrays.copyOf(roles, roles.length);
+        }
         this.fedResponse = fedResponse;
     }
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
index ddd0d83..55c628e 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
@@ -19,6 +19,8 @@
 
 package org.apache.cxf.fediz.spring.preauth;
 
+import java.security.Principal;
+
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.cxf.fediz.core.FedizPrincipal;
@@ -38,10 +40,10 @@ public class FederationPreAuthenticatedProcessingFilter extends AbstractPreAuthe
      * Return the J2EE user name.
      */
     protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
-        Object principal = httpRequest.getUserPrincipal();
+        Principal principal = httpRequest.getUserPrincipal();
         if (logger.isDebugEnabled()) {
             logger.debug("PreAuthenticated J2EE principal: "
-                         + httpRequest.getUserPrincipal() == null ? null : httpRequest.getUserPrincipal().getName());
+                         + principal == null ? null : principal.getName());
         }
         return principal;
     }
@@ -52,7 +54,7 @@ public class FederationPreAuthenticatedProcessingFilter extends AbstractPreAuthe
      * value.
      */
     protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) {
-        Object principal = httpRequest.getUserPrincipal() == null ? null : httpRequest.getUserPrincipal();
+        Principal principal = httpRequest.getUserPrincipal() == null ? null : httpRequest.getUserPrincipal();
         if (principal instanceof FedizPrincipal) {
             Object obj = httpRequest.getSession(false).getAttribute(SECURITY_TOKEN_ATTR);
             if (obj != null)  {
@@ -62,7 +64,7 @@ public class FederationPreAuthenticatedProcessingFilter extends AbstractPreAuthe
                 throw new IllegalStateException("Session must contain Federation response");
             }
         } else {
-            logger.error("Principal must be instance of FedizPrincipal: " + principal.toString());
+            logger.error("Principal must be instance of FedizPrincipal: " + principal);
             throw new IllegalStateException("Principal must be instance of FedizPrincipal");
         }
         //return "N/A";

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
index 9749927..3c63554 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
@@ -22,6 +22,7 @@ package org.apache.cxf.fediz.spring.web;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.util.Map;
+import java.util.Map.Entry;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -122,8 +123,8 @@ public class FederationAuthenticationEntryPoint implements AuthenticationEntryPo
             
             Map<String, String> headers = redirectionResponse.getHeaders();
             if (!headers.isEmpty()) {
-                for (String headerName : headers.keySet()) {
-                    response.addHeader(headerName, headers.get(headerName));
+                for (Entry<String, String> entry : headers.entrySet()) {
+                    response.addHeader(entry.getKey(), entry.getValue());
                 }
             }
             

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFailureHandler.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFailureHandler.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFailureHandler.java
index 0b9069a..c1dd134 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFailureHandler.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFailureHandler.java
@@ -21,6 +21,7 @@ package org.apache.cxf.fediz.spring.web;
 
 import java.io.IOException;
 import java.util.Map;
+import java.util.Map.Entry;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -72,8 +73,8 @@ public class FederationAuthenticationFailureHandler extends SimpleUrlAuthenticat
                 
                 Map<String, String> headers = redirectionResponse.getHeaders();
                 if (!headers.isEmpty()) {
-                    for (String headerName : headers.keySet()) {
-                        response.addHeader(headerName, headers.get(headerName));
+                    for (Entry<String, String> entry : headers.entrySet()) {
+                        response.addHeader(entry.getKey(), entry.getValue());
                     }
                 }
                 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutSuccessHandler.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutSuccessHandler.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutSuccessHandler.java
index 8d6c5fe..e803e4b 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutSuccessHandler.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutSuccessHandler.java
@@ -20,6 +20,7 @@ package org.apache.cxf.fediz.spring.web;
 
 import java.io.IOException;
 import java.util.Map;
+import java.util.Map.Entry;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -65,8 +66,8 @@ public class FederationLogoutSuccessHandler implements LogoutSuccessHandler {
             if (redirectURL != null) {
                 Map<String, String> headers = redirectionResponse.getHeaders();
                 if (!headers.isEmpty()) {
-                    for (String headerName : headers.keySet()) {
-                        response.addHeader(headerName, headers.get(headerName));
+                    for (Entry<String, String> entry : headers.entrySet()) {
+                        response.addHeader(entry.getKey(), entry.getValue());
                     }
                 }
                 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
index 7aae276..39ea329 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
@@ -19,6 +19,8 @@
 
 package org.apache.cxf.fediz.spring.preauth;
 
+import java.security.Principal;
+
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.cxf.fediz.core.FedizPrincipal;
@@ -39,10 +41,10 @@ public class FederationPreAuthenticatedProcessingFilter extends AbstractPreAuthe
      * Return the J2EE user name.
      */
     protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
-        Object principal = httpRequest.getUserPrincipal();
+        Principal principal = httpRequest.getUserPrincipal();
         if (logger.isDebugEnabled()) {
             logger.debug("PreAuthenticated J2EE principal: "
-                         + httpRequest.getUserPrincipal() == null ? null : httpRequest.getUserPrincipal().getName());
+                         + principal == null ? null : principal.getName());
         }
         return principal;
     }
@@ -53,7 +55,7 @@ public class FederationPreAuthenticatedProcessingFilter extends AbstractPreAuthe
      * value.
      */
     protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) {
-        Object principal = httpRequest.getUserPrincipal() == null ? null : httpRequest.getUserPrincipal();
+        Principal principal = httpRequest.getUserPrincipal() == null ? null : httpRequest.getUserPrincipal();
         if (principal instanceof FedizPrincipal) {
             Object obj = httpRequest.getSession(false).getAttribute(SECURITY_TOKEN_ATTR);
             if (obj != null)  {
@@ -63,7 +65,7 @@ public class FederationPreAuthenticatedProcessingFilter extends AbstractPreAuthe
                 throw new IllegalStateException("Session must contain Federation response");
             }
         } else {
-            logger.error("Principal must be instance of FedizPrincipal: " + principal.toString());
+            logger.error("Principal must be instance of FedizPrincipal: " + principal);
             throw new IllegalStateException("Principal must be instance of FedizPrincipal");
         }
         //return "N/A";

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
index 851f253..3ba4693 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
@@ -22,6 +22,7 @@ package org.apache.cxf.fediz.spring.web;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.util.Map;
+import java.util.Map.Entry;
 
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
@@ -157,8 +158,8 @@ public class FederationAuthenticationEntryPoint implements AuthenticationEntryPo
             
             Map<String, String> headers = redirectionResponse.getHeaders();
             if (!headers.isEmpty()) {
-                for (String headerName : headers.keySet()) {
-                    hresponse.addHeader(headerName, headers.get(headerName));
+                for (Entry<String, String> entry : headers.entrySet()) {
+                    hresponse.addHeader(entry.getKey(), entry.getValue());
                 }
             }
             

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index 972f182..61d5f60 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -23,6 +23,7 @@ import java.io.IOException;
 import java.security.cert.X509Certificate;
 import java.util.Date;
 import java.util.Map;
+import java.util.Map.Entry;
 
 import javax.servlet.ServletRequest;
 import javax.servlet.http.HttpServletRequest;
@@ -153,8 +154,8 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter {
                 
                 Map<String, String> headers = redirectionResponse.getHeaders();
                 if (!headers.isEmpty()) {
-                    for (String headerName : headers.keySet()) {
-                        response.addHeader(headerName, headers.get(headerName));
+                    for (Entry<String, String> entry : headers.entrySet()) {
+                        response.addHeader(entry.getKey(), entry.getValue());
                     }
                 }
                 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1159f3a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
index 7efd5ba..a7b28a5 100644
--- a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
+++ b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
@@ -20,12 +20,12 @@
 package org.apache.cxf.fediz.tomcat;
 
 import java.io.File;
-import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.security.Principal;
 import java.util.Date;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -126,7 +126,7 @@ public class FederationAuthenticator extends FormAuthenticator {
             LOG.debug("Fediz configuration read from " + f.getAbsolutePath());
         } catch (JAXBException e) {
             throw new LifecycleException("Failed to load Fediz configuration", e);
-        } catch (FileNotFoundException e) {
+        } catch (IOException e) {
             throw new LifecycleException("Failed to load Fediz configuration", e);
         }
         super.startInternal();
@@ -150,7 +150,7 @@ public class FederationAuthenticator extends FormAuthenticator {
         super.stopInternal();
     }
 
-    protected FedizContext getContextConfiguration(String contextName) {
+    protected synchronized FedizContext getContextConfiguration(String contextName) {
         if (configurator == null) {
             throw new IllegalStateException("No Fediz configuration available");
         }
@@ -301,8 +301,8 @@ public class FederationAuthenticator extends FormAuthenticator {
             if (redirectURL != null) {
                 Map<String, String> headers = redirectionResponse.getHeaders();
                 if (!headers.isEmpty()) {
-                    for (String headerName : headers.keySet()) {
-                        response.addHeader(headerName, headers.get(headerName));
+                    for (Entry<String, String> entry : headers.entrySet()) {
+                        response.addHeader(entry.getKey(), entry.getValue());
                     }
                 }
 
@@ -345,7 +345,9 @@ public class FederationAuthenticator extends FormAuthenticator {
     protected void saveRequest(Request request, String contextId) throws IOException {
         String uri = request.getDecodedRequestURI();
         Session session = request.getSessionInternal(true);
-        LOG.debug("Save request in session '{}'", session.getIdInternal());
+        if (session != null) {
+            LOG.debug("Save request in session '{}'", session.getIdInternal());
+        }
         if (session != null && uri != null) {
             SavedRequest saved;
             synchronized (session) {


Mime
View raw message