cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf-fediz git commit: Findbugs work on the Fediz services
Date Wed, 23 Nov 2016 13:31:44 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 4944104ee -> 467382b88


Findbugs work on the Fediz services


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/467382b8
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/467382b8
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/467382b8

Branch: refs/heads/master
Commit: 467382b88b5652450f648a06a0f6575c7417ed1a
Parents: 4944104
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Nov 23 13:31:31 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Nov 23 13:31:31 2016 +0000

----------------------------------------------------------------------
 .../cxf/fediz/service/idp/FedizEntryPoint.java  |  3 +-
 .../service/idp/STSAuthenticationProvider.java  |  2 +-
 .../idp/STSKrbAuthenticationProvider.java       |  5 ++
 .../cxf/fediz/service/idp/STSUserDetails.java   | 24 +++++++++
 .../service/idp/beans/CommonsURLValidator.java  | 52 ++++++++++++++++++++
 .../idp/beans/PassiveRequestorValidator.java    | 10 ----
 .../service/idp/beans/STSClientAction.java      |  2 +-
 .../kerberos/KerberosServiceRequestToken.java   | 17 +++++--
 .../idp/kerberos/PassThroughKerberosClient.java | 13 ++++-
 .../ApplicationProtocolControllerImpl.java      |  2 +-
 .../fediz/service/idp/rest/IdpServiceImpl.java  | 25 ++++++----
 .../WEB-INF/flows/federation-signin-request.xml |  3 +-
 .../flows/federation-validate-request.xml       |  8 ++-
 .../WEB-INF/flows/saml-signin-request.xml       |  3 +-
 .../oidc/clients/ClientRegistrationService.java |  4 +-
 .../fediz/service/sts/FileClaimsHandler.java    |  2 +-
 .../sts/realms/RealmFileClaimsHandler.java      |  2 +-
 17 files changed, 142 insertions(+), 35 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/467382b8/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FedizEntryPoint.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FedizEntryPoint.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FedizEntryPoint.java
index ea594d3..d266f3c 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FedizEntryPoint.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FedizEntryPoint.java
@@ -95,7 +95,8 @@ public class FedizEntryPoint implements AuthenticationEntryPoint,
         if (loginUri == null) {
             LOG.warn("wauth value '" + wauth + "' not supported");
             response.sendError(
-                    HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "wauth value '" + wauth
+ "' not supported");
+                    HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "The wauth value that was
supplied is not supported");
+            return;
         }
         redirectUrl = new StringBuilder(extractFullContextPath(servletRequest))
             .append(loginUri).append("?").append(servletRequest.getQueryString()).toString();

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/467382b8/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
index dd30a4a..9938b7d 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
@@ -92,7 +92,7 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
             
             List<Claim> claims = parseClaimsInAssertion(assertion.getSaml2());
             for (Claim c : claims) {
-                if (roleURI.equals(c.getClaimType())) {
+                if (c.getClaimType() != null && roleURI.equals(c.getClaimType().toString()))
{
                     Object oValue = c.getValue();
                     if ((oValue instanceof List<?>) && !((List<?>)oValue).isEmpty())
{
                         List<?> values = (List<?>)oValue;

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/467382b8/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
index 9a5dae8..62f4817 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
@@ -132,6 +132,11 @@ public class STSKrbAuthenticationProvider extends STSAuthenticationProvider
{
                     new SAMLTokenPrincipalImpl(new SamlAssertionWrapper(token.getToken()));
             }
             
+            if (kerberosPrincipal == null) {
+                LOG.info("Failed to authenticate user '" + kerberosRequestToken.getName());
+                return null;
+            }
+            
             List<GrantedAuthority> authorities = createAuthorities(token);
             
             KerberosServiceRequestToken ksrt = 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/467382b8/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java
index bc084d7..080bcb4 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java
@@ -46,4 +46,28 @@ public class STSUserDetails extends User {
         return this.token;
     }
 
+    @Override
+    public boolean equals(Object object) {
+        if (!(object instanceof STSUserDetails)) {
+            return false;
+        }
+        
+        if (token != null && !token.equals(((STSUserDetails)object).token)) {
+            return false;
+        } else  if (token == null && ((STSUserDetails)object).token != null) {
+            return false;
+        }
+        
+        return super.equals(object);
+    }
+    
+    @Override
+    public int hashCode() {
+        int hashCode = 17;
+        if (token != null) {
+            hashCode *= 31 * token.hashCode();
+        }
+        
+        return hashCode * super.hashCode();
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/467382b8/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/CommonsURLValidator.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/CommonsURLValidator.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/CommonsURLValidator.java
new file mode 100644
index 0000000..25780d2
--- /dev/null
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/CommonsURLValidator.java
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.beans;
+
+import org.apache.commons.validator.routines.UrlValidator;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Component;
+import org.springframework.webflow.execution.RequestContext;
+
+/**
+ * Validate a URL using Commons Validator
+ */
+@Component
+public class CommonsURLValidator {
+
+    private static final Logger LOG = LoggerFactory.getLogger(CommonsURLValidator.class);
+
+    public boolean isValid(RequestContext context, String endpointAddress)
+        throws Exception {
+        if (endpointAddress == null) {
+            return true;
+        }
+        
+        // The endpointAddress address must be a valid URL + start with http(s)
+        // Validate it first using commons-validator
+        UrlValidator urlValidator = new UrlValidator(new String[] {"http", "https"}, UrlValidator.ALLOW_LOCAL_URLS);
+        if (!urlValidator.isValid(endpointAddress)) {
+            LOG.warn("The given endpointAddress parameter {} is not a valid URL", endpointAddress);
+            return false;
+        }
+        
+        return true;
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/467382b8/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
index d7e5bbc..0393d4f 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
@@ -20,7 +20,6 @@ package org.apache.cxf.fediz.service.idp.beans;
 
 import java.util.regex.Matcher;
 
-import org.apache.commons.validator.routines.UrlValidator;
 import org.apache.cxf.fediz.service.idp.domain.Application;
 import org.apache.cxf.fediz.service.idp.domain.Idp;
 import org.apache.cxf.fediz.service.idp.util.WebUtils;
@@ -53,15 +52,6 @@ public class PassiveRequestorValidator {
         
         // The endpointAddress address must match the passive endpoint requestor constraint

         // (if it is specified)
-        // Also, it must be a valid URL + start with https
-        // Validate it first using commons-validator
-        UrlValidator urlValidator = new UrlValidator(UrlValidator.ALLOW_LOCAL_URLS
-                                                     + UrlValidator.ALLOW_ALL_SCHEMES);
-        if (!urlValidator.isValid(endpointAddress)) {
-            LOG.warn("The given endpointAddress parameter {} is not a valid URL", endpointAddress);
-            return false;
-        }
-
         if (serviceConfig.getCompiledPassiveRequestorEndpointConstraint() == null) {
             LOG.warn("No passive requestor endpoint constraint is configured for the application.
"
                 + "This could lead to a malicious redirection attack");

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/467382b8/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
index dbe4a25..0c01352 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
@@ -376,7 +376,7 @@ public class STSClientAction {
         writer.writeAttribute("Dialect",
                 HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_05_IDENTITY);
 
-        if (realmClaims != null && realmClaims.size() > 0) {
+        if (realmClaims.size() > 0) {
             for (RequestClaim item : realmClaims) {
                 LOG.debug("  {}", item.getClaimType().toString());
                 writer.writeStartElement("ic", "ClaimType",

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/467382b8/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosServiceRequestToken.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosServiceRequestToken.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosServiceRequestToken.java
index 40308e4..2aba9cf 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosServiceRequestToken.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosServiceRequestToken.java
@@ -67,7 +67,11 @@ public class KerberosServiceRequestToken extends AbstractAuthenticationToken
{
                                        Collection<? extends GrantedAuthority> authorities,

                                        byte[] token) {
         super(authorities);
-        this.token = token;
+        if (token != null) {
+            this.token = Arrays.copyOf(token, token.length);
+        } else {
+            this.token = null;
+        }
         this.principal = principal;
         super.setAuthenticated(true);
     }
@@ -81,7 +85,11 @@ public class KerberosServiceRequestToken extends AbstractAuthenticationToken
{
      */
     public KerberosServiceRequestToken(byte[] token) {
         super(null);
-        this.token = token;
+        if (token != null) {
+            this.token = Arrays.copyOf(token, token.length);
+        } else {
+            this.token = null;
+        }
         this.principal = null;
     }
     
@@ -134,6 +142,9 @@ public class KerberosServiceRequestToken extends AbstractAuthenticationToken
{
     /** Returns the Kerberos token
      */
     public byte[] getToken() {
-        return this.token;
+        if (token != null) {
+            return Arrays.copyOf(token, token.length);
+        }
+        return null;
     }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/467382b8/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/PassThroughKerberosClient.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/PassThroughKerberosClient.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/PassThroughKerberosClient.java
index da665a9..d75b812 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/PassThroughKerberosClient.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/PassThroughKerberosClient.java
@@ -19,6 +19,8 @@
 
 package org.apache.cxf.fediz.service.idp.kerberos;
 
+import java.util.Arrays;
+
 import org.apache.cxf.fediz.core.util.DOMUtils;
 import org.apache.cxf.ws.security.kerberos.KerberosClient;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
@@ -61,11 +63,18 @@ public class PassThroughKerberosClient extends KerberosClient {
     }
 
     public byte[] getToken() {
-        return token;
+        if (token != null) {
+            return Arrays.copyOf(token, token.length);
+        }
+        return null;
     }
 
     public void setToken(byte[] token) {
-        this.token = token;
+        if (token != null) {
+            this.token = Arrays.copyOf(token, token.length);
+        } else {
+            this.token = null;
+        }
     }
 
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/467382b8/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationProtocolControllerImpl.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationProtocolControllerImpl.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationProtocolControllerImpl.java
index 3cd583e..c2be3eb 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationProtocolControllerImpl.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationProtocolControllerImpl.java
@@ -40,7 +40,7 @@ public class ApplicationProtocolControllerImpl implements ProtocolController<App
     @Override
     public ApplicationProtocolHandler getProtocolHandler(String protocol) {
         for (ApplicationProtocolHandler protocolHandler : protocolHandlers) {
-            if (protocolHandler.equals(protocol)) {
+            if (protocolHandler.getProtocol() != null && protocolHandler.getProtocol().equals(protocol))
{
                 return protocolHandler;
             }
         }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/467382b8/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpServiceImpl.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpServiceImpl.java
index 36f859d..d4b5c40 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpServiceImpl.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpServiceImpl.java
@@ -129,9 +129,11 @@ public class IdpServiceImpl implements IdpService {
     @Override
     public Response addApplicationToIdp(UriInfo ui, String realm, Application application)
{
         Idp idp = idpDAO.getIdp(realm, Arrays.asList("all"));
-        if (idp.getApplications().contains(application.getRealm())) {
-            LOG.warn("Application '" + application.getRealm() + "' already added");
-            throw new WebApplicationException(Status.CONFLICT);
+        for (Application idpApplication : idp.getApplications()) {
+            if (idpApplication.getRealm() != null && idpApplication.getRealm().equals(application.getRealm()))
{
+                LOG.warn("Application '" + application.getRealm() + "' already added");
+                throw new WebApplicationException(Status.CONFLICT);
+            }
         }
         Application application2 = applicationDAO.getApplication(application.getRealm(),
null);
         idpDAO.addApplicationToIdp(idp, application2);
@@ -165,9 +167,11 @@ public class IdpServiceImpl implements IdpService {
     @Override
     public Response addTrustedIdpToIdp(UriInfo ui, String realm, TrustedIdp trustedIdp) {
         Idp idp = idpDAO.getIdp(realm, Arrays.asList("all"));
-        if (idp.getTrustedIdps().contains(trustedIdp.getRealm())) {
-            LOG.warn("Trusted IDP '" + trustedIdp.getRealm() + "' already added");
-            throw new WebApplicationException(Status.CONFLICT);
+        for (TrustedIdp idpTrustedIdp : idp.getTrustedIdps()) {
+            if (idpTrustedIdp.getRealm() != null && idpTrustedIdp.getRealm().equals(trustedIdp.getRealm()))
{
+                LOG.warn("Trusted IDP '" + trustedIdp.getRealm() + "' already added");
+                throw new WebApplicationException(Status.CONFLICT);
+            }
         }
         TrustedIdp trustedIpd2 = trustedIdpDAO.getTrustedIDP(trustedIdp.getRealm());
         
@@ -199,9 +203,12 @@ public class IdpServiceImpl implements IdpService {
     @Override
     public Response addClaimToIdp(UriInfo ui, String realm, Claim claim) {
         Idp idp = idpDAO.getIdp(realm, Arrays.asList("all"));
-        if (idp.getClaimTypesOffered().contains(claim.getClaimType().toString())) {
-            LOG.warn("Claim '" + claim.getClaimType() + "' already added");
-            throw new WebApplicationException(Status.CONFLICT);
+        for (Claim idpClaim : idp.getClaimTypesOffered()) {
+            if (idpClaim.getClaimType() != null 
+                && idpClaim.getClaimType().toString().equals(claim.getClaimType().toString()))
{
+                LOG.warn("Claim '" + claim.getClaimType() + "' already added");
+                throw new WebApplicationException(Status.CONFLICT);
+            }
         }
         Claim claim2 = claimDAO.getClaim(claim.getClaimType().toString());
         idpDAO.addClaimToIdp(idp, claim2);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/467382b8/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
index 7494366..194404b 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
@@ -98,7 +98,8 @@
     </action-state>
     
     <action-state id="validateWReply">
-        <evaluate expression="passiveRequestorValidator.isValid(flowRequestContext, flowScope.wreply,
flowScope.wtrealm)"/>
+        <evaluate expression="commonsURLValidator.isValid(flowRequestContext, flowScope.wreply)
+                              and passiveRequestorValidator.isValid(flowRequestContext, flowScope.wreply,
flowScope.wtrealm)"/>
         <transition on="yes" to="requestRpToken" />
         <transition on="no" to="viewBadRequest" />
     </action-state>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/467382b8/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
index 2964176..35ce933 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
@@ -41,7 +41,7 @@
             <set name="flowScope.idpConfig" value="config.getIDP(fedizEntryPoint.getRealm())"
/>
         </on-entry>
         <if test="requestParameters.wa == 'wsignout1.0' or requestParameters.wa == 'wsignoutcleanup1.0'"
-            then="selectSignOutProcess" />
+            then="validateWReplyForSignout" />
         <if test="requestParameters.wa == 'wsignin1.0'" then="selectWsFedProcess" />
         <if test="requestParameters.SAMLResponse != null" then="selectSAMLProcess"
             else="selectOIDCAuthorizationCodeFlowProcess"
@@ -68,6 +68,12 @@
         <if test="requestParameters.state == null or requestParameters.state.length()
== 0"
             then="viewBadRequest" else="signinResponse" />
     </decision-state>
+    
+    <action-state id="validateWReplyForSignout">
+        <evaluate expression="commonsURLValidator.isValid(flowRequestContext, flowScope.wreply)"/>
+        <transition on="yes" to="selectSignOutProcess" />
+        <transition on="no" to="viewBadRequest" />
+    </action-state>
 	
     <decision-state id="selectSignOutProcess">
         <if test="requestParameters.wa == 'wsignout1.0' and flowScope.idpConfig.rpSingleSignOutConfirmation
== true

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/467382b8/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
index 6382a48..446aa8e 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
@@ -102,7 +102,8 @@
     </action-state>
     
     <action-state id="validateWReply">
-        <evaluate expression="passiveRequestorValidator.isValid(flowRequestContext, flowScope.consumerURL,
flowScope.realm)"/>
+        <evaluate expression="commonsURLValidator.isValid(flowRequestContext, flowScope.wreply)
+                              and passiveRequestorValidator.isValid(flowRequestContext, flowScope.consumerURL,
flowScope.realm)"/>
         <transition on="yes" to="requestRpToken" />
         <transition on="no" to="viewBadRequest" />
     </action-state>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/467382b8/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
index d82a309..cbebdb4 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
@@ -447,7 +447,7 @@ public class ClientRegistrationService {
 
         @Override
         public int compare(ServerAccessToken t1, ServerAccessToken t2) {
-            return Long.valueOf(t1.getIssuedAt()).compareTo(t2.getIssuedAt());
+            return Long.compare(t1.getIssuedAt(), t2.getIssuedAt());
         }
         
     }
@@ -455,7 +455,7 @@ public class ClientRegistrationService {
 
         @Override
         public int compare(ServerAuthorizationCodeGrant g1, ServerAuthorizationCodeGrant
g2) {
-            return Long.valueOf(g1.getIssuedAt()).compareTo(g2.getIssuedAt());
+            return Long.compare(g1.getIssuedAt(), g2.getIssuedAt());
         }
         
     }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/467382b8/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/FileClaimsHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/FileClaimsHandler.java
b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/FileClaimsHandler.java
index e6ca110..bfe0b97 100644
--- a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/FileClaimsHandler.java
+++ b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/FileClaimsHandler.java
@@ -76,7 +76,7 @@ public class FileClaimsHandler implements ClaimsHandler {
             return new ProcessedClaimCollection();
         }
 
-        if (claims != null && claims.size() > 0) {
+        if (claims.size() > 0) {
             ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
             for (Claim requestClaim : claims) { 
                 String claimValue = claimMap.get(requestClaim.getClaimType().toString());

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/467382b8/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmFileClaimsHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmFileClaimsHandler.java
b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmFileClaimsHandler.java
index 1088811..fefc343 100644
--- a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmFileClaimsHandler.java
+++ b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmFileClaimsHandler.java
@@ -97,7 +97,7 @@ public class RealmFileClaimsHandler implements ClaimsHandler {
         }
         LOG.fine("Claims found for principal '" + parameters.getPrincipal().getName() + "'");
 
-        if (claims != null && claims.size() > 0) {
+        if (claims.size() > 0) {
             ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
             for (Claim requestClaim : claims) { 
                 String claimValue = claimMap.get(requestClaim.getClaimType().toString());


Mime
View raw message