ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Shipman (JIRA)" <j...@apache.org>
Subject [jira] [Created] (WSS-603) Improper date check in SamlAssertionWrapper.checkIssueInstant
Date Wed, 22 Mar 2017 15:13:41 GMT
John Shipman created WSS-603:
--------------------------------

             Summary: Improper date check in SamlAssertionWrapper.checkIssueInstant
                 Key: WSS-603
                 URL: https://issues.apache.org/jira/browse/WSS-603
             Project: WSS4J
          Issue Type: Bug
          Components: WSS4J Core
    Affects Versions: 2.1.8
            Reporter: John Shipman
            Assignee: Colm O hEigeartaigh
            Priority: Blocker


On line 574, the code is supposed to be calculating the SAML Assertions expiration.  The code
is calculating the lower bound on the time window, but is not properly storing the calculated
DateTime.  So rather than checking the Issue, and is effectively checking to see if the issue
date is after the current time, which is never the case.

The code reads:
   currentTime.minusSeconds(ttl);
The code should read:
   currentTime = currentTime.minusSeconds(ttl);




--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message