Author: coheigea
Date: Thu Oct 11 15:54:53 2012
New Revision: 1397127
URL: http://svn.apache.org/viewvc?rev=1397127&view=rev
Log:
[CXF-4556] - JAX-RS SAML TLS HolderOfKey check does not work
Modified:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
Modified:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java?rev=1397127&r1=1397126&r2=1397127&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
(original)
+++
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
Thu Oct 11 15:54:53 2012
@@ -216,9 +216,6 @@ public abstract class AbstractSamlInHand
for (String confirmationMethod : confirmationMethods) {
if (OpenSAMLUtil.isMethodHolderOfKey(confirmationMethod)) {
XMLSignature sig = message.getContent(XMLSignature.class);
- if (tlsCerts == null || sig == null) {
- return false;
- }
SAMLKeyInfo subjectKeyInfo =
assertionWrapper.getSubjectKeyInfo();
if (!compareCredentials(subjectKeyInfo, sig, tlsCerts)) {
return false;
@@ -255,6 +252,10 @@ public abstract class AbstractSamlInHand
return true;
}
+ if (sig == null) {
+ return false;
+ }
+
//
// Now try the message-level signatures
//
