Author: coheigea
Date: Thu Oct 11 15:56:41 2012
New Revision: 1397129
URL: http://svn.apache.org/viewvc?rev=1397129&view=rev
Log:
Merged revisions 1397127 via git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1397127 | coheigea | 2012-10-11 16:54:53 +0100 (Thu, 11 Oct 2012) | 2 lines
[CXF-4556] - JAX-RS SAML TLS HolderOfKey check does not work
........
Modified:
cxf/branches/2.6.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
Modified:
cxf/branches/2.6.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java?rev=1397129&r1=1397128&r2=1397129&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
(original)
+++
cxf/branches/2.6.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
Thu Oct 11 15:56:41 2012
@@ -216,9 +216,6 @@ public abstract class AbstractSamlInHand
for (String confirmationMethod : confirmationMethods) {
if (OpenSAMLUtil.isMethodHolderOfKey(confirmationMethod)) {
XMLSignature sig = message.getContent(XMLSignature.class);
- if (tlsCerts == null || sig == null) {
- return false;
- }
SAMLKeyInfo subjectKeyInfo =
assertionWrapper.getSubjectKeyInfo();
if (!compareCredentials(subjectKeyInfo, sig, tlsCerts)) {
return false;
@@ -255,6 +252,10 @@ public abstract class AbstractSamlInHand
return true;
}
+ if (sig == null) {
+ return false;
+ }
+
//
// Now try the message-level signatures
//
