svn commit: r1397154 - /cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java

Thu, 11 Oct 2012 09:39:30 -0700 

Author: coheigea
Date: Thu Oct 11 16:38:42 2012
New Revision: 1397154

URL: http://svn.apache.org/viewvc?rev=1397154&view=rev
Log:
Merged revisions 1397129 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/branches/2.6.x-fixes

........
  r1397129 | coheigea | 2012-10-11 16:56:41 +0100 (Thu, 11 Oct 2012) | 10 lines

  Merged revisions 1397127 via  git cherry-pick from
  https://svn.apache.org/repos/asf/cxf/trunk

  ........
    r1397127 | coheigea | 2012-10-11 16:54:53 +0100 (Thu, 11 Oct 2012) | 2 lines

    [CXF-4556] - JAX-RS SAML TLS HolderOfKey check does not work

  ........

........

Modified:
    
cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java

Modified: 
cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
URL: 
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java?rev=1397154&r1=1397153&r2=1397154&view=diff
==============================================================================
--- 
cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
 (original)
+++ 
cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
 Thu Oct 11 16:38:42 2012
@@ -216,9 +216,6 @@ public abstract class AbstractSamlInHand
         for (String confirmationMethod : confirmationMethods) {
             if (OpenSAMLUtil.isMethodHolderOfKey(confirmationMethod)) {
                 XMLSignature sig = message.getContent(XMLSignature.class);
-                if (tlsCerts == null || sig == null) {
-                    return false;
-                }
                 SAMLKeyInfo subjectKeyInfo = 
assertionWrapper.getSubjectKeyInfo();
                 if (!compareCredentials(subjectKeyInfo, sig, tlsCerts)) {
                     return false;
@@ -255,6 +252,10 @@ public abstract class AbstractSamlInHand
             return true;
         }
         
+        if (sig == null) {
+            return false;
+        }
+        
         //
         // Now try the message-level signatures
         //

Reply via email to