Some minor changes to the SAML Grant Handler
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/203dd29b Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/203dd29b Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/203dd29b Branch: refs/heads/3.0.x-fixes Commit: 203dd29bac42b738480bbc3991c8c9cf8c26d2ed Parents: b7ba15d Author: Colm O hEigeartaigh <[email protected]> Authored: Mon Nov 30 12:57:18 2015 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Mon Nov 30 13:03:13 2015 +0000 ---------------------------------------------------------------------- .../grants/saml/Saml2BearerGrantHandler.java | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/203dd29b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java index 3be0905..3ac98f7 100644 --- a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java @@ -38,7 +38,6 @@ import org.apache.cxf.common.util.Base64Exception; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.jaxrs.utils.HttpUtils; import org.apache.cxf.message.Message; -import org.apache.cxf.message.MessageUtils; import org.apache.cxf.phase.PhaseInterceptorChain; import org.apache.cxf.rs.security.common.CryptoLoader; import org.apache.cxf.rs.security.common.SecurityUtils; @@ -64,7 +63,6 @@ import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.dom.WSDocInfo; import org.apache.wss4j.dom.WSSConfig; import org.apache.wss4j.dom.handler.RequestData; -import org.apache.wss4j.dom.handler.WSHandlerConstants; import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor; import org.apache.wss4j.dom.validate.Credential; import org.apache.wss4j.dom.validate.SamlAssertionValidator; @@ -186,8 +184,15 @@ public class Saml2BearerGrantHandler extends AbstractGrantHandler { } catch (IOException ex) { throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); } - data.setEnableRevocation(MessageUtils.isTrue( - message.getContextualProperty(WSHandlerConstants.ENABLE_REVOCATION))); + + boolean enableRevocation = false; + String enableRevocationStr = + (String)org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue( + SecurityConstants.ENABLE_REVOCATION, message); + if (enableRevocationStr != null) { + enableRevocation = Boolean.parseBoolean(enableRevocationStr); + } + data.setEnableRevocation(enableRevocation); Signature sig = assertion.getSignature(); WSDocInfo docInfo = new WSDocInfo(sig.getDOM().getOwnerDocument()); @@ -199,7 +204,10 @@ public class Saml2BearerGrantHandler extends AbstractGrantHandler { data.getSigVerCrypto() ); assertion.verifySignature(samlKeyInfo); - + assertion.parseSubject( + new WSSSAMLKeyInfoProcessor(data, null), data.getSigVerCrypto(), + data.getCallbackHandler() + ); } else if (getTLSCertificates(message) == null) { throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); }
