svn commit: r1489831 - in /webservices/wss4j/trunk: ws-security-common/pom.xml ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java

Wed, 05 Jun 2013 05:08:07 -0700 

Author: coheigea
Date: Wed Jun  5 12:07:17 2013
New Revision: 1489831

URL: http://svn.apache.org/r1489831
Log:
Adding missing dependency + fixing SAML Subject Confirmation method handling

Modified:
    webservices/wss4j/trunk/ws-security-common/pom.xml
    
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java

Modified: webservices/wss4j/trunk/ws-security-common/pom.xml
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/pom.xml?rev=1489831&r1=1489830&r2=1489831&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/pom.xml (original)
+++ webservices/wss4j/trunk/ws-security-common/pom.xml Wed Jun  5 12:07:17 2013
@@ -231,10 +231,6 @@
                 </exclusion>
                 <exclusion>
                     <groupId>org.apache.directory.server</groupId>
-                    <artifactId>apacheds-i18n</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.apache.directory.server</groupId>
                     <artifactId>apacheds-core-jndi</artifactId>
                 </exclusion>
                 <exclusion>

Modified: 
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java?rev=1489831&r1=1489830&r2=1489831&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
 (original)
+++ 
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
 Wed Jun  5 12:07:17 2013
@@ -614,6 +614,7 @@ public class SAMLTokenInputHandler exten
                 InputProcessorChain inputProcessorChain, SamlAssertionWrapper 
samlAssertionWrapper,
                 InboundSecurityToken subjectSecurityToken) throws 
WSSecurityException {
 
+            boolean methodNotSatisfied = false;
             try {
                 SecurityToken httpsSecurityToken = 
getHttpsSecurityToken(inputProcessorChain);
 
@@ -684,6 +685,7 @@ public class SAMLTokenInputHandler exten
                                 }
                             }
                         }
+                        methodNotSatisfied = true;
                     } else if 
(OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)) {
                         /**
                          * Check the sender-vouches requirements against the 
received assertion. The SAML
@@ -714,13 +716,16 @@ public class SAMLTokenInputHandler exten
                                         
samlTokenSignedElementSecurityEvent.getSecurityToken()) {
                             return;
                         }
+                        methodNotSatisfied = true;
                     }
                 }
             } catch (XMLSecurityException e) {
                 throw new 
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
             }
-            throw new 
WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION,
+            if (methodNotSatisfied) {
+                throw new 
WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION,
                     "empty", "SAML proof-of-possession of the private/secret 
key failed");
+            }
         }
 
         private SecurityToken getHttpsSecurityToken(InputProcessorChain 
inputProcessorChain) throws XMLSecurityException {

Reply via email to