Repository: cxf Updated Branches: refs/heads/master 417d93849 -> 60bad6d65
Fixing problem with IssuedToken policy validation Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/60bad6d6 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/60bad6d6 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/60bad6d6 Branch: refs/heads/master Commit: 60bad6d65fa8ef8b51f72304430cdbde478dd9f0 Parents: 417d938 Author: Colm O hEigeartaigh <[email protected]> Authored: Thu Jun 26 15:01:54 2014 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Thu Jun 26 15:01:54 2014 +0100 ---------------------------------------------------------------------- .../interceptors/IssuedTokenInterceptorProvider.java | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/60bad6d6/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java index c08a078..7f9fd85 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java @@ -558,9 +558,6 @@ public class IssuedTokenInterceptorProvider extends AbstractPolicyInterceptorPro return; } - for (AssertionInfo ai : ais) { - ai.setAsserted(true); - } IssuedToken itok = (IssuedToken)ais.iterator().next().getAssertion(); assertIssuedToken(itok, aim); @@ -569,7 +566,11 @@ public class IssuedTokenInterceptorProvider extends AbstractPolicyInterceptorPro List<WSHandlerResult> results = CastUtils.cast((List<?>)message.get(WSHandlerConstants.RECV_RESULTS)); if (results != null && results.size() > 0) { - parseHandlerResults(results.get(0), message, aim); + parseHandlerResults(results.get(0), message, ais); + } + } else { + for (AssertionInfo ai : ais) { + ai.setAsserted(true); } } } @@ -578,15 +579,13 @@ public class IssuedTokenInterceptorProvider extends AbstractPolicyInterceptorPro private void parseHandlerResults( WSHandlerResult rResult, Message message, - AssertionInfoMap aim + Collection<AssertionInfo> issuedAis ) { List<WSSecurityEngineResult> signedResults = WSSecurityUtil.fetchAllActionResults(rResult.getResults(), WSConstants.SIGN); IssuedTokenPolicyValidator issuedValidator = new IssuedTokenPolicyValidator(signedResults, message); - Collection<AssertionInfo> issuedAis = - NegotiationUtils.getAllAssertionsByLocalname(aim, SPConstants.ISSUED_TOKEN); for (SamlAssertionWrapper assertionWrapper : findSamlTokenResults(rResult.getResults())) { boolean valid = issuedValidator.validatePolicy(issuedAis, assertionWrapper);
