cxf git commit: Fixing JoseSessionTokenProvider, with thanks to Romain

Mon, 16 Jan 2017 03:17:14 -0800 

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 2741e4a4d -> 3d1e4197c


Fixing JoseSessionTokenProvider, with thanks to Romain


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3d1e4197
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3d1e4197
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3d1e4197

Branch: refs/heads/3.1.x-fixes
Commit: 3d1e4197cc73ef8d16b6b21a48fc5f1ceecaeb14
Parents: 2741e4a
Author: Sergey Beryozkin <sberyoz...@gmail.com>
Authored: Mon Jan 16 11:14:27 2017 +0000
Committer: Sergey Beryozkin <sberyoz...@gmail.com>
Committed: Mon Jan 16 11:15:49 2017 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/3d1e4197/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
index edd14a6..5901652 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
@@ -124,7 +124,7 @@ public class JoseSessionTokenProvider implements 
SessionAuthenticityTokenProvide
         String stateString = jwe.decrypt(sessionToken).getContentText();
         JwsSignatureVerifier jws = getInitializedSigVerifier();
         if (jws != null) {
-            stateString = JwsUtils.verify(jws, 
stateString).getUnsignedEncodedSequence();
+            stateString = JwsUtils.verify(jws, 
stateString).getDecodedJwsPayload();
         }
         return stateString;
     }

Reply via email to