Repository: cxf Updated Branches: refs/heads/3.1.x-fixes cdee5469e -> d84c16c9b
Instantiate the SAML Response signature validator directly Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d84c16c9 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d84c16c9 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d84c16c9 Branch: refs/heads/3.1.x-fixes Commit: d84c16c9bac47eec057f0d0f038a26b43bc8d603 Parents: cdee546 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Wed Jul 5 11:31:07 2017 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Wed Jul 5 11:32:50 2017 +0100 ---------------------------------------------------------------------- .../rs/security/saml/sso/SAMLProtocolResponseValidator.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/d84c16c9/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java index 590ed64..9a3df86 100644 --- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java +++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java @@ -65,7 +65,8 @@ import org.opensaml.xmlsec.encryption.EncryptedData; import org.opensaml.xmlsec.signature.KeyInfo; import org.opensaml.xmlsec.signature.Signature; import org.opensaml.xmlsec.signature.support.SignatureException; -import org.opensaml.xmlsec.signature.support.SignatureValidator; +import org.opensaml.xmlsec.signature.support.SignatureValidationProvider; +import org.opensaml.xmlsec.signature.support.provider.ApacheSantuarioSignatureValidationProviderImpl; /** * Validate a SAML (1.1 or 2.0) Protocol Response. It validates the Response against the specs, @@ -336,7 +337,9 @@ public class SAMLProtocolResponseValidator { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } try { - SignatureValidator.validate(signature, credential); + SignatureValidationProvider responseSignatureValidator = + new ApacheSantuarioSignatureValidationProviderImpl(); + responseSignatureValidator.validate(signature, credential); } catch (SignatureException ex) { LOG.log(Level.FINE, "Error in validating the SAML Signature: " + ex.getMessage(), ex); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");