(ws-wss4j) branch coheigea/saml-refactor-new updated: Simplified SAML Token Validator

Fri, 08 Aug 2025 03:13:15 -0700 

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch coheigea/saml-refactor-new
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git


The following commit(s) were added to refs/heads/coheigea/saml-refactor-new by 
this push:
     new 13b6a7141 Simplified SAML Token Validator
13b6a7141 is described below

commit 13b6a7141c1c6535f5267b75d88c1011dfe4a159
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Fri Aug 8 10:27:09 2025 +0100

    Simplified SAML Token Validator
---
 ws-security-stax/pom.xml                                    | 13 +++++++------
 .../stax/impl/processor/input/SAMLTokenInputHandler.java    |  6 +++++-
 .../org/apache/wss4j/stax/validate/SamlTokenValidator.java  |  3 ++-
 .../apache/wss4j/stax/validate/SamlTokenValidatorImpl.java  |  2 +-
 4 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/ws-security-stax/pom.xml b/ws-security-stax/pom.xml
index da189b183..0de594527 100644
--- a/ws-security-stax/pom.xml
+++ b/ws-security-stax/pom.xml
@@ -53,12 +53,6 @@
             <version>${project.version}</version>
             <scope>compile</scope>
         </dependency>
-        <dependency>
-            <groupId>org.apache.wss4j</groupId>
-            <artifactId>wss4j-ws-security-dom-saml</artifactId>
-            <version>${project.version}</version>
-            <scope>compile</scope>
-        </dependency>
         <dependency>
             <groupId>org.ehcache</groupId>
             <artifactId>ehcache</artifactId>
@@ -72,12 +66,19 @@
             <scope>test</scope>
         </dependency>
         <!-- TODO remove when tests move to SAML module -->
+        <dependency>
+            <groupId>org.apache.wss4j</groupId>
+            <artifactId>wss4j-ws-security-dom-saml</artifactId>
+            <version>${project.version}</version>
+            <scope>compile</scope>
+        </dependency>
         <dependency>
             <groupId>org.apache.wss4j</groupId>
             <artifactId>wss4j-ws-security-stax-saml</artifactId>
             <version>${project.version}</version>
             <scope>test</scope>
         </dependency>
+        <!-- to here -->
         <dependency>
             <groupId>org.apache.wss4j</groupId>
             <artifactId>wss4j-ws-security-common</artifactId>
diff --git 
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
 
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
index e0d1a54a6..0875a9151 100644
--- 
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
+++ 
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
@@ -134,7 +134,11 @@ public class SAMLTokenInputHandler extends 
AbstractInputSecurityHeaderHandler {
                 throw new 
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, 
"noKeyInSAMLToken");
             }
 
-            samlTokenValidator.validate(sigSecurityToken, 
wssSecurityProperties);
+            try {
+                sigSecurityToken.verify();
+            } catch (XMLSecurityException e) {
+                throw new 
WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION, e);
+            }
 
             BasicCredential credential = null;
             if (sigSecurityToken.getX509Certificates() != null) {
diff --git 
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidator.java
 
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidator.java
index 3c037fd1b..65891dce3 100644
--- 
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidator.java
+++ 
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidator.java
@@ -21,9 +21,10 @@ package org.apache.wss4j.stax.validate;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.dom.saml.SamlAssertionWrapper;
 import org.apache.wss4j.api.stax.securityToken.SamlSecurityToken;
+import org.apache.wss4j.api.stax.validate.Validator;
 import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
 
-public interface SamlTokenValidator extends SignatureTokenValidator {
+public interface SamlTokenValidator extends Validator {
 
     <T extends SamlSecurityToken & InboundSecurityToken> T validate(
             SamlAssertionWrapper samlAssertionWrapper, InboundSecurityToken 
subjectSecurityToken,
diff --git 
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java
 
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java
index b5cfce3e5..af2f939bf 100644
--- 
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java
+++ 
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java
@@ -34,7 +34,7 @@ import 
org.apache.wss4j.api.stax.securityToken.WSSecurityTokenConstants;
 import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
 import org.opensaml.saml.common.SAMLVersion;
 
-public class SamlTokenValidatorImpl extends SignatureTokenValidatorImpl 
implements SamlTokenValidator {
+public class SamlTokenValidatorImpl implements SamlTokenValidator {
 
     private static final transient org.slf4j.Logger LOG =
         org.slf4j.LoggerFactory.getLogger(SamlTokenValidatorImpl.class);

Reply via email to