buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/504 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/496 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/495 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
[4/4] cxf git commit: Recording .gitmergeinfo Changes
Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a7000505 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a7000505 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a7000505 Branch: refs/heads/2.7.x-fixes Commit: a70005059c9cc1c2b45af319434f49ddde4b7cf3 Parents: 08611f8 Author: Colm O hEigeartaigh Authored: Mon Jul 20 22:21:14 2015 +0100 Committer: Colm O hEigeartaigh Committed: Mon Jul 20 22:21:14 2015 +0100 -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/a7000505/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 71955b3..33b95fd 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -715,6 +715,7 @@ B 4e8f85d8d98b578b799d8a9b568fb78d53b419e8 B 4ea14212ce5c077e1af9e20f2f90c672617d59d7 B 4ea7db88c0894904f8b904d4049753be4ebec068 B 4eb021814b076ac152c6ae4d8f6ac5ca56b6b0ee +B 4eb8d15a2a2658fe7255fdbedb1e2d7ffb53366e B 4f308df6b936bb0076c33062f0de3a8cc53eaa18 B 4ff319c6e46e9570003632fe96908ebd03ee9768 B 5000b9dd5e3396e491f08dac8cd947757fd77ca4
[2/4] cxf git commit: Recording .gitmergeinfo Changes
Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8e5a728c Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8e5a728c Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8e5a728c Branch: refs/heads/2.7.x-fixes Commit: 8e5a728ca185f9c7b272dcc6be3ec70f0b4082f8 Parents: b9bf76c Author: Colm O hEigeartaigh Authored: Mon Jul 20 21:45:10 2015 +0100 Committer: Colm O hEigeartaigh Committed: Mon Jul 20 21:45:10 2015 +0100 -- .gitmergeinfo | 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/8e5a728c/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 2cf7090..71955b3 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -1469,6 +1469,7 @@ B a683fc8f6e9466b2fdc32e2c39bda25a222d682a B a6939efe5a5858468f8348132cf84b6cae4a3a03 B a6bb6636d201878e35c49f728af5b67916a0b805 B a6d2a8a38043255156812b9546be1ac92d3106f3 +B a6e28de77a6770ffac02e698e1844aa3cdd876a4 B a7208b67404980b653dd00ee7a6ed30a8b62ee83 B a72f421b25cc491be2b586ef41a7d15980407a58 B a751c55ea21bb7ffb33b0b9e77d0bb01ac99d810 @@ -2315,6 +2316,7 @@ M 1a0c4aad7f0360c30539e49a98eb4f16fa554512 M 1a4b7cfd929bdfd1c53feef8099c1a67a24afeff M 1a96465f1f599d96e6ea74aa1477a39152b42879 M 1ab9f70d4112432482f7030ea43b3870d524bd0d +M 1b3101542c14b6c761a83d39547d79fa732e9603 M 1bec032480a2dbe6c2ba7b6c4c8d2b99d1fad257 M 1c218c8f21311db0c9e77ca401ddbe339f18dc06 M 1c8cbd98259ac6a6d45e2ba58945d100bffa8d83
[3/4] cxf git commit: Fixing backmerge
Fixing backmerge
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/08611f8a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/08611f8a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/08611f8a
Branch: refs/heads/2.7.x-fixes
Commit: 08611f8a12985d5a82ff6827f62212f32a840601
Parents: 8e5a728
Author: Colm O hEigeartaigh
Authored: Mon Jul 20 21:53:23 2015 +0100
Committer: Colm O hEigeartaigh
Committed: Mon Jul 20 21:53:23 2015 +0100
--
.../security/SAMLSecurityContext.java | 15 ++-
.../rt/security/saml/SAMLSecurityContext.java | 113 ---
2 files changed, 12 insertions(+), 116 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/08611f8a/rt/core/src/main/java/org/apache/cxf/interceptor/security/SAMLSecurityContext.java
--
diff --git
a/rt/core/src/main/java/org/apache/cxf/interceptor/security/SAMLSecurityContext.java
b/rt/core/src/main/java/org/apache/cxf/interceptor/security/SAMLSecurityContext.java
index a8e0709..2560fed 100644
---
a/rt/core/src/main/java/org/apache/cxf/interceptor/security/SAMLSecurityContext.java
+++
b/rt/core/src/main/java/org/apache/cxf/interceptor/security/SAMLSecurityContext.java
@@ -19,6 +19,8 @@
package org.apache.cxf.interceptor.security;
import java.security.Principal;
+import java.util.Collections;
+import java.util.HashSet;
import java.util.Set;
import org.w3c.dom.Element;
@@ -33,7 +35,7 @@ public class SAMLSecurityContext implements
LoginSecurityContext {
private String issuer;
public SAMLSecurityContext(Principal principal) {
-this.principal = principal;
+this(principal, null);
}
public SAMLSecurityContext(
@@ -53,7 +55,7 @@ public class SAMLSecurityContext implements
LoginSecurityContext {
return false;
}
for (Principal principalRole : roles) {
-if (principalRole.getName().equals(role)) {
+if (principalRole != principal &&
principalRole.getName().equals(role)) {
return true;
}
}
@@ -69,7 +71,14 @@ public class SAMLSecurityContext implements
LoginSecurityContext {
}
public Set getUserRoles() {
-return roles;
+if (roles == null) {
+return Collections.emptySet();
+}
+Set retRoles = new HashSet(roles);
+if (principal != null && retRoles.contains(principal)) {
+retRoles.remove(principal);
+}
+return retRoles;
}
public void setAssertionElement(Element assertionElement) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/08611f8a/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java
--
diff --git
a/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java
b/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java
deleted file mode 100644
index 2784a18..000
---
a/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java
+++ /dev/null
@@ -1,113 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rt.security.saml;
-
-import java.security.Principal;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.w3c.dom.Element;
-import org.apache.cxf.rt.security.claims.ClaimCollection;
-import org.apache.cxf.rt.security.claims.ClaimsSecurityContext;
-
-public class SAMLSecurityContext implements ClaimsSecurityContext {
-
-private final Principal principal;
-private Set roles;
-private Element assertionElement;
-private String issuer;
-private ClaimCollection claims;
-
-public SAMLSecurityContext(Principal principal) {
-this(principal, null);
-}
-
-public SAMLSecurityContext(
-Principal principal,
-Set roles
-) {
-this(principal, r
[1/4] cxf git commit: Enforce stronger constraints on role names for SAML
Repository: cxf
Updated Branches:
refs/heads/2.7.x-fixes 70bf6e3f8 -> a70005059
Enforce stronger constraints on role names for SAML
Conflicts:
rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b9bf76cd
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b9bf76cd
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b9bf76cd
Branch: refs/heads/2.7.x-fixes
Commit: b9bf76cd6c1aae1446774c22f135b60f27c6029e
Parents: 70bf6e3
Author: Colm O hEigeartaigh
Authored: Mon Jul 20 19:56:04 2015 +0100
Committer: Colm O hEigeartaigh
Committed: Mon Jul 20 21:45:08 2015 +0100
--
.../rt/security/saml/SAMLSecurityContext.java | 113 +++
.../AbstractXACMLAuthorizingInterceptor.java| 6 +-
2 files changed, 118 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/b9bf76cd/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java
--
diff --git
a/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java
b/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java
new file mode 100644
index 000..2784a18
--- /dev/null
+++
b/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java
@@ -0,0 +1,113 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rt.security.saml;
+
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.w3c.dom.Element;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
+import org.apache.cxf.rt.security.claims.ClaimsSecurityContext;
+
+public class SAMLSecurityContext implements ClaimsSecurityContext {
+
+private final Principal principal;
+private Set roles;
+private Element assertionElement;
+private String issuer;
+private ClaimCollection claims;
+
+public SAMLSecurityContext(Principal principal) {
+this(principal, null);
+}
+
+public SAMLSecurityContext(
+Principal principal,
+Set roles
+) {
+this(principal, roles, null);
+}
+
+public SAMLSecurityContext(
+Principal principal,
+Set roles,
+ClaimCollection claims
+) {
+this.principal = principal;
+this.roles = roles;
+this.claims = claims;
+}
+
+public ClaimCollection getClaims() {
+return claims;
+}
+
+public Principal getUserPrincipal() {
+return principal;
+}
+
+public boolean isUserInRole(String role) {
+if (roles == null) {
+return false;
+}
+for (Principal principalRole : roles) {
+if (principalRole != principal &&
principalRole.getName().equals(role)) {
+return true;
+}
+}
+return false;
+}
+
+public javax.security.auth.Subject getSubject() {
+return null;
+}
+
+public void setUserRoles(Set userRoles) {
+this.roles = userRoles;
+}
+
+public Set getUserRoles() {
+if (roles == null) {
+return Collections.emptySet();
+}
+Set retRoles = new HashSet(roles);
+if (principal != null && retRoles.contains(principal)) {
+retRoles.remove(principal);
+}
+return retRoles;
+}
+
+public void setAssertionElement(Element assertionElement) {
+this.assertionElement = assertionElement;
+}
+
+public Element getAssertionElement() {
+return assertionElement;
+}
+
+public void setIssuer(String issuer) {
+this.issuer = issuer;
+}
+
+public String getIssuer() {
+return issuer;
+}
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/b9bf76cd/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAutho
[3/3] cxf git commit: Build fix
Build fix Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4eb8d15a Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4eb8d15a Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4eb8d15a Branch: refs/heads/3.0.x-fixes Commit: 4eb8d15a2a2658fe7255fdbedb1e2d7ffb53366e Parents: a6e28de Author: Colm O hEigeartaigh Authored: Mon Jul 20 21:44:32 2015 +0100 Committer: Colm O hEigeartaigh Committed: Mon Jul 20 21:44:32 2015 +0100 -- .../java/org/apache/cxf/sts/token/validator/X509TokenValidator.java | 1 - 1 file changed, 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/4eb8d15a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java -- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java index 1cf2ee7..8f2224e 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java @@ -29,7 +29,6 @@ import javax.security.auth.callback.CallbackHandler; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; -import org.w3c.dom.Text; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.helpers.DOMUtils;
[1/3] cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes af03a164f -> 4eb8d15a2 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a6e28de7 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a6e28de7 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a6e28de7 Branch: refs/heads/3.0.x-fixes Commit: a6e28de77a6770ffac02e698e1844aa3cdd876a4 Parents: 1b31015 Author: Colm O hEigeartaigh Authored: Mon Jul 20 20:49:45 2015 +0100 Committer: Colm O hEigeartaigh Committed: Mon Jul 20 20:49:45 2015 +0100 -- .gitmergeinfo | 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/a6e28de7/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index b31d9d2..49ddda8 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -325,6 +325,7 @@ B d9f624e2eca8affa20243583ace087a8cbba3ac8 B da4ccb008fcad909025cab0a00c56c00728c195b B db18a965fb238b8515ab74eb63d13c863c279476 B db51e1a99ab886f179c677579ba798b450069287 +B dd8025a1695ac207e8b28e3cff38bb7df6369361 B de88ed19bd937440fa891a852582a2d9ea971e3b B df947cb1ca2b9e375f99e199ec65b1afece1c963 B dfecaa60ea6082fda8f2959c083ba2f2f7a03112 @@ -500,6 +501,7 @@ M a088c793efd923a52f68044b02221f8b47569ef9 M a2c4be5e99472fc23b1740fc594e5d4c64961ca4 M a3bf2a80bafa95ec2ccdd2b28ead26c13866acd7 M a5b1c33534d83b4d0696263439d0d1a906b1afe6 +M a614b75389c2758d6d27e598b679ba013bcb72f0 M a64265c29be124e9bffb46eb35a68b3504860c3a M a64ded455c40169665e438ae7a25f17bd4f8047a M a79158c70fb2c8cedf109e78eeec32691a32e306
[2/3] cxf git commit: Enforce stronger constraints on role names for SAML
Enforce stronger constraints on role names for SAML
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1b310154
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1b310154
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1b310154
Branch: refs/heads/3.0.x-fixes
Commit: 1b3101542c14b6c761a83d39547d79fa732e9603
Parents: af03a16
Author: Colm O hEigeartaigh
Authored: Mon Jul 20 19:56:04 2015 +0100
Committer: Colm O hEigeartaigh
Committed: Mon Jul 20 20:49:45 2015 +0100
--
.../cxf/rt/security/saml/SAMLSecurityContext.java | 13 +++--
.../xacml/AbstractXACMLAuthorizingInterceptor.java | 6 +-
2 files changed, 16 insertions(+), 3 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/1b310154/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java
--
diff --git
a/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java
b/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java
index 4287eb2..2784a18 100644
---
a/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java
+++
b/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java
@@ -19,6 +19,8 @@
package org.apache.cxf.rt.security.saml;
import java.security.Principal;
+import java.util.Collections;
+import java.util.HashSet;
import java.util.Set;
import org.w3c.dom.Element;
@@ -67,7 +69,7 @@ public class SAMLSecurityContext implements
ClaimsSecurityContext {
return false;
}
for (Principal principalRole : roles) {
-if (principalRole.getName().equals(role)) {
+if (principalRole != principal &&
principalRole.getName().equals(role)) {
return true;
}
}
@@ -83,7 +85,14 @@ public class SAMLSecurityContext implements
ClaimsSecurityContext {
}
public Set getUserRoles() {
-return roles;
+if (roles == null) {
+return Collections.emptySet();
+}
+Set retRoles = new HashSet(roles);
+if (principal != null && retRoles.contains(principal)) {
+retRoles.remove(principal);
+}
+return retRoles;
}
public void setAssertionElement(Element assertionElement) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/1b310154/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
--
diff --git
a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
index 51e45cd..f7a8697 100644
---
a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
+++
b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
@@ -74,13 +74,17 @@ public abstract class AbstractXACMLAuthorizingInterceptor
extends AbstractPhaseI
if (sc instanceof LoginSecurityContext) {
Principal principal = sc.getUserPrincipal();
+String principalName = null;
+if (principal != null) {
+principalName = principal.getName();
+}
LoginSecurityContext loginSecurityContext =
(LoginSecurityContext)sc;
Set principalRoles =
loginSecurityContext.getUserRoles();
List roles = new ArrayList();
if (principalRoles != null) {
for (Principal p : principalRoles) {
-if (p != principal) {
+if (p != null && p.getName() != null &&
!p.getName().equals(principalName)) {
roles.add(p.getName());
}
}
cxf git commit: Enforce stronger constraints on role names for SAML
Repository: cxf
Updated Branches:
refs/heads/master dd8025a16 -> a614b7538
Enforce stronger constraints on role names for SAML
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a614b753
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a614b753
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a614b753
Branch: refs/heads/master
Commit: a614b75389c2758d6d27e598b679ba013bcb72f0
Parents: dd8025a
Author: Colm O hEigeartaigh
Authored: Mon Jul 20 19:56:04 2015 +0100
Committer: Colm O hEigeartaigh
Committed: Mon Jul 20 19:56:04 2015 +0100
--
.../rt/security/saml/claims/SAMLSecurityContext.java | 13 +++--
.../xacml2/AbstractXACMLAuthorizingInterceptor.java| 6 +-
2 files changed, 16 insertions(+), 3 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/a614b753/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/claims/SAMLSecurityContext.java
--
diff --git
a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/claims/SAMLSecurityContext.java
b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/claims/SAMLSecurityContext.java
index b9b012a..97fee53 100644
---
a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/claims/SAMLSecurityContext.java
+++
b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/claims/SAMLSecurityContext.java
@@ -19,6 +19,8 @@
package org.apache.cxf.rt.security.saml.claims;
import java.security.Principal;
+import java.util.Collections;
+import java.util.HashSet;
import java.util.Set;
import org.w3c.dom.Element;
@@ -67,7 +69,7 @@ public class SAMLSecurityContext implements
ClaimsSecurityContext {
return false;
}
for (Principal principalRole : roles) {
-if (principalRole.getName().equals(role)) {
+if (principalRole != principal &&
principalRole.getName().equals(role)) {
return true;
}
}
@@ -83,7 +85,14 @@ public class SAMLSecurityContext implements
ClaimsSecurityContext {
}
public Set getUserRoles() {
-return roles;
+if (roles == null) {
+return Collections.emptySet();
+}
+Set retRoles = new HashSet(roles);
+if (principal != null && retRoles.contains(principal)) {
+retRoles.remove(principal);
+}
+return retRoles;
}
public void setAssertionElement(Element assertionElement) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/a614b753/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml2/AbstractXACMLAuthorizingInterceptor.java
--
diff --git
a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml2/AbstractXACMLAuthorizingInterceptor.java
b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml2/AbstractXACMLAuthorizingInterceptor.java
index f81f07a..39e611d 100644
---
a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml2/AbstractXACMLAuthorizingInterceptor.java
+++
b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml2/AbstractXACMLAuthorizingInterceptor.java
@@ -67,13 +67,17 @@ public abstract class AbstractXACMLAuthorizingInterceptor
extends AbstractPhaseI
if (sc instanceof LoginSecurityContext) {
Principal principal = sc.getUserPrincipal();
+String principalName = null;
+if (principal != null) {
+principalName = principal.getName();
+}
LoginSecurityContext loginSecurityContext =
(LoginSecurityContext)sc;
Set principalRoles =
loginSecurityContext.getUserRoles();
List roles = new ArrayList<>();
if (principalRoles != null) {
for (Principal p : principalRoles) {
-if (p != principal) {
+if (p != null && p.getName() != null &&
!p.getName().equals(principalName)) {
roles.add(p.getName());
}
}
cxf git commit: Fixing build
Repository: cxf
Updated Branches:
refs/heads/master 903c81fec -> dd8025a16
Fixing build
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/dd8025a1
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/dd8025a1
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/dd8025a1
Branch: refs/heads/master
Commit: dd8025a1695ac207e8b28e3cff38bb7df6369361
Parents: 903c81f
Author: Colm O hEigeartaigh
Authored: Mon Jul 20 19:02:28 2015 +0100
Committer: Colm O hEigeartaigh
Committed: Mon Jul 20 19:02:28 2015 +0100
--
.../rs/security/xml/XmlSecInInterceptor.java| 38 ++--
1 file changed, 19 insertions(+), 19 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/dd8025a1/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
--
diff --git
a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
index d533a36..80f9819 100644
---
a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
+++
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
@@ -241,19 +241,19 @@ public class XmlSecInInterceptor extends
AbstractPhaseInterceptor {
if (XMLSecurityConstants.Enc.equals(event.getAlgorithmUsage())
&& encryptionProperties.getEncryptionSymmetricKeyAlgo() != null
&&
!encryptionProperties.getEncryptionSymmetricKeyAlgo().equals(event.getAlgorithmURI()))
{
-throw new XMLSecurityException("empty", "The symmetric encryption
algorithm "
- + event.getAlgorithmURI() + " is
not allowed");
+throw new XMLSecurityException("empty", new Object[] {"The
symmetric encryption algorithm "
+ + event.getAlgorithmURI() + " is
not allowed"});
} else if
((XMLSecurityConstants.Sym_Key_Wrap.equals(event.getAlgorithmUsage())
||
XMLSecurityConstants.Asym_Key_Wrap.equals(event.getAlgorithmUsage()))
&& encryptionProperties.getEncryptionKeyTransportAlgo() != null
&&
!encryptionProperties.getEncryptionKeyTransportAlgo().equals(event.getAlgorithmURI()))
{
-throw new XMLSecurityException("empty", "The key transport
algorithm "
-+ event.getAlgorithmURI() + " is not allowed");
+throw new XMLSecurityException("empty", new Object[] {"The key
transport algorithm "
++ event.getAlgorithmURI() + " is not allowed"});
} else if
(XMLSecurityConstants.EncDig.equals(event.getAlgorithmUsage())
&& encryptionProperties.getEncryptionDigestAlgo() != null
&&
!encryptionProperties.getEncryptionDigestAlgo().equals(event.getAlgorithmURI()))
{
-throw new XMLSecurityException("empty", "The encryption digest
algorithm "
-+ event.getAlgorithmURI() + " is not allowed");
+throw new XMLSecurityException("empty", new Object[] {"The
encryption digest algorithm "
++ event.getAlgorithmURI() + " is not allowed"});
}
}
@@ -263,24 +263,24 @@ public class XmlSecInInterceptor extends
AbstractPhaseInterceptor {
|| XMLSecurityConstants.Sym_Sig.equals(event.getAlgorithmUsage()))
&& sigProps.getSignatureAlgo() != null
&& !sigProps.getSignatureAlgo().equals(event.getAlgorithmURI())) {
-throw new XMLSecurityException("empty", "The signature algorithm "
- + event.getAlgorithmURI() + " is
not allowed");
+throw new XMLSecurityException("empty", new Object[] {"The
signature algorithm "
+ + event.getAlgorithmURI() + " is
not allowed"});
} else if
(XMLSecurityConstants.SigDig.equals(event.getAlgorithmUsage())
&& sigProps.getSignatureDigestAlgo() != null
&&
!sigProps.getSignatureDigestAlgo().equals(event.getAlgorithmURI())) {
-throw new XMLSecurityException("empty", "The signature digest
algorithm "
-+ event.getAlgorithmURI() + " is not allowed");
+throw new XMLSecurityException("empty", new Object[] {"The
signature digest algorithm "
++ event.getAlgorithmURI() + " is not allowed"});
} else if
(XMLSecurityConstants.SigC14n.equals(event.getAlgorithmUsage())
&& sigProps.getSignatureC14nMethod() != null
&&
!sigProps.getSignatureC14nMethod().equals(event.getAlgorithmURI())) {
-throw new XMLSecurityException("empty", "The s
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/488 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/486 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
