cxf-fediz git commit: FEDIZ-185 - Make one of passiveRequestorEndpoint or passiveRequestorEndpointConstraint mandatory in the IDP

[coheigea]

Repository: cxf-fediz
Updated Branches:
  refs/heads/1.2.x-fixes f1aef3778 -> 1d5b956ed


FEDIZ-185 - Make one of passiveRequestorEndpoint or 
passiveRequestorEndpointConstraint mandatory in the IDP


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/1d5b956e
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/1d5b956e
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/1d5b956e

Branch: refs/heads/1.2.x-fixes
Commit: 1d5b956edf26f621532c917b19827d7b3ffc72ad
Parents: f1aef37
Author: Colm O hEigeartaigh 
Authored: Tue Dec 20 15:27:28 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 20 16:41:47 2016 +

--
 .../service/idp/beans/STSClientAction.java  |  29 +++--
 .../idp/src/main/resources/entities-realmb.xml  |   1 +
 .../test/resources/realmb/entities-realmb.xml   |   1 +
 .../apache/cxf/fediz/systests/idp/IdpTest.java  | 105 +++
 .../test/resources/realma/entities-realma.xml   |  37 +++
 5 files changed, 162 insertions(+), 11 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1d5b956e/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
--
diff --git 
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
 
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
index ca87991..e99ea43 100644
--- 
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
+++ 
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
@@ -320,20 +320,27 @@ public class STSClientAction {
 throw new ProcessingException(TYPE.BAD_REQUEST);
 }
 
-if (serviceConfig.getCompiledPassiveRequestorEndpointConstraint() == 
null) {
-LOG.warn("No passive requestor endpoint constraint is configured 
for the application. "
- + "This could lead to a malicious redirection attack");
-return;
-}
-
-if (wreply != null) {
-Matcher matcher = 
serviceConfig.getCompiledPassiveRequestorEndpointConstraint().matcher(wreply);
-if (!matcher.matches()) {
-LOG.error("The wreply value of {} does not match any of the 
passive requestor values",
+if (serviceConfig.getPassiveRequestorEndpoint() == null 
+&& serviceConfig.getCompiledPassiveRequestorEndpointConstraint() 
== null) {
+LOG.error("Either the 'passiveRequestorEndpoint' or the 
'passiveRequestorEndpointConstraint' "
++ "configuration values must be specified for the 
application");
+} else if (serviceConfig.getPassiveRequestorEndpoint() != null 
+&& serviceConfig.getPassiveRequestorEndpoint().equals(wreply)) {
+LOG.debug("The supplied endpoint address {} matches the configured 
passive requestor endpoint value", 
   wreply);
-throw new ProcessingException(TYPE.BAD_REQUEST);
+return;
+} else if 
(serviceConfig.getCompiledPassiveRequestorEndpointConstraint() != null) {
+Matcher matcher = 
+
serviceConfig.getCompiledPassiveRequestorEndpointConstraint().matcher(wreply);
+if (matcher.matches()) {
+return;
+} else {
+LOG.error("The endpointAddress value of {} does not match any 
of the passive requestor values",
+  wreply);
 }
 }
+
+throw new ProcessingException(TYPE.BAD_REQUEST);
 }
 
 private String getIdFromToken(String token) throws XMLStreamException {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1d5b956e/services/idp/src/main/resources/entities-realmb.xml
--
diff --git a/services/idp/src/main/resources/entities-realmb.xml 
b/services/idp/src/main/resources/entities-realmb.xml
index 152ff52..0018c37 100644
--- a/services/idp/src/main/resources/entities-realmb.xml
+++ b/services/idp/src/main/resources/entities-realmb.xml
@@ -85,6 +85,7 @@
 
 http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0;
 />
 
+https://localhost:?(\d)*/.*" />
 
 
 http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1d5b956e/systests/federation/wsfed/src/test/resources/realmb/entities-realmb.xml
--
diff --git 
a/systests/federation/wsfed/src/test/resources/realmb/entities-realmb.xml 

[1/2] cxf-fediz git commit: FEDIZ-185 - Make one of passiveRequestorEndpoint or passiveRequestorEndpointConstraint mandatory in the IDP

[coheigea]

Repository: cxf-fediz
Updated Branches:
  refs/heads/1.3.x-fixes aaeea60c7 -> 483e6a349


FEDIZ-185 - Make one of passiveRequestorEndpoint or 
passiveRequestorEndpointConstraint mandatory in the IDP


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/f26a20c2
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/f26a20c2
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/f26a20c2

Branch: refs/heads/1.3.x-fixes
Commit: f26a20c2584460aea2fbf00845d1b37a0b212d07
Parents: aaeea60
Author: Colm O hEigeartaigh 
Authored: Tue Dec 20 15:27:28 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 20 15:28:34 2016 +

--
 .../idp/beans/PassiveRequestorValidator.java|  34 +++---
 .../idp/src/main/resources/entities-realmb.xml  |   1 +
 .../test/resources/realmb/entities-realmb.xml   |   3 +-
 .../test/resources/realmb/entities-realmb.xml   |   2 +
 .../apache/cxf/fediz/systests/idp/IdpTest.java  | 113 +++
 .../test/resources/realma/entities-realma.xml   |  37 ++
 6 files changed, 174 insertions(+), 16 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f26a20c2/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
--
diff --git 
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
 
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
index 0393d4f..3f5be36 100644
--- 
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
+++ 
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
@@ -47,26 +47,30 @@ public class PassiveRequestorValidator {
 Application serviceConfig = idpConfig.findApplication(realm);
 if (serviceConfig == null) {
 LOG.warn("No service config found for " + realm);
-return true;
+return false;
 }
 
-// The endpointAddress address must match the passive endpoint 
requestor constraint 
-// (if it is specified)
-if (serviceConfig.getCompiledPassiveRequestorEndpointConstraint() == 
null) {
-LOG.warn("No passive requestor endpoint constraint is configured 
for the application. "
-+ "This could lead to a malicious redirection attack");
-return true;
-}
-
-Matcher matcher = 
-
serviceConfig.getCompiledPassiveRequestorEndpointConstraint().matcher(endpointAddress);
-if (!matcher.matches()) {
-LOG.error("The endpointAddress value of {} does not match any of 
the passive requestor values",
+if (serviceConfig.getPassiveRequestorEndpoint() == null 
+&& serviceConfig.getCompiledPassiveRequestorEndpointConstraint() 
== null) {
+LOG.error("Either the 'passiveRequestorEndpoint' or the 
'passiveRequestorEndpointConstraint' "
++ "configuration values must be specified for the 
application");
+} else if (serviceConfig.getPassiveRequestorEndpoint() != null 
+&& 
serviceConfig.getPassiveRequestorEndpoint().equals(endpointAddress)) {
+LOG.debug("The supplied endpoint address {} matches the configured 
passive requestor endpoint value", 
   endpointAddress);
-return false;
+return true;
+} else if 
(serviceConfig.getCompiledPassiveRequestorEndpointConstraint() != null) {
+Matcher matcher = 
+
serviceConfig.getCompiledPassiveRequestorEndpointConstraint().matcher(endpointAddress);
+if (matcher.matches()) {
+return true;
+} else {
+LOG.error("The endpointAddress value of {} does not match any 
of the passive requestor values",
+  endpointAddress);
+}
 }
 
-return true;
+return false;
 }
 
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f26a20c2/services/idp/src/main/resources/entities-realmb.xml
--
diff --git a/services/idp/src/main/resources/entities-realmb.xml 
b/services/idp/src/main/resources/entities-realmb.xml
index 592a605..3f2cd92 100644
--- a/services/idp/src/main/resources/entities-realmb.xml
+++ b/services/idp/src/main/resources/entities-realmb.xml
@@ -85,6 +85,7 @@
 
 http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0;
 />
 
+https://localhost:?(\d)*/.*" />
 
 
 

[2/2] cxf-fediz git commit: Fixing federation test

[coheigea]

Fixing federation test


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/483e6a34
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/483e6a34
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/483e6a34

Branch: refs/heads/1.3.x-fixes
Commit: 483e6a3497507d35e98b445cd5178bf5c92d448d
Parents: f26a20c
Author: Colm O hEigeartaigh 
Authored: Tue Dec 20 15:39:54 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 20 15:39:54 2016 +

--
 .../samlsso/src/test/resources/realmb/entities-realmb.xml  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/483e6a34/systests/federation/samlsso/src/test/resources/realmb/entities-realmb.xml
--
diff --git 
a/systests/federation/samlsso/src/test/resources/realmb/entities-realmb.xml 
b/systests/federation/samlsso/src/test/resources/realmb/entities-realmb.xml
index 4d73376..bfe086b 100644
--- a/systests/federation/samlsso/src/test/resources/realmb/entities-realmb.xml
+++ b/systests/federation/samlsso/src/test/resources/realmb/entities-realmb.xml
@@ -80,7 +80,7 @@
 http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0;
 />
 
 
-https://localhost:${idp.https.port}/fediz-idp/saml; />
+https://localhost:${idp.https.port}/fediz-idp/federation; />
 
 
 

cxf git commit: Naming a jaxrs client state cleanup thread as proposed by Romain

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes e1d841c6b -> 6bb64ae83


Naming a jaxrs client state cleanup thread as proposed by Romain


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6bb64ae8
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6bb64ae8
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6bb64ae8

Branch: refs/heads/3.1.x-fixes
Commit: 6bb64ae83daea6fb88a669142d7468730bd54f95
Parents: e1d841c
Author: Sergey Beryozkin 
Authored: Tue Dec 20 15:28:02 2016 +
Committer: Sergey Beryozkin 
Committed: Tue Dec 20 15:28:52 2016 +

--
 .../java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/6bb64ae8/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java
--
diff --git 
a/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java
 
b/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java
index 4458148..d6b4313 100644
--- 
a/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java
+++ 
b/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java
@@ -123,7 +123,9 @@ public class ThreadLocalClientState implements ClientState {
 prepareCheckpointMap();
 long currentTime = System.currentTimeMillis();
 checkpointMap.put(Thread.currentThread(), currentTime);
-new CleanupThread(Thread.currentThread(), currentTime).start();
+Thread clThread = new CleanupThread(Thread.currentThread(), 
currentTime);
+clThread.setName("Client state cleanup thread " + 
clThread.hashCode());
+clThread.start();
 }
 }
 return cs;

cxf git commit: Naming a jaxrs client state cleanup thread as proposed by Romain

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/master 6173599f9 -> 29a85


Naming a jaxrs client state cleanup thread as proposed by Romain


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/29a8
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/29a8
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/29a8

Branch: refs/heads/master
Commit: 29a85e5c3984563cbefb146f983d072967bb
Parents: 6173599
Author: Sergey Beryozkin 
Authored: Tue Dec 20 15:28:02 2016 +
Committer: Sergey Beryozkin 
Committed: Tue Dec 20 15:28:02 2016 +

--
 .../java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/29a8/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java
--
diff --git 
a/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java
 
b/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java
index 4458148..d6b4313 100644
--- 
a/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java
+++ 
b/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java
@@ -123,7 +123,9 @@ public class ThreadLocalClientState implements ClientState {
 prepareCheckpointMap();
 long currentTime = System.currentTimeMillis();
 checkpointMap.put(Thread.currentThread(), currentTime);
-new CleanupThread(Thread.currentThread(), currentTime).start();
+Thread clThread = new CleanupThread(Thread.currentThread(), 
currentTime);
+clThread.setName("Client state cleanup thread " + 
clThread.hashCode());
+clThread.start();
 }
 }
 return cs;

cxf-fediz git commit: FEDIZ-185 - Make one of passiveRequestorEndpoint or passiveRequestorEndpointConstraint mandatory in the IDP

[coheigea]

Repository: cxf-fediz
Updated Branches:
  refs/heads/master b94137a45 -> 25dcd2754


FEDIZ-185 - Make one of passiveRequestorEndpoint or 
passiveRequestorEndpointConstraint mandatory in the IDP


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/25dcd275
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/25dcd275
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/25dcd275

Branch: refs/heads/master
Commit: 25dcd275443d84e9927f7ad7c980f46463d03009
Parents: b94137a
Author: Colm O hEigeartaigh 
Authored: Tue Dec 20 15:27:28 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 20 15:27:28 2016 +

--
 .../idp/beans/PassiveRequestorValidator.java|  34 +++---
 .../idp/src/main/resources/entities-realmb.xml  |   1 +
 .../test/resources/realmb/entities-realmb.xml   |   3 +-
 .../test/resources/realmb/entities-realmb.xml   |   1 +
 .../apache/cxf/fediz/systests/idp/IdpTest.java  | 113 +++
 .../test/resources/realma/entities-realma.xml   |  37 ++
 6 files changed, 173 insertions(+), 16 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/25dcd275/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
--
diff --git 
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
 
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
index 0393d4f..3f5be36 100644
--- 
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
+++ 
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
@@ -47,26 +47,30 @@ public class PassiveRequestorValidator {
 Application serviceConfig = idpConfig.findApplication(realm);
 if (serviceConfig == null) {
 LOG.warn("No service config found for " + realm);
-return true;
+return false;
 }
 
-// The endpointAddress address must match the passive endpoint 
requestor constraint 
-// (if it is specified)
-if (serviceConfig.getCompiledPassiveRequestorEndpointConstraint() == 
null) {
-LOG.warn("No passive requestor endpoint constraint is configured 
for the application. "
-+ "This could lead to a malicious redirection attack");
-return true;
-}
-
-Matcher matcher = 
-
serviceConfig.getCompiledPassiveRequestorEndpointConstraint().matcher(endpointAddress);
-if (!matcher.matches()) {
-LOG.error("The endpointAddress value of {} does not match any of 
the passive requestor values",
+if (serviceConfig.getPassiveRequestorEndpoint() == null 
+&& serviceConfig.getCompiledPassiveRequestorEndpointConstraint() 
== null) {
+LOG.error("Either the 'passiveRequestorEndpoint' or the 
'passiveRequestorEndpointConstraint' "
++ "configuration values must be specified for the 
application");
+} else if (serviceConfig.getPassiveRequestorEndpoint() != null 
+&& 
serviceConfig.getPassiveRequestorEndpoint().equals(endpointAddress)) {
+LOG.debug("The supplied endpoint address {} matches the configured 
passive requestor endpoint value", 
   endpointAddress);
-return false;
+return true;
+} else if 
(serviceConfig.getCompiledPassiveRequestorEndpointConstraint() != null) {
+Matcher matcher = 
+
serviceConfig.getCompiledPassiveRequestorEndpointConstraint().matcher(endpointAddress);
+if (matcher.matches()) {
+return true;
+} else {
+LOG.error("The endpointAddress value of {} does not match any 
of the passive requestor values",
+  endpointAddress);
+}
 }
 
-return true;
+return false;
 }
 
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/25dcd275/services/idp/src/main/resources/entities-realmb.xml
--
diff --git a/services/idp/src/main/resources/entities-realmb.xml 
b/services/idp/src/main/resources/entities-realmb.xml
index 02cd3ca..68fb3e8 100644
--- a/services/idp/src/main/resources/entities-realmb.xml
+++ b/services/idp/src/main/resources/entities-realmb.xml
@@ -85,6 +85,7 @@
 
 http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0;
 />
 
+https://localhost:?(\d)*/.*" />
 
 
 

cxf git commit: Reflecting that the hybrid is a combination of authorization_code and implicit flows as per the dynreg spec, etc

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 713050c92 -> e1d841c6b


Reflecting that the hybrid is a combination of authorization_code and implicit 
flows as per the dynreg spec, etc


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e1d841c6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e1d841c6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e1d841c6

Branch: refs/heads/3.1.x-fixes
Commit: e1d841c6ba4b0cad5b90a584cb3eefac3f0cb9a9
Parents: 713050c
Author: Sergey Beryozkin 
Authored: Tue Dec 20 15:21:56 2016 +
Committer: Sergey Beryozkin 
Committed: Tue Dec 20 15:22:50 2016 +

--
 .../oauth2/grants/code/AuthorizationCodeGrantHandler.java   | 5 +
 .../apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java  | 2 +-
 .../org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java  | 2 +-
 .../java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java   | 2 --
 4 files changed, 7 insertions(+), 4 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/e1d841c6/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
index 97ba3dd..4e1121e 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
@@ -123,7 +123,12 @@ public class AuthorizationCodeGrantHandler extends 
AbstractGrantHandler {
 throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
 }
 }
+// Make sure the client supports the authorization code in cases where 
+// the implicit/hybrid service was initiating the code grant 
processing flow
 
+if (!client.getAllowedGrantTypes().isEmpty() && 
!client.getAllowedGrantTypes().contains(requestedGrant)) {
+throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
+}
 // Delegate to the data provider to create the one
 AccessTokenRegistration reg = new AccessTokenRegistration();
 reg.setGrantCode(grant.getCode());

http://git-wip-us.apache.org/repos/asf/cxf/blob/e1d841c6/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
--
diff --git 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
index 08d6735..f7ed11f 100644
--- 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
+++ 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
@@ -46,7 +46,7 @@ public class IdTokenResponseFilter extends 
OAuthServerJoseJwtProducer implements
 public void process(ClientAccessToken ct, ServerAccessToken st) {
 if (st.getResponseType() != null
 && OidcUtils.CODE_AT_RESPONSE_TYPE.equals(st.getResponseType())
-&& OidcUtils.HYBRID_FLOW.equals(st.getGrantType())) {
+&& OAuthConstants.IMPLICIT_GRANT.equals(st.getGrantType())) {
 // token post-processing as part of the current hybrid (implicit) 
flow
 // so no id_token is returned now - however when the code gets 
exchanged later on
 // this filter will add id_token to the returned access token

http://git-wip-us.apache.org/repos/asf/cxf/blob/e1d841c6/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
--
diff --git 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
index 708ad0a..3667389 100644
--- 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
+++ 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
@@ -44,7 +44,7 @@ public class OidcHybridService extends OidcImplicitService {
 this(false);
 }
 public 

cxf git commit: Reflecting that the hybrid is a combination of authorization_code and implicit flows as per the dynreg spec, etc

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/master 052582d56 -> 6173599f9


Reflecting that the hybrid is a combination of authorization_code and implicit 
flows as per the dynreg spec, etc


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6173599f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6173599f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6173599f

Branch: refs/heads/master
Commit: 6173599f9306602fa756924eb04ea0cd87ce5010
Parents: 052582d
Author: Sergey Beryozkin 
Authored: Tue Dec 20 15:21:56 2016 +
Committer: Sergey Beryozkin 
Committed: Tue Dec 20 15:21:56 2016 +

--
 .../oauth2/grants/code/AuthorizationCodeGrantHandler.java   | 5 +
 .../apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java  | 2 +-
 .../org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java  | 2 +-
 .../java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java   | 2 --
 4 files changed, 7 insertions(+), 4 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/6173599f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
index 7da48ef..7e65c07 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
@@ -123,7 +123,12 @@ public class AuthorizationCodeGrantHandler extends 
AbstractGrantHandler {
 throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
 }
 }
+// Make sure the client supports the authorization code in cases where 
+// the implicit/hybrid service was initiating the code grant 
processing flow
 
+if (!client.getAllowedGrantTypes().isEmpty() && 
!client.getAllowedGrantTypes().contains(requestedGrant)) {
+throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
+}
 // Delegate to the data provider to create the one
 AccessTokenRegistration reg = new AccessTokenRegistration();
 reg.setGrantCode(grant.getCode());

http://git-wip-us.apache.org/repos/asf/cxf/blob/6173599f/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
--
diff --git 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
index 08d6735..f7ed11f 100644
--- 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
+++ 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
@@ -46,7 +46,7 @@ public class IdTokenResponseFilter extends 
OAuthServerJoseJwtProducer implements
 public void process(ClientAccessToken ct, ServerAccessToken st) {
 if (st.getResponseType() != null
 && OidcUtils.CODE_AT_RESPONSE_TYPE.equals(st.getResponseType())
-&& OidcUtils.HYBRID_FLOW.equals(st.getGrantType())) {
+&& OAuthConstants.IMPLICIT_GRANT.equals(st.getGrantType())) {
 // token post-processing as part of the current hybrid (implicit) 
flow
 // so no id_token is returned now - however when the code gets 
exchanged later on
 // this filter will add id_token to the returned access token

http://git-wip-us.apache.org/repos/asf/cxf/blob/6173599f/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
--
diff --git 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
index 708ad0a..3667389 100644
--- 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
+++ 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
@@ -44,7 +44,7 @@ public class OidcHybridService extends OidcImplicitService {
 this(false);
 }
 public 

[3/4] cxf-fediz git commit: Enabling CSRF test

[coheigea]

Enabling CSRF test


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/e6e05c8f
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/e6e05c8f
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/e6e05c8f

Branch: refs/heads/1.2.x-fixes
Commit: e6e05c8f1b9ee3b551ebf03751d9230999cb1005
Parents: dd58983
Author: Colm O hEigeartaigh 
Authored: Tue Dec 20 10:29:07 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 20 11:16:13 2016 +

--
 .../java/org/apache/cxf/fediz/integrationtests/AbstractTests.java   | 1 -
 1 file changed, 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e6e05c8f/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
--
diff --git 
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
 
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index 883e2ca..cdbf815 100644
--- 
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++ 
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -677,7 +677,6 @@ public abstract class AbstractTests {
 }
 
 @org.junit.Test
-@org.junit.Ignore
 public void testCSRFAttack() throws Exception {
 String url = "https://localhost:; + getRpHttpsPort() + "/" + 
getServletContextName() + "/secure/fedservlet";
 csrfAttackTest(url);

[2/4] cxf-fediz git commit: Fixing CSRF test

[coheigea]

Fixing CSRF test


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/dd589831
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/dd589831
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/dd589831

Branch: refs/heads/1.2.x-fixes
Commit: dd589831ced42254d6174a01e5ab148e61ce08d1
Parents: d56286f
Author: Colm O hEigeartaigh 
Authored: Tue Dec 20 10:20:59 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 20 11:16:04 2016 +

--
 .../org/apache/cxf/fediz/integrationtests/AbstractTests.java| 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/dd589831/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
--
diff --git 
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
 
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index 30d99d3..883e2ca 100644
--- 
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++ 
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -738,10 +738,7 @@ public abstract class AbstractTests {
 }
 
 try {
-HtmlPage rpPage2 = webClient.getPage(request);
-String bodyTextContent = rpPage2.getBody().getTextContent();
-Assert.assertTrue("Principal not " + user,
-  bodyTextContent.contains("userPrincipal=" + 
user));
+webClient.getPage(request);
 Assert.fail("Failure expected on a CSRF attack");
 } catch (FailingHttpStatusCodeException ex) {
 // expected

[4/4] cxf-fediz git commit: Save the context from the sign in request

[coheigea]

Save the context from the sign in request


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/f1aef377
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/f1aef377
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/f1aef377

Branch: refs/heads/1.2.x-fixes
Commit: f1aef37787f829293d239e62b7a83a53d366494a
Parents: e6e05c8
Author: Colm O hEigeartaigh 
Authored: Tue Dec 20 10:41:17 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 20 11:16:41 2016 +

--
 .../fediz/jetty/FederationAuthenticator.java| 27 
 1 file changed, 22 insertions(+), 5 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1aef377/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
--
diff --git 
a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
 
b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
index 9b2c684..779d047 100644
--- 
a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
+++ 
b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
@@ -87,6 +87,7 @@ public class FederationAuthenticator extends 
LoginAuthenticator {
 
 public static final String J_URI = "org.eclipse.jetty.security.form_URI";
 public static final String J_POST = "org.eclipse.jetty.security.form_POST";
+public static final String J_CONTEXT = 
"org.eclipse.jetty.security.form_CONTEXT";
 
 private static final Logger LOG = 
Log.getLogger(FederationAuthenticator.class);
 
@@ -248,13 +249,19 @@ public class FederationAuthenticator extends 
LoginAuthenticator {
 {
 session=renewSession(request,response);
 
-FederationUserIdentity fui = 
(FederationUserIdentity)user;
-session.setAttribute(SECURITY_TOKEN_ATTR, 
fui.getToken());
-
 // Redirect to original request
 String nuri;
 synchronized(session)
 {
+// Check the context
+String savedContext = (String) 
session.getAttribute(J_CONTEXT);
+String receivedContext = 
request.getParameter(FederationConstants.PARAM_CONTEXT);
+if (savedContext == null || 
!savedContext.equals(receivedContext)) {
+LOG.warn("The received wctx parameter does not 
match the saved value");
+
response.sendError(HttpServletResponse.SC_FORBIDDEN);
+return Authentication.UNAUTHENTICATED;
+}
+
 nuri = (String) session.getAttribute(J_URI);
 
 if (nuri == null || nuri.length() == 0)
@@ -267,6 +274,10 @@ public class FederationAuthenticator extends 
LoginAuthenticator {
 Authentication cached=new 
SessionAuthentication(getAuthMethod(), user, wfRes);
 
session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
 }
+
+FederationUserIdentity fui = 
(FederationUserIdentity)user;
+session.setAttribute(SECURITY_TOKEN_ATTR, 
fui.getToken());
+
 response.setContentLength(0);   
 
response.sendRedirect(response.encodeRedirectURL(nuri));
 
@@ -279,6 +290,7 @@ public class FederationAuthenticator extends 
LoginAuthenticator {
 }
 if (response != null) {
 response.sendError(HttpServletResponse.SC_FORBIDDEN);
+return Authentication.UNAUTHENTICATED;
 }
 
 }
@@ -394,7 +406,7 @@ public class FederationAuthenticator extends 
LoginAuthenticator {
 
 FedizProcessor wfProc = 
 
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
-signInRedirectToIssuer(request, response, wfProc);
+signInRedirectToIssuer(request, response, wfProc, session);
 
 return Authentication.SEND_CONTINUE;
 
@@ -482,12 +494,13 @@ public class FederationAuthenticator extends 
LoginAuthenticator {
  *Response we are populating
  * @param processor
  *FederationProcessor
+ * @param session The HTTPSession
  * @throws IOException
  *

[1/4] cxf-fediz git commit: Minor change to Spring plugins

[coheigea]

Repository: cxf-fediz
Updated Branches:
  refs/heads/1.2.x-fixes 73a11b5f2 -> f1aef3778


Minor change to Spring plugins


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/d56286f7
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/d56286f7
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/d56286f7

Branch: refs/heads/1.2.x-fixes
Commit: d56286f7da0110b38e1a71363d8a2f31daa66f51
Parents: 73a11b5
Author: Colm O hEigeartaigh 
Authored: Tue Dec 20 09:33:22 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 20 11:15:56 2016 +

--
 .../cxf/fediz/spring/web/FederationAuthenticationFilter.java   | 2 +-
 .../cxf/fediz/spring/web/FederationAuthenticationFilter.java   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d56286f7/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
--
diff --git 
a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
 
b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index c18d238..3f172e5 100644
--- 
a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++ 
b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -69,7 +69,7 @@ public class FederationAuthenticationFilter extends 
AbstractAuthenticationProces
 FedizRequest wfReq = new FedizRequest();
 wfReq.setAction(wa);
 wfReq.setResponseToken(responseToken);
-wfReq.setState(request.getParameter(SAMLSSOConstants.RELAY_STATE));
+wfReq.setState(getState(request));
 wfReq.setRequest(request);
 
 X509Certificate certs[] = 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d56286f7/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
--
diff --git 
a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
 
b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index 7727c27..827d4fb 100644
--- 
a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++ 
b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -118,7 +118,7 @@ public class FederationAuthenticationFilter extends 
AbstractProcessingFilter {
 FedizRequest wfReq = new FedizRequest();
 wfReq.setAction(wa);
 wfReq.setResponseToken(responseToken);
-wfReq.setState(request.getParameter(SAMLSSOConstants.RELAY_STATE));
+wfReq.setState(getState(request));
 wfReq.setRequest(request);
 
 X509Certificate certs[] = 

[3/4] cxf-fediz git commit: Enabling CSRF test

[coheigea]

Enabling CSRF test


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/a271c790
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/a271c790
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/a271c790

Branch: refs/heads/1.3.x-fixes
Commit: a271c7905d80e046c54bd542dc35719af1e1485a
Parents: e44c6a6
Author: Colm O hEigeartaigh 
Authored: Tue Dec 20 10:29:07 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 20 10:58:13 2016 +

--
 .../java/org/apache/cxf/fediz/integrationtests/AbstractTests.java   | 1 -
 1 file changed, 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a271c790/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
--
diff --git 
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
 
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index c4e76eb..d33e212 100644
--- 
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++ 
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -733,7 +733,6 @@ public abstract class AbstractTests {
 }
 
 @org.junit.Test
-@org.junit.Ignore
 public void testCSRFAttack() throws Exception {
 String url = "https://localhost:; + getRpHttpsPort() + "/" + 
getServletContextName() + "/secure/fedservlet";
 csrfAttackTest(url);

[1/4] cxf-fediz git commit: Minor change to Spring plugins

[coheigea]

Repository: cxf-fediz
Updated Branches:
  refs/heads/1.3.x-fixes aa66ed453 -> aaeea60c7


Minor change to Spring plugins


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/41f078c0
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/41f078c0
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/41f078c0

Branch: refs/heads/1.3.x-fixes
Commit: 41f078c0c2fa25833b55c8efd882a82edb7a264a
Parents: aa66ed4
Author: Colm O hEigeartaigh 
Authored: Tue Dec 20 09:33:22 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 20 10:58:01 2016 +

--
 .../cxf/fediz/spring/web/FederationAuthenticationFilter.java   | 2 +-
 .../cxf/fediz/spring/web/FederationAuthenticationFilter.java   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/41f078c0/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
--
diff --git 
a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
 
b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index c18d238..3f172e5 100644
--- 
a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++ 
b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -69,7 +69,7 @@ public class FederationAuthenticationFilter extends 
AbstractAuthenticationProces
 FedizRequest wfReq = new FedizRequest();
 wfReq.setAction(wa);
 wfReq.setResponseToken(responseToken);
-wfReq.setState(request.getParameter(SAMLSSOConstants.RELAY_STATE));
+wfReq.setState(getState(request));
 wfReq.setRequest(request);
 
 X509Certificate certs[] = 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/41f078c0/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
--
diff --git 
a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
 
b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index 6011c37..154aab1 100644
--- 
a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++ 
b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -118,7 +118,7 @@ public class FederationAuthenticationFilter extends 
AbstractProcessingFilter {
 FedizRequest wfReq = new FedizRequest();
 wfReq.setAction(wa);
 wfReq.setResponseToken(responseToken);
-wfReq.setState(request.getParameter(SAMLSSOConstants.RELAY_STATE));
+wfReq.setState(getState(request));
 wfReq.setRequest(request);
 
 X509Certificate certs[] = 

[2/4] cxf-fediz git commit: Fixing CSRF test

[coheigea]

Fixing CSRF test


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/e44c6a67
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/e44c6a67
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/e44c6a67

Branch: refs/heads/1.3.x-fixes
Commit: e44c6a67ecc9d2c47a49ebb30f9e6ba248ccaf0e
Parents: 41f078c
Author: Colm O hEigeartaigh 
Authored: Tue Dec 20 10:20:59 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 20 10:58:06 2016 +

--
 .../org/apache/cxf/fediz/integrationtests/AbstractTests.java| 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e44c6a67/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
--
diff --git 
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
 
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index 5908db8..c4e76eb 100644
--- 
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++ 
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -794,10 +794,7 @@ public abstract class AbstractTests {
 }
 
 try {
-HtmlPage rpPage2 = webClient.getPage(request);
-String bodyTextContent = rpPage2.getBody().getTextContent();
-Assert.assertTrue("Principal not " + user,
-  bodyTextContent.contains("userPrincipal=" + 
user));
+webClient.getPage(request);
 Assert.fail("Failure expected on a CSRF attack");
 } catch (FailingHttpStatusCodeException ex) {
 // expected

[4/4] cxf-fediz git commit: Save the context from the sign in request

[coheigea]

Save the context from the sign in request


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/aaeea60c
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/aaeea60c
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/aaeea60c

Branch: refs/heads/1.3.x-fixes
Commit: aaeea60c7edae9973134c868c1d49c67d658e6c3
Parents: a271c79
Author: Colm O hEigeartaigh 
Authored: Tue Dec 20 10:41:17 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 20 10:58:20 2016 +

--
 .../fediz/jetty8/FederationAuthenticator.java   | 27 
 .../fediz/jetty9/FederationAuthenticator.java   | 27 
 2 files changed, 44 insertions(+), 10 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/aaeea60c/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
--
diff --git 
a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
 
b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
index dfeab1d..56656a0 100644
--- 
a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
+++ 
b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
@@ -84,6 +84,7 @@ public class FederationAuthenticator extends 
LoginAuthenticator {
 
 public static final String J_URI = "org.eclipse.jetty.security.form_URI";
 public static final String J_POST = "org.eclipse.jetty.security.form_POST";
+public static final String J_CONTEXT = 
"org.eclipse.jetty.security.form_CONTEXT";
 
 private static final Logger LOG = 
Log.getLogger(FederationAuthenticator.class);
 
@@ -222,13 +223,19 @@ public class FederationAuthenticator extends 
LoginAuthenticator {
 {
 session=renewSession(request,response);
 
-FederationUserIdentity fui = 
(FederationUserIdentity)user;
-session.setAttribute(SECURITY_TOKEN_ATTR, 
fui.getToken());
-
 // Redirect to original request
 String nuri;
 synchronized(session)
 {
+// Check the context
+String savedContext = (String) 
session.getAttribute(J_CONTEXT);
+String receivedContext = 
request.getParameter(FederationConstants.PARAM_CONTEXT);
+if (savedContext == null || 
!savedContext.equals(receivedContext)) {
+LOG.warn("The received wctx parameter does not 
match the saved value");
+
response.sendError(HttpServletResponse.SC_FORBIDDEN);
+return Authentication.UNAUTHENTICATED;
+}
+
 nuri = (String) session.getAttribute(J_URI);
 
 if (nuri == null || nuri.length() == 0)
@@ -241,6 +248,10 @@ public class FederationAuthenticator extends 
LoginAuthenticator {
 Authentication cached=new 
SessionAuthentication(getAuthMethod(), user, wfRes);
 
session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
 }
+
+FederationUserIdentity fui = 
(FederationUserIdentity)user;
+session.setAttribute(SECURITY_TOKEN_ATTR, 
fui.getToken());
+
 response.setContentLength(0);   
 
response.sendRedirect(response.encodeRedirectURL(nuri));
 
@@ -253,6 +264,7 @@ public class FederationAuthenticator extends 
LoginAuthenticator {
 }
 if (response != null) {
 response.sendError(HttpServletResponse.SC_FORBIDDEN);
+return Authentication.UNAUTHENTICATED;
 }
 
 }
@@ -369,7 +381,7 @@ public class FederationAuthenticator extends 
LoginAuthenticator {
 
 FedizProcessor wfProc = 
 
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
-signInRedirectToIssuer(request, response, wfProc);
+signInRedirectToIssuer(request, response, wfProc, session);
 
 return Authentication.SEND_CONTINUE;
 
@@ -445,12 +457,13 @@ public class FederationAuthenticator extends 
LoginAuthenticator {
  *Response we are populating
  * @param processor
  *

[3/4] cxf-fediz git commit: Enabling CSRF test

[coheigea]

Enabling CSRF test


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/24d993e2
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/24d993e2
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/24d993e2

Branch: refs/heads/master
Commit: 24d993e22513109f6d69c177e6e11d9171746c54
Parents: a6f7a69
Author: Colm O hEigeartaigh 
Authored: Tue Dec 20 10:29:07 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 20 10:29:07 2016 +

--
 .../java/org/apache/cxf/fediz/integrationtests/AbstractTests.java   | 1 -
 1 file changed, 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/24d993e2/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
--
diff --git 
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
 
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index c4e76eb..d33e212 100644
--- 
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++ 
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -733,7 +733,6 @@ public abstract class AbstractTests {
 }
 
 @org.junit.Test
-@org.junit.Ignore
 public void testCSRFAttack() throws Exception {
 String url = "https://localhost:; + getRpHttpsPort() + "/" + 
getServletContextName() + "/secure/fedservlet";
 csrfAttackTest(url);

[1/4] cxf-fediz git commit: Minor change to Spring plugins

[coheigea]

Repository: cxf-fediz
Updated Branches:
  refs/heads/master 84856d7a6 -> b94137a45


Minor change to Spring plugins


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/811da0cb
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/811da0cb
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/811da0cb

Branch: refs/heads/master
Commit: 811da0cbd9f67c9a01a905c84852e817512306fd
Parents: 84856d7
Author: Colm O hEigeartaigh 
Authored: Tue Dec 20 09:33:22 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 20 09:33:22 2016 +

--
 .../cxf/fediz/spring/web/FederationAuthenticationFilter.java   | 2 +-
 .../cxf/fediz/spring/web/FederationAuthenticationFilter.java   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/811da0cb/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
--
diff --git 
a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
 
b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index c18d238..3f172e5 100644
--- 
a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++ 
b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -69,7 +69,7 @@ public class FederationAuthenticationFilter extends 
AbstractAuthenticationProces
 FedizRequest wfReq = new FedizRequest();
 wfReq.setAction(wa);
 wfReq.setResponseToken(responseToken);
-wfReq.setState(request.getParameter(SAMLSSOConstants.RELAY_STATE));
+wfReq.setState(getState(request));
 wfReq.setRequest(request);
 
 X509Certificate certs[] = 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/811da0cb/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
--
diff --git 
a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
 
b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index 6011c37..154aab1 100644
--- 
a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++ 
b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -118,7 +118,7 @@ public class FederationAuthenticationFilter extends 
AbstractProcessingFilter {
 FedizRequest wfReq = new FedizRequest();
 wfReq.setAction(wa);
 wfReq.setResponseToken(responseToken);
-wfReq.setState(request.getParameter(SAMLSSOConstants.RELAY_STATE));
+wfReq.setState(getState(request));
 wfReq.setRequest(request);
 
 X509Certificate certs[] = 

[2/4] cxf-fediz git commit: Fixing CSRF test

[coheigea]

Fixing CSRF test


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/a6f7a69a
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/a6f7a69a
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/a6f7a69a

Branch: refs/heads/master
Commit: a6f7a69a457d7459ce65d09592a82c0d8d8aedc8
Parents: 811da0c
Author: Colm O hEigeartaigh 
Authored: Tue Dec 20 10:20:59 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 20 10:20:59 2016 +

--
 .../org/apache/cxf/fediz/integrationtests/AbstractTests.java| 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a6f7a69a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
--
diff --git 
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
 
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index 5908db8..c4e76eb 100644
--- 
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++ 
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -794,10 +794,7 @@ public abstract class AbstractTests {
 }
 
 try {
-HtmlPage rpPage2 = webClient.getPage(request);
-String bodyTextContent = rpPage2.getBody().getTextContent();
-Assert.assertTrue("Principal not " + user,
-  bodyTextContent.contains("userPrincipal=" + 
user));
+webClient.getPage(request);
 Assert.fail("Failure expected on a CSRF attack");
 } catch (FailingHttpStatusCodeException ex) {
 // expected

[4/4] cxf-fediz git commit: Save the context from the sign in request

[coheigea]

Save the context from the sign in request


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/b94137a4
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/b94137a4
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/b94137a4

Branch: refs/heads/master
Commit: b94137a4592d7f8fdfa015af9241df5b749153bd
Parents: 24d993e
Author: Colm O hEigeartaigh 
Authored: Tue Dec 20 10:41:17 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 20 10:41:17 2016 +

--
 .../fediz/jetty8/FederationAuthenticator.java   | 27 
 .../fediz/jetty9/FederationAuthenticator.java   | 27 
 2 files changed, 44 insertions(+), 10 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b94137a4/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
--
diff --git 
a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
 
b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
index dfeab1d..56656a0 100644
--- 
a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
+++ 
b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
@@ -84,6 +84,7 @@ public class FederationAuthenticator extends 
LoginAuthenticator {
 
 public static final String J_URI = "org.eclipse.jetty.security.form_URI";
 public static final String J_POST = "org.eclipse.jetty.security.form_POST";
+public static final String J_CONTEXT = 
"org.eclipse.jetty.security.form_CONTEXT";
 
 private static final Logger LOG = 
Log.getLogger(FederationAuthenticator.class);
 
@@ -222,13 +223,19 @@ public class FederationAuthenticator extends 
LoginAuthenticator {
 {
 session=renewSession(request,response);
 
-FederationUserIdentity fui = 
(FederationUserIdentity)user;
-session.setAttribute(SECURITY_TOKEN_ATTR, 
fui.getToken());
-
 // Redirect to original request
 String nuri;
 synchronized(session)
 {
+// Check the context
+String savedContext = (String) 
session.getAttribute(J_CONTEXT);
+String receivedContext = 
request.getParameter(FederationConstants.PARAM_CONTEXT);
+if (savedContext == null || 
!savedContext.equals(receivedContext)) {
+LOG.warn("The received wctx parameter does not 
match the saved value");
+
response.sendError(HttpServletResponse.SC_FORBIDDEN);
+return Authentication.UNAUTHENTICATED;
+}
+
 nuri = (String) session.getAttribute(J_URI);
 
 if (nuri == null || nuri.length() == 0)
@@ -241,6 +248,10 @@ public class FederationAuthenticator extends 
LoginAuthenticator {
 Authentication cached=new 
SessionAuthentication(getAuthMethod(), user, wfRes);
 
session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
 }
+
+FederationUserIdentity fui = 
(FederationUserIdentity)user;
+session.setAttribute(SECURITY_TOKEN_ATTR, 
fui.getToken());
+
 response.setContentLength(0);   
 
response.sendRedirect(response.encodeRedirectURL(nuri));
 
@@ -253,6 +264,7 @@ public class FederationAuthenticator extends 
LoginAuthenticator {
 }
 if (response != null) {
 response.sendError(HttpServletResponse.SC_FORBIDDEN);
+return Authentication.UNAUTHENTICATED;
 }
 
 }
@@ -369,7 +381,7 @@ public class FederationAuthenticator extends 
LoginAuthenticator {
 
 FedizProcessor wfProc = 
 
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
-signInRedirectToIssuer(request, response, wfProc);
+signInRedirectToIssuer(request, response, wfProc, session);
 
 return Authentication.SEND_CONTINUE;
 
@@ -445,12 +457,13 @@ public class FederationAuthenticator extends 
LoginAuthenticator {
  *Response we are populating
  * @param processor
  *FederationProcessor
+   

[2/2] cxf git commit: Updating Karaf

[coheigea]

Updating Karaf


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9ef8ec44
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9ef8ec44
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9ef8ec44

Branch: refs/heads/3.0.x-fixes
Commit: 9ef8ec4406629feb0b7c2b61b6ab50a44279068d
Parents: 3e7e78b
Author: Colm O hEigeartaigh 
Authored: Tue Dec 20 10:42:21 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 20 10:42:21 2016 +

--
 parent/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/9ef8ec44/parent/pom.xml
--
diff --git a/parent/pom.xml b/parent/pom.xml
index a223311..c3d1b8d 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -183,7 +183,7 @@
 1.3.1 
 [1.0,2)
 4.2.0
-2.4.0
+2.4.4
 1.6.0
 3.4.0
 2.0.5

[1/2] cxf git commit: Recording .gitmergeinfo Changes

[coheigea]

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes cd83ad9d1 -> 9ef8ec440


Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3e7e78b8
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3e7e78b8
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3e7e78b8

Branch: refs/heads/3.0.x-fixes
Commit: 3e7e78b89d78b63fa16033bc0b44111b55f109d4
Parents: cd83ad9
Author: Colm O hEigeartaigh 
Authored: Tue Dec 20 10:42:14 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 20 10:42:14 2016 +

--
 .gitmergeinfo | 2 ++
 1 file changed, 2 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/3e7e78b8/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index 81b4bae..649f7a8 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -52,6 +52,7 @@ B 0ba19453f17be19aa2e46848b1908f776a6abb64
 B 0befccd8a70d7896d9210f554e19375e5d8cc168
 B 0c0555f4ac850ec8e38302d73207170affe4376a
 B 0c542f82652995db0d7ce6681dafab086c178b13
+B 0c57565cd6f38a87e801d35dfb0a21c3752e8267
 B 0c5d2b9fc11c4e2a0590dc3f3f64612be8dda074
 B 0cad194ee50841f1c740097430780044fa1e9eaf
 B 0cdd2c03fed0ca51386312e1772ac49edccf1ae3
@@ -618,6 +619,7 @@ B 708f53f7af5a53003f642a4422d8c11de18f8889
 B 70aceaa6f3b93f2a64abdc219fac242f5f0830ab
 B 70b32b7e8f672edfbcce459b4f6276efb1c56285
 B 712e96428c926bf8aedce8eb91c33d79801dd636
+B 713050c921e146d81191686b3965529ab0583efb
 B 71488c6fa7635c88285214a0479379aafef9ed3c
 B 716531d62eaa8b1dde566e59e2a5ff0be1b2b33c
 B 71811014ff69c2d7a9d7b884a6eb360723b189d8

[2/2] cxf git commit: Updating Karaf

[coheigea]

Updating Karaf


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/713050c9
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/713050c9
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/713050c9

Branch: refs/heads/3.1.x-fixes
Commit: 713050c921e146d81191686b3965529ab0583efb
Parents: 0c57565
Author: Colm O hEigeartaigh 
Authored: Tue Dec 20 10:41:42 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 20 10:41:42 2016 +

--
 parent/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/713050c9/parent/pom.xml
--
diff --git a/parent/pom.xml b/parent/pom.xml
index 0755d21..c26f12c 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -179,7 +179,7 @@
 1.3.1 
 [1.0,2)
 4.2.0
-3.0.6
+3.0.8
 1.6.0
 4.7.0
 2.0.5

[1/2] cxf git commit: Recording .gitmergeinfo Changes

[coheigea]

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 4aa1a5225 -> 713050c92


Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0c57565c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0c57565c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0c57565c

Branch: refs/heads/3.1.x-fixes
Commit: 0c57565cd6f38a87e801d35dfb0a21c3752e8267
Parents: 4aa1a52
Author: Colm O hEigeartaigh 
Authored: Tue Dec 20 10:04:05 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 20 10:04:05 2016 +

--
 .gitmergeinfo | 2 ++
 1 file changed, 2 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/0c57565c/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index b874aeb..6d2e682 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -4,6 +4,7 @@ B 02d826d7ad223c75ad706c7b5443bd06ee6e2589
 B 0336a2399b1980e04372c651368f8718f75a4f14
 B 042d1dbe5f236125c77db8348bf66d4a3d4d2385
 B 04d072e8494cb223c8f7b288776640dea68339d6
+B 052582d56a99d96773dffcc8d83e96c26030e7c3
 B 057b2a6d5d85285446ff762bd3451a0e3e945d7a
 B 08e8316aa5c575d6117d20c4054405e1ea0e2887
 B 09a3b58100c04cacf755509a0160ba01bbce769a
@@ -60,6 +61,7 @@ B 502db47a7c520767da2977376be5cf2fce3f56af
 B 517ef67f1a69d386de44153e5e09d51cb47bf4d7
 B 519a67dfa240471bb585929f263cd85051a9eb06
 B 53a46205871434d8c47ed45822e078e5ad6d2c60
+B 540a1255be34c047c094f53461925d46c3ed058b
 B 54910695917fb63a11982a8dc96a3b4d088963c5
 B 54b71171e89bb1be7d169ac91bb626c9c1ca293b
 B 56dab42caaf27e3bedf08cbb419d3644aeccb7af

[2/2] cxf git commit: Updating XJC

[coheigea]

Updating XJC


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/052582d5
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/052582d5
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/052582d5

Branch: refs/heads/master
Commit: 052582d56a99d96773dffcc8d83e96c26030e7c3
Parents: 540a125
Author: Colm O hEigeartaigh 
Authored: Tue Dec 20 09:20:18 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 20 09:20:18 2016 +

--
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/052582d5/pom.xml
--
diff --git a/pom.xml b/pom.xml
index c209fb3..50e1e40 100644
--- a/pom.xml
+++ b/pom.xml
@@ -44,7 +44,7 @@
 
 false
 3.2.1
-3.0.5
+3.1.0
 1.8
 UTF-8
 
scp://people.apache.org/www/cxf.apache.org/maven-site

[1/2] cxf git commit: Updating Karaf

[coheigea]

Repository: cxf
Updated Branches:
  refs/heads/master 0e391a6a0 -> 052582d56


Updating Karaf


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/540a1255
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/540a1255
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/540a1255

Branch: refs/heads/master
Commit: 540a1255be34c047c094f53461925d46c3ed058b
Parents: 0e391a6
Author: Colm O hEigeartaigh 
Authored: Mon Dec 19 10:04:23 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 20 09:20:06 2016 +

--
 parent/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/540a1255/parent/pom.xml
--
diff --git a/parent/pom.xml b/parent/pom.xml
index 668d60c..f22ba05 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -179,7 +179,7 @@
 1.3.1 
 [1.0,2)
 4.2.0
-4.0.6
+4.0.8
 1.6.0
 4.7.0
 2.0.5

buildbot success in on cxf-site-production

[buildbot]

The Buildbot has detected a restored build on builder cxf-site-production while 
building . Full details are available at:
https://ci.apache.org/builders/cxf-site-production/builds/12937

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: bb-cms-slave

Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this 
build
Build Source Stamp: [branch cxf/web] HEAD
Blamelist: 

Build succeeded!

Sincerely,
 -The Buildbot

buildbot failure in on cxf-site-production

[buildbot]

The Buildbot has detected a new failure on builder cxf-site-production while 
building . Full details are available at:
https://ci.apache.org/builders/cxf-site-production/builds/12936

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: bb-cms-slave

Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this 
build
Build Source Stamp: [branch cxf/web] HEAD
Blamelist: 

BUILD FAILED: failed compile

Sincerely,
 -The Buildbot