cxf-fediz git commit: FEDIZ-185 - Make one of passiveRequestorEndpoint or passiveRequestorEndpointConstraint mandatory in the IDP
Repository: cxf-fediz Updated Branches: refs/heads/1.2.x-fixes f1aef3778 -> 1d5b956ed FEDIZ-185 - Make one of passiveRequestorEndpoint or passiveRequestorEndpointConstraint mandatory in the IDP Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/1d5b956e Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/1d5b956e Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/1d5b956e Branch: refs/heads/1.2.x-fixes Commit: 1d5b956edf26f621532c917b19827d7b3ffc72ad Parents: f1aef37 Author: Colm O hEigeartaighAuthored: Tue Dec 20 15:27:28 2016 + Committer: Colm O hEigeartaigh Committed: Tue Dec 20 16:41:47 2016 + -- .../service/idp/beans/STSClientAction.java | 29 +++-- .../idp/src/main/resources/entities-realmb.xml | 1 + .../test/resources/realmb/entities-realmb.xml | 1 + .../apache/cxf/fediz/systests/idp/IdpTest.java | 105 +++ .../test/resources/realma/entities-realma.xml | 37 +++ 5 files changed, 162 insertions(+), 11 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1d5b956e/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java -- diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java index ca87991..e99ea43 100644 --- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java +++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java @@ -320,20 +320,27 @@ public class STSClientAction { throw new ProcessingException(TYPE.BAD_REQUEST); } -if (serviceConfig.getCompiledPassiveRequestorEndpointConstraint() == null) { -LOG.warn("No passive requestor endpoint constraint is configured for the application. " - + "This could lead to a malicious redirection attack"); -return; -} - -if (wreply != null) { -Matcher matcher = serviceConfig.getCompiledPassiveRequestorEndpointConstraint().matcher(wreply); -if (!matcher.matches()) { -LOG.error("The wreply value of {} does not match any of the passive requestor values", +if (serviceConfig.getPassiveRequestorEndpoint() == null +&& serviceConfig.getCompiledPassiveRequestorEndpointConstraint() == null) { +LOG.error("Either the 'passiveRequestorEndpoint' or the 'passiveRequestorEndpointConstraint' " ++ "configuration values must be specified for the application"); +} else if (serviceConfig.getPassiveRequestorEndpoint() != null +&& serviceConfig.getPassiveRequestorEndpoint().equals(wreply)) { +LOG.debug("The supplied endpoint address {} matches the configured passive requestor endpoint value", wreply); -throw new ProcessingException(TYPE.BAD_REQUEST); +return; +} else if (serviceConfig.getCompiledPassiveRequestorEndpointConstraint() != null) { +Matcher matcher = + serviceConfig.getCompiledPassiveRequestorEndpointConstraint().matcher(wreply); +if (matcher.matches()) { +return; +} else { +LOG.error("The endpointAddress value of {} does not match any of the passive requestor values", + wreply); } } + +throw new ProcessingException(TYPE.BAD_REQUEST); } private String getIdFromToken(String token) throws XMLStreamException { http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1d5b956e/services/idp/src/main/resources/entities-realmb.xml -- diff --git a/services/idp/src/main/resources/entities-realmb.xml b/services/idp/src/main/resources/entities-realmb.xml index 152ff52..0018c37 100644 --- a/services/idp/src/main/resources/entities-realmb.xml +++ b/services/idp/src/main/resources/entities-realmb.xml @@ -85,6 +85,7 @@ http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0; /> +https://localhost:?(\d)*/.*" /> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1d5b956e/systests/federation/wsfed/src/test/resources/realmb/entities-realmb.xml -- diff --git a/systests/federation/wsfed/src/test/resources/realmb/entities-realmb.xml
[1/2] cxf-fediz git commit: FEDIZ-185 - Make one of passiveRequestorEndpoint or passiveRequestorEndpointConstraint mandatory in the IDP
Repository: cxf-fediz Updated Branches: refs/heads/1.3.x-fixes aaeea60c7 -> 483e6a349 FEDIZ-185 - Make one of passiveRequestorEndpoint or passiveRequestorEndpointConstraint mandatory in the IDP Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/f26a20c2 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/f26a20c2 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/f26a20c2 Branch: refs/heads/1.3.x-fixes Commit: f26a20c2584460aea2fbf00845d1b37a0b212d07 Parents: aaeea60 Author: Colm O hEigeartaighAuthored: Tue Dec 20 15:27:28 2016 + Committer: Colm O hEigeartaigh Committed: Tue Dec 20 15:28:34 2016 + -- .../idp/beans/PassiveRequestorValidator.java| 34 +++--- .../idp/src/main/resources/entities-realmb.xml | 1 + .../test/resources/realmb/entities-realmb.xml | 3 +- .../test/resources/realmb/entities-realmb.xml | 2 + .../apache/cxf/fediz/systests/idp/IdpTest.java | 113 +++ .../test/resources/realma/entities-realma.xml | 37 ++ 6 files changed, 174 insertions(+), 16 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f26a20c2/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java -- diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java index 0393d4f..3f5be36 100644 --- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java +++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java @@ -47,26 +47,30 @@ public class PassiveRequestorValidator { Application serviceConfig = idpConfig.findApplication(realm); if (serviceConfig == null) { LOG.warn("No service config found for " + realm); -return true; +return false; } -// The endpointAddress address must match the passive endpoint requestor constraint -// (if it is specified) -if (serviceConfig.getCompiledPassiveRequestorEndpointConstraint() == null) { -LOG.warn("No passive requestor endpoint constraint is configured for the application. " -+ "This could lead to a malicious redirection attack"); -return true; -} - -Matcher matcher = - serviceConfig.getCompiledPassiveRequestorEndpointConstraint().matcher(endpointAddress); -if (!matcher.matches()) { -LOG.error("The endpointAddress value of {} does not match any of the passive requestor values", +if (serviceConfig.getPassiveRequestorEndpoint() == null +&& serviceConfig.getCompiledPassiveRequestorEndpointConstraint() == null) { +LOG.error("Either the 'passiveRequestorEndpoint' or the 'passiveRequestorEndpointConstraint' " ++ "configuration values must be specified for the application"); +} else if (serviceConfig.getPassiveRequestorEndpoint() != null +&& serviceConfig.getPassiveRequestorEndpoint().equals(endpointAddress)) { +LOG.debug("The supplied endpoint address {} matches the configured passive requestor endpoint value", endpointAddress); -return false; +return true; +} else if (serviceConfig.getCompiledPassiveRequestorEndpointConstraint() != null) { +Matcher matcher = + serviceConfig.getCompiledPassiveRequestorEndpointConstraint().matcher(endpointAddress); +if (matcher.matches()) { +return true; +} else { +LOG.error("The endpointAddress value of {} does not match any of the passive requestor values", + endpointAddress); +} } -return true; +return false; } } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f26a20c2/services/idp/src/main/resources/entities-realmb.xml -- diff --git a/services/idp/src/main/resources/entities-realmb.xml b/services/idp/src/main/resources/entities-realmb.xml index 592a605..3f2cd92 100644 --- a/services/idp/src/main/resources/entities-realmb.xml +++ b/services/idp/src/main/resources/entities-realmb.xml @@ -85,6 +85,7 @@ http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0; /> +https://localhost:?(\d)*/.*" />
[2/2] cxf-fediz git commit: Fixing federation test
Fixing federation test Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/483e6a34 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/483e6a34 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/483e6a34 Branch: refs/heads/1.3.x-fixes Commit: 483e6a3497507d35e98b445cd5178bf5c92d448d Parents: f26a20c Author: Colm O hEigeartaighAuthored: Tue Dec 20 15:39:54 2016 + Committer: Colm O hEigeartaigh Committed: Tue Dec 20 15:39:54 2016 + -- .../samlsso/src/test/resources/realmb/entities-realmb.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/483e6a34/systests/federation/samlsso/src/test/resources/realmb/entities-realmb.xml -- diff --git a/systests/federation/samlsso/src/test/resources/realmb/entities-realmb.xml b/systests/federation/samlsso/src/test/resources/realmb/entities-realmb.xml index 4d73376..bfe086b 100644 --- a/systests/federation/samlsso/src/test/resources/realmb/entities-realmb.xml +++ b/systests/federation/samlsso/src/test/resources/realmb/entities-realmb.xml @@ -80,7 +80,7 @@ http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0; /> -https://localhost:${idp.https.port}/fediz-idp/saml; /> +https://localhost:${idp.https.port}/fediz-idp/federation; />
cxf git commit: Naming a jaxrs client state cleanup thread as proposed by Romain
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes e1d841c6b -> 6bb64ae83 Naming a jaxrs client state cleanup thread as proposed by Romain Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6bb64ae8 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6bb64ae8 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6bb64ae8 Branch: refs/heads/3.1.x-fixes Commit: 6bb64ae83daea6fb88a669142d7468730bd54f95 Parents: e1d841c Author: Sergey BeryozkinAuthored: Tue Dec 20 15:28:02 2016 + Committer: Sergey Beryozkin Committed: Tue Dec 20 15:28:52 2016 + -- .../java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/6bb64ae8/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java -- diff --git a/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java b/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java index 4458148..d6b4313 100644 --- a/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java +++ b/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java @@ -123,7 +123,9 @@ public class ThreadLocalClientState implements ClientState { prepareCheckpointMap(); long currentTime = System.currentTimeMillis(); checkpointMap.put(Thread.currentThread(), currentTime); -new CleanupThread(Thread.currentThread(), currentTime).start(); +Thread clThread = new CleanupThread(Thread.currentThread(), currentTime); +clThread.setName("Client state cleanup thread " + clThread.hashCode()); +clThread.start(); } } return cs;
cxf git commit: Naming a jaxrs client state cleanup thread as proposed by Romain
Repository: cxf Updated Branches: refs/heads/master 6173599f9 -> 29a85 Naming a jaxrs client state cleanup thread as proposed by Romain Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/29a8 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/29a8 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/29a8 Branch: refs/heads/master Commit: 29a85e5c3984563cbefb146f983d072967bb Parents: 6173599 Author: Sergey BeryozkinAuthored: Tue Dec 20 15:28:02 2016 + Committer: Sergey Beryozkin Committed: Tue Dec 20 15:28:02 2016 + -- .../java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/29a8/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java -- diff --git a/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java b/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java index 4458148..d6b4313 100644 --- a/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java +++ b/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ThreadLocalClientState.java @@ -123,7 +123,9 @@ public class ThreadLocalClientState implements ClientState { prepareCheckpointMap(); long currentTime = System.currentTimeMillis(); checkpointMap.put(Thread.currentThread(), currentTime); -new CleanupThread(Thread.currentThread(), currentTime).start(); +Thread clThread = new CleanupThread(Thread.currentThread(), currentTime); +clThread.setName("Client state cleanup thread " + clThread.hashCode()); +clThread.start(); } } return cs;
cxf-fediz git commit: FEDIZ-185 - Make one of passiveRequestorEndpoint or passiveRequestorEndpointConstraint mandatory in the IDP
Repository: cxf-fediz Updated Branches: refs/heads/master b94137a45 -> 25dcd2754 FEDIZ-185 - Make one of passiveRequestorEndpoint or passiveRequestorEndpointConstraint mandatory in the IDP Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/25dcd275 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/25dcd275 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/25dcd275 Branch: refs/heads/master Commit: 25dcd275443d84e9927f7ad7c980f46463d03009 Parents: b94137a Author: Colm O hEigeartaighAuthored: Tue Dec 20 15:27:28 2016 + Committer: Colm O hEigeartaigh Committed: Tue Dec 20 15:27:28 2016 + -- .../idp/beans/PassiveRequestorValidator.java| 34 +++--- .../idp/src/main/resources/entities-realmb.xml | 1 + .../test/resources/realmb/entities-realmb.xml | 3 +- .../test/resources/realmb/entities-realmb.xml | 1 + .../apache/cxf/fediz/systests/idp/IdpTest.java | 113 +++ .../test/resources/realma/entities-realma.xml | 37 ++ 6 files changed, 173 insertions(+), 16 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/25dcd275/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java -- diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java index 0393d4f..3f5be36 100644 --- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java +++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java @@ -47,26 +47,30 @@ public class PassiveRequestorValidator { Application serviceConfig = idpConfig.findApplication(realm); if (serviceConfig == null) { LOG.warn("No service config found for " + realm); -return true; +return false; } -// The endpointAddress address must match the passive endpoint requestor constraint -// (if it is specified) -if (serviceConfig.getCompiledPassiveRequestorEndpointConstraint() == null) { -LOG.warn("No passive requestor endpoint constraint is configured for the application. " -+ "This could lead to a malicious redirection attack"); -return true; -} - -Matcher matcher = - serviceConfig.getCompiledPassiveRequestorEndpointConstraint().matcher(endpointAddress); -if (!matcher.matches()) { -LOG.error("The endpointAddress value of {} does not match any of the passive requestor values", +if (serviceConfig.getPassiveRequestorEndpoint() == null +&& serviceConfig.getCompiledPassiveRequestorEndpointConstraint() == null) { +LOG.error("Either the 'passiveRequestorEndpoint' or the 'passiveRequestorEndpointConstraint' " ++ "configuration values must be specified for the application"); +} else if (serviceConfig.getPassiveRequestorEndpoint() != null +&& serviceConfig.getPassiveRequestorEndpoint().equals(endpointAddress)) { +LOG.debug("The supplied endpoint address {} matches the configured passive requestor endpoint value", endpointAddress); -return false; +return true; +} else if (serviceConfig.getCompiledPassiveRequestorEndpointConstraint() != null) { +Matcher matcher = + serviceConfig.getCompiledPassiveRequestorEndpointConstraint().matcher(endpointAddress); +if (matcher.matches()) { +return true; +} else { +LOG.error("The endpointAddress value of {} does not match any of the passive requestor values", + endpointAddress); +} } -return true; +return false; } } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/25dcd275/services/idp/src/main/resources/entities-realmb.xml -- diff --git a/services/idp/src/main/resources/entities-realmb.xml b/services/idp/src/main/resources/entities-realmb.xml index 02cd3ca..68fb3e8 100644 --- a/services/idp/src/main/resources/entities-realmb.xml +++ b/services/idp/src/main/resources/entities-realmb.xml @@ -85,6 +85,7 @@ http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0; /> +https://localhost:?(\d)*/.*" />
cxf git commit: Reflecting that the hybrid is a combination of authorization_code and implicit flows as per the dynreg spec, etc
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 713050c92 -> e1d841c6b Reflecting that the hybrid is a combination of authorization_code and implicit flows as per the dynreg spec, etc Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e1d841c6 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e1d841c6 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e1d841c6 Branch: refs/heads/3.1.x-fixes Commit: e1d841c6ba4b0cad5b90a584cb3eefac3f0cb9a9 Parents: 713050c Author: Sergey BeryozkinAuthored: Tue Dec 20 15:21:56 2016 + Committer: Sergey Beryozkin Committed: Tue Dec 20 15:22:50 2016 + -- .../oauth2/grants/code/AuthorizationCodeGrantHandler.java | 5 + .../apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java | 2 +- .../org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java | 2 +- .../java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java | 2 -- 4 files changed, 7 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/e1d841c6/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java index 97ba3dd..4e1121e 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java @@ -123,7 +123,12 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler { throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); } } +// Make sure the client supports the authorization code in cases where +// the implicit/hybrid service was initiating the code grant processing flow +if (!client.getAllowedGrantTypes().isEmpty() && !client.getAllowedGrantTypes().contains(requestedGrant)) { +throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); +} // Delegate to the data provider to create the one AccessTokenRegistration reg = new AccessTokenRegistration(); reg.setGrantCode(grant.getCode()); http://git-wip-us.apache.org/repos/asf/cxf/blob/e1d841c6/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java -- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java index 08d6735..f7ed11f 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java @@ -46,7 +46,7 @@ public class IdTokenResponseFilter extends OAuthServerJoseJwtProducer implements public void process(ClientAccessToken ct, ServerAccessToken st) { if (st.getResponseType() != null && OidcUtils.CODE_AT_RESPONSE_TYPE.equals(st.getResponseType()) -&& OidcUtils.HYBRID_FLOW.equals(st.getGrantType())) { +&& OAuthConstants.IMPLICIT_GRANT.equals(st.getGrantType())) { // token post-processing as part of the current hybrid (implicit) flow // so no id_token is returned now - however when the code gets exchanged later on // this filter will add id_token to the returned access token http://git-wip-us.apache.org/repos/asf/cxf/blob/e1d841c6/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java -- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java index 708ad0a..3667389 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java @@ -44,7 +44,7 @@ public class OidcHybridService extends OidcImplicitService { this(false); } public
cxf git commit: Reflecting that the hybrid is a combination of authorization_code and implicit flows as per the dynreg spec, etc
Repository: cxf Updated Branches: refs/heads/master 052582d56 -> 6173599f9 Reflecting that the hybrid is a combination of authorization_code and implicit flows as per the dynreg spec, etc Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6173599f Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6173599f Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6173599f Branch: refs/heads/master Commit: 6173599f9306602fa756924eb04ea0cd87ce5010 Parents: 052582d Author: Sergey BeryozkinAuthored: Tue Dec 20 15:21:56 2016 + Committer: Sergey Beryozkin Committed: Tue Dec 20 15:21:56 2016 + -- .../oauth2/grants/code/AuthorizationCodeGrantHandler.java | 5 + .../apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java | 2 +- .../org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java | 2 +- .../java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java | 2 -- 4 files changed, 7 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/6173599f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java index 7da48ef..7e65c07 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java @@ -123,7 +123,12 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler { throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); } } +// Make sure the client supports the authorization code in cases where +// the implicit/hybrid service was initiating the code grant processing flow +if (!client.getAllowedGrantTypes().isEmpty() && !client.getAllowedGrantTypes().contains(requestedGrant)) { +throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); +} // Delegate to the data provider to create the one AccessTokenRegistration reg = new AccessTokenRegistration(); reg.setGrantCode(grant.getCode()); http://git-wip-us.apache.org/repos/asf/cxf/blob/6173599f/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java -- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java index 08d6735..f7ed11f 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java @@ -46,7 +46,7 @@ public class IdTokenResponseFilter extends OAuthServerJoseJwtProducer implements public void process(ClientAccessToken ct, ServerAccessToken st) { if (st.getResponseType() != null && OidcUtils.CODE_AT_RESPONSE_TYPE.equals(st.getResponseType()) -&& OidcUtils.HYBRID_FLOW.equals(st.getGrantType())) { +&& OAuthConstants.IMPLICIT_GRANT.equals(st.getGrantType())) { // token post-processing as part of the current hybrid (implicit) flow // so no id_token is returned now - however when the code gets exchanged later on // this filter will add id_token to the returned access token http://git-wip-us.apache.org/repos/asf/cxf/blob/6173599f/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java -- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java index 708ad0a..3667389 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java @@ -44,7 +44,7 @@ public class OidcHybridService extends OidcImplicitService { this(false); } public
[3/4] cxf-fediz git commit: Enabling CSRF test
Enabling CSRF test Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/e6e05c8f Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/e6e05c8f Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/e6e05c8f Branch: refs/heads/1.2.x-fixes Commit: e6e05c8f1b9ee3b551ebf03751d9230999cb1005 Parents: dd58983 Author: Colm O hEigeartaighAuthored: Tue Dec 20 10:29:07 2016 + Committer: Colm O hEigeartaigh Committed: Tue Dec 20 11:16:13 2016 + -- .../java/org/apache/cxf/fediz/integrationtests/AbstractTests.java | 1 - 1 file changed, 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e6e05c8f/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java -- diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java index 883e2ca..cdbf815 100644 --- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java +++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java @@ -677,7 +677,6 @@ public abstract class AbstractTests { } @org.junit.Test -@org.junit.Ignore public void testCSRFAttack() throws Exception { String url = "https://localhost:; + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; csrfAttackTest(url);
[2/4] cxf-fediz git commit: Fixing CSRF test
Fixing CSRF test Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/dd589831 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/dd589831 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/dd589831 Branch: refs/heads/1.2.x-fixes Commit: dd589831ced42254d6174a01e5ab148e61ce08d1 Parents: d56286f Author: Colm O hEigeartaighAuthored: Tue Dec 20 10:20:59 2016 + Committer: Colm O hEigeartaigh Committed: Tue Dec 20 11:16:04 2016 + -- .../org/apache/cxf/fediz/integrationtests/AbstractTests.java| 5 + 1 file changed, 1 insertion(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/dd589831/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java -- diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java index 30d99d3..883e2ca 100644 --- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java +++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java @@ -738,10 +738,7 @@ public abstract class AbstractTests { } try { -HtmlPage rpPage2 = webClient.getPage(request); -String bodyTextContent = rpPage2.getBody().getTextContent(); -Assert.assertTrue("Principal not " + user, - bodyTextContent.contains("userPrincipal=" + user)); +webClient.getPage(request); Assert.fail("Failure expected on a CSRF attack"); } catch (FailingHttpStatusCodeException ex) { // expected
[4/4] cxf-fediz git commit: Save the context from the sign in request
Save the context from the sign in request Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/f1aef377 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/f1aef377 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/f1aef377 Branch: refs/heads/1.2.x-fixes Commit: f1aef37787f829293d239e62b7a83a53d366494a Parents: e6e05c8 Author: Colm O hEigeartaighAuthored: Tue Dec 20 10:41:17 2016 + Committer: Colm O hEigeartaigh Committed: Tue Dec 20 11:16:41 2016 + -- .../fediz/jetty/FederationAuthenticator.java| 27 1 file changed, 22 insertions(+), 5 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f1aef377/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java -- diff --git a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java index 9b2c684..779d047 100644 --- a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java +++ b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java @@ -87,6 +87,7 @@ public class FederationAuthenticator extends LoginAuthenticator { public static final String J_URI = "org.eclipse.jetty.security.form_URI"; public static final String J_POST = "org.eclipse.jetty.security.form_POST"; +public static final String J_CONTEXT = "org.eclipse.jetty.security.form_CONTEXT"; private static final Logger LOG = Log.getLogger(FederationAuthenticator.class); @@ -248,13 +249,19 @@ public class FederationAuthenticator extends LoginAuthenticator { { session=renewSession(request,response); -FederationUserIdentity fui = (FederationUserIdentity)user; -session.setAttribute(SECURITY_TOKEN_ATTR, fui.getToken()); - // Redirect to original request String nuri; synchronized(session) { +// Check the context +String savedContext = (String) session.getAttribute(J_CONTEXT); +String receivedContext = request.getParameter(FederationConstants.PARAM_CONTEXT); +if (savedContext == null || !savedContext.equals(receivedContext)) { +LOG.warn("The received wctx parameter does not match the saved value"); + response.sendError(HttpServletResponse.SC_FORBIDDEN); +return Authentication.UNAUTHENTICATED; +} + nuri = (String) session.getAttribute(J_URI); if (nuri == null || nuri.length() == 0) @@ -267,6 +274,10 @@ public class FederationAuthenticator extends LoginAuthenticator { Authentication cached=new SessionAuthentication(getAuthMethod(), user, wfRes); session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached); } + +FederationUserIdentity fui = (FederationUserIdentity)user; +session.setAttribute(SECURITY_TOKEN_ATTR, fui.getToken()); + response.setContentLength(0); response.sendRedirect(response.encodeRedirectURL(nuri)); @@ -279,6 +290,7 @@ public class FederationAuthenticator extends LoginAuthenticator { } if (response != null) { response.sendError(HttpServletResponse.SC_FORBIDDEN); +return Authentication.UNAUTHENTICATED; } } @@ -394,7 +406,7 @@ public class FederationAuthenticator extends LoginAuthenticator { FedizProcessor wfProc = FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol()); -signInRedirectToIssuer(request, response, wfProc); +signInRedirectToIssuer(request, response, wfProc, session); return Authentication.SEND_CONTINUE; @@ -482,12 +494,13 @@ public class FederationAuthenticator extends LoginAuthenticator { *Response we are populating * @param processor *FederationProcessor + * @param session The HTTPSession * @throws IOException *
[1/4] cxf-fediz git commit: Minor change to Spring plugins
Repository: cxf-fediz Updated Branches: refs/heads/1.2.x-fixes 73a11b5f2 -> f1aef3778 Minor change to Spring plugins Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/d56286f7 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/d56286f7 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/d56286f7 Branch: refs/heads/1.2.x-fixes Commit: d56286f7da0110b38e1a71363d8a2f31daa66f51 Parents: 73a11b5 Author: Colm O hEigeartaighAuthored: Tue Dec 20 09:33:22 2016 + Committer: Colm O hEigeartaigh Committed: Tue Dec 20 11:15:56 2016 + -- .../cxf/fediz/spring/web/FederationAuthenticationFilter.java | 2 +- .../cxf/fediz/spring/web/FederationAuthenticationFilter.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d56286f7/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java -- diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java index c18d238..3f172e5 100644 --- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java +++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java @@ -69,7 +69,7 @@ public class FederationAuthenticationFilter extends AbstractAuthenticationProces FedizRequest wfReq = new FedizRequest(); wfReq.setAction(wa); wfReq.setResponseToken(responseToken); -wfReq.setState(request.getParameter(SAMLSSOConstants.RELAY_STATE)); +wfReq.setState(getState(request)); wfReq.setRequest(request); X509Certificate certs[] = http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d56286f7/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java -- diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java index 7727c27..827d4fb 100644 --- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java +++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java @@ -118,7 +118,7 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter { FedizRequest wfReq = new FedizRequest(); wfReq.setAction(wa); wfReq.setResponseToken(responseToken); -wfReq.setState(request.getParameter(SAMLSSOConstants.RELAY_STATE)); +wfReq.setState(getState(request)); wfReq.setRequest(request); X509Certificate certs[] =
[3/4] cxf-fediz git commit: Enabling CSRF test
Enabling CSRF test Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/a271c790 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/a271c790 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/a271c790 Branch: refs/heads/1.3.x-fixes Commit: a271c7905d80e046c54bd542dc35719af1e1485a Parents: e44c6a6 Author: Colm O hEigeartaighAuthored: Tue Dec 20 10:29:07 2016 + Committer: Colm O hEigeartaigh Committed: Tue Dec 20 10:58:13 2016 + -- .../java/org/apache/cxf/fediz/integrationtests/AbstractTests.java | 1 - 1 file changed, 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a271c790/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java -- diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java index c4e76eb..d33e212 100644 --- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java +++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java @@ -733,7 +733,6 @@ public abstract class AbstractTests { } @org.junit.Test -@org.junit.Ignore public void testCSRFAttack() throws Exception { String url = "https://localhost:; + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; csrfAttackTest(url);
[1/4] cxf-fediz git commit: Minor change to Spring plugins
Repository: cxf-fediz Updated Branches: refs/heads/1.3.x-fixes aa66ed453 -> aaeea60c7 Minor change to Spring plugins Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/41f078c0 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/41f078c0 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/41f078c0 Branch: refs/heads/1.3.x-fixes Commit: 41f078c0c2fa25833b55c8efd882a82edb7a264a Parents: aa66ed4 Author: Colm O hEigeartaighAuthored: Tue Dec 20 09:33:22 2016 + Committer: Colm O hEigeartaigh Committed: Tue Dec 20 10:58:01 2016 + -- .../cxf/fediz/spring/web/FederationAuthenticationFilter.java | 2 +- .../cxf/fediz/spring/web/FederationAuthenticationFilter.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/41f078c0/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java -- diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java index c18d238..3f172e5 100644 --- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java +++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java @@ -69,7 +69,7 @@ public class FederationAuthenticationFilter extends AbstractAuthenticationProces FedizRequest wfReq = new FedizRequest(); wfReq.setAction(wa); wfReq.setResponseToken(responseToken); -wfReq.setState(request.getParameter(SAMLSSOConstants.RELAY_STATE)); +wfReq.setState(getState(request)); wfReq.setRequest(request); X509Certificate certs[] = http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/41f078c0/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java -- diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java index 6011c37..154aab1 100644 --- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java +++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java @@ -118,7 +118,7 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter { FedizRequest wfReq = new FedizRequest(); wfReq.setAction(wa); wfReq.setResponseToken(responseToken); -wfReq.setState(request.getParameter(SAMLSSOConstants.RELAY_STATE)); +wfReq.setState(getState(request)); wfReq.setRequest(request); X509Certificate certs[] =
[2/4] cxf-fediz git commit: Fixing CSRF test
Fixing CSRF test Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/e44c6a67 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/e44c6a67 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/e44c6a67 Branch: refs/heads/1.3.x-fixes Commit: e44c6a67ecc9d2c47a49ebb30f9e6ba248ccaf0e Parents: 41f078c Author: Colm O hEigeartaighAuthored: Tue Dec 20 10:20:59 2016 + Committer: Colm O hEigeartaigh Committed: Tue Dec 20 10:58:06 2016 + -- .../org/apache/cxf/fediz/integrationtests/AbstractTests.java| 5 + 1 file changed, 1 insertion(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e44c6a67/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java -- diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java index 5908db8..c4e76eb 100644 --- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java +++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java @@ -794,10 +794,7 @@ public abstract class AbstractTests { } try { -HtmlPage rpPage2 = webClient.getPage(request); -String bodyTextContent = rpPage2.getBody().getTextContent(); -Assert.assertTrue("Principal not " + user, - bodyTextContent.contains("userPrincipal=" + user)); +webClient.getPage(request); Assert.fail("Failure expected on a CSRF attack"); } catch (FailingHttpStatusCodeException ex) { // expected
[4/4] cxf-fediz git commit: Save the context from the sign in request
Save the context from the sign in request Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/aaeea60c Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/aaeea60c Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/aaeea60c Branch: refs/heads/1.3.x-fixes Commit: aaeea60c7edae9973134c868c1d49c67d658e6c3 Parents: a271c79 Author: Colm O hEigeartaighAuthored: Tue Dec 20 10:41:17 2016 + Committer: Colm O hEigeartaigh Committed: Tue Dec 20 10:58:20 2016 + -- .../fediz/jetty8/FederationAuthenticator.java | 27 .../fediz/jetty9/FederationAuthenticator.java | 27 2 files changed, 44 insertions(+), 10 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/aaeea60c/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java -- diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java index dfeab1d..56656a0 100644 --- a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java +++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java @@ -84,6 +84,7 @@ public class FederationAuthenticator extends LoginAuthenticator { public static final String J_URI = "org.eclipse.jetty.security.form_URI"; public static final String J_POST = "org.eclipse.jetty.security.form_POST"; +public static final String J_CONTEXT = "org.eclipse.jetty.security.form_CONTEXT"; private static final Logger LOG = Log.getLogger(FederationAuthenticator.class); @@ -222,13 +223,19 @@ public class FederationAuthenticator extends LoginAuthenticator { { session=renewSession(request,response); -FederationUserIdentity fui = (FederationUserIdentity)user; -session.setAttribute(SECURITY_TOKEN_ATTR, fui.getToken()); - // Redirect to original request String nuri; synchronized(session) { +// Check the context +String savedContext = (String) session.getAttribute(J_CONTEXT); +String receivedContext = request.getParameter(FederationConstants.PARAM_CONTEXT); +if (savedContext == null || !savedContext.equals(receivedContext)) { +LOG.warn("The received wctx parameter does not match the saved value"); + response.sendError(HttpServletResponse.SC_FORBIDDEN); +return Authentication.UNAUTHENTICATED; +} + nuri = (String) session.getAttribute(J_URI); if (nuri == null || nuri.length() == 0) @@ -241,6 +248,10 @@ public class FederationAuthenticator extends LoginAuthenticator { Authentication cached=new SessionAuthentication(getAuthMethod(), user, wfRes); session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached); } + +FederationUserIdentity fui = (FederationUserIdentity)user; +session.setAttribute(SECURITY_TOKEN_ATTR, fui.getToken()); + response.setContentLength(0); response.sendRedirect(response.encodeRedirectURL(nuri)); @@ -253,6 +264,7 @@ public class FederationAuthenticator extends LoginAuthenticator { } if (response != null) { response.sendError(HttpServletResponse.SC_FORBIDDEN); +return Authentication.UNAUTHENTICATED; } } @@ -369,7 +381,7 @@ public class FederationAuthenticator extends LoginAuthenticator { FedizProcessor wfProc = FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol()); -signInRedirectToIssuer(request, response, wfProc); +signInRedirectToIssuer(request, response, wfProc, session); return Authentication.SEND_CONTINUE; @@ -445,12 +457,13 @@ public class FederationAuthenticator extends LoginAuthenticator { *Response we are populating * @param processor *
[3/4] cxf-fediz git commit: Enabling CSRF test
Enabling CSRF test Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/24d993e2 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/24d993e2 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/24d993e2 Branch: refs/heads/master Commit: 24d993e22513109f6d69c177e6e11d9171746c54 Parents: a6f7a69 Author: Colm O hEigeartaighAuthored: Tue Dec 20 10:29:07 2016 + Committer: Colm O hEigeartaigh Committed: Tue Dec 20 10:29:07 2016 + -- .../java/org/apache/cxf/fediz/integrationtests/AbstractTests.java | 1 - 1 file changed, 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/24d993e2/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java -- diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java index c4e76eb..d33e212 100644 --- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java +++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java @@ -733,7 +733,6 @@ public abstract class AbstractTests { } @org.junit.Test -@org.junit.Ignore public void testCSRFAttack() throws Exception { String url = "https://localhost:; + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; csrfAttackTest(url);
[1/4] cxf-fediz git commit: Minor change to Spring plugins
Repository: cxf-fediz Updated Branches: refs/heads/master 84856d7a6 -> b94137a45 Minor change to Spring plugins Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/811da0cb Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/811da0cb Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/811da0cb Branch: refs/heads/master Commit: 811da0cbd9f67c9a01a905c84852e817512306fd Parents: 84856d7 Author: Colm O hEigeartaighAuthored: Tue Dec 20 09:33:22 2016 + Committer: Colm O hEigeartaigh Committed: Tue Dec 20 09:33:22 2016 + -- .../cxf/fediz/spring/web/FederationAuthenticationFilter.java | 2 +- .../cxf/fediz/spring/web/FederationAuthenticationFilter.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/811da0cb/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java -- diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java index c18d238..3f172e5 100644 --- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java +++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java @@ -69,7 +69,7 @@ public class FederationAuthenticationFilter extends AbstractAuthenticationProces FedizRequest wfReq = new FedizRequest(); wfReq.setAction(wa); wfReq.setResponseToken(responseToken); -wfReq.setState(request.getParameter(SAMLSSOConstants.RELAY_STATE)); +wfReq.setState(getState(request)); wfReq.setRequest(request); X509Certificate certs[] = http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/811da0cb/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java -- diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java index 6011c37..154aab1 100644 --- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java +++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java @@ -118,7 +118,7 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter { FedizRequest wfReq = new FedizRequest(); wfReq.setAction(wa); wfReq.setResponseToken(responseToken); -wfReq.setState(request.getParameter(SAMLSSOConstants.RELAY_STATE)); +wfReq.setState(getState(request)); wfReq.setRequest(request); X509Certificate certs[] =
[2/4] cxf-fediz git commit: Fixing CSRF test
Fixing CSRF test Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/a6f7a69a Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/a6f7a69a Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/a6f7a69a Branch: refs/heads/master Commit: a6f7a69a457d7459ce65d09592a82c0d8d8aedc8 Parents: 811da0c Author: Colm O hEigeartaighAuthored: Tue Dec 20 10:20:59 2016 + Committer: Colm O hEigeartaigh Committed: Tue Dec 20 10:20:59 2016 + -- .../org/apache/cxf/fediz/integrationtests/AbstractTests.java| 5 + 1 file changed, 1 insertion(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a6f7a69a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java -- diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java index 5908db8..c4e76eb 100644 --- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java +++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java @@ -794,10 +794,7 @@ public abstract class AbstractTests { } try { -HtmlPage rpPage2 = webClient.getPage(request); -String bodyTextContent = rpPage2.getBody().getTextContent(); -Assert.assertTrue("Principal not " + user, - bodyTextContent.contains("userPrincipal=" + user)); +webClient.getPage(request); Assert.fail("Failure expected on a CSRF attack"); } catch (FailingHttpStatusCodeException ex) { // expected
[4/4] cxf-fediz git commit: Save the context from the sign in request
Save the context from the sign in request Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/b94137a4 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/b94137a4 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/b94137a4 Branch: refs/heads/master Commit: b94137a4592d7f8fdfa015af9241df5b749153bd Parents: 24d993e Author: Colm O hEigeartaighAuthored: Tue Dec 20 10:41:17 2016 + Committer: Colm O hEigeartaigh Committed: Tue Dec 20 10:41:17 2016 + -- .../fediz/jetty8/FederationAuthenticator.java | 27 .../fediz/jetty9/FederationAuthenticator.java | 27 2 files changed, 44 insertions(+), 10 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b94137a4/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java -- diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java index dfeab1d..56656a0 100644 --- a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java +++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java @@ -84,6 +84,7 @@ public class FederationAuthenticator extends LoginAuthenticator { public static final String J_URI = "org.eclipse.jetty.security.form_URI"; public static final String J_POST = "org.eclipse.jetty.security.form_POST"; +public static final String J_CONTEXT = "org.eclipse.jetty.security.form_CONTEXT"; private static final Logger LOG = Log.getLogger(FederationAuthenticator.class); @@ -222,13 +223,19 @@ public class FederationAuthenticator extends LoginAuthenticator { { session=renewSession(request,response); -FederationUserIdentity fui = (FederationUserIdentity)user; -session.setAttribute(SECURITY_TOKEN_ATTR, fui.getToken()); - // Redirect to original request String nuri; synchronized(session) { +// Check the context +String savedContext = (String) session.getAttribute(J_CONTEXT); +String receivedContext = request.getParameter(FederationConstants.PARAM_CONTEXT); +if (savedContext == null || !savedContext.equals(receivedContext)) { +LOG.warn("The received wctx parameter does not match the saved value"); + response.sendError(HttpServletResponse.SC_FORBIDDEN); +return Authentication.UNAUTHENTICATED; +} + nuri = (String) session.getAttribute(J_URI); if (nuri == null || nuri.length() == 0) @@ -241,6 +248,10 @@ public class FederationAuthenticator extends LoginAuthenticator { Authentication cached=new SessionAuthentication(getAuthMethod(), user, wfRes); session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached); } + +FederationUserIdentity fui = (FederationUserIdentity)user; +session.setAttribute(SECURITY_TOKEN_ATTR, fui.getToken()); + response.setContentLength(0); response.sendRedirect(response.encodeRedirectURL(nuri)); @@ -253,6 +264,7 @@ public class FederationAuthenticator extends LoginAuthenticator { } if (response != null) { response.sendError(HttpServletResponse.SC_FORBIDDEN); +return Authentication.UNAUTHENTICATED; } } @@ -369,7 +381,7 @@ public class FederationAuthenticator extends LoginAuthenticator { FedizProcessor wfProc = FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol()); -signInRedirectToIssuer(request, response, wfProc); +signInRedirectToIssuer(request, response, wfProc, session); return Authentication.SEND_CONTINUE; @@ -445,12 +457,13 @@ public class FederationAuthenticator extends LoginAuthenticator { *Response we are populating * @param processor *FederationProcessor +
[2/2] cxf git commit: Updating Karaf
Updating Karaf Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9ef8ec44 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9ef8ec44 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9ef8ec44 Branch: refs/heads/3.0.x-fixes Commit: 9ef8ec4406629feb0b7c2b61b6ab50a44279068d Parents: 3e7e78b Author: Colm O hEigeartaighAuthored: Tue Dec 20 10:42:21 2016 + Committer: Colm O hEigeartaigh Committed: Tue Dec 20 10:42:21 2016 + -- parent/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/9ef8ec44/parent/pom.xml -- diff --git a/parent/pom.xml b/parent/pom.xml index a223311..c3d1b8d 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -183,7 +183,7 @@ 1.3.1 [1.0,2) 4.2.0 -2.4.0 +2.4.4 1.6.0 3.4.0 2.0.5
[1/2] cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes cd83ad9d1 -> 9ef8ec440 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3e7e78b8 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3e7e78b8 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3e7e78b8 Branch: refs/heads/3.0.x-fixes Commit: 3e7e78b89d78b63fa16033bc0b44111b55f109d4 Parents: cd83ad9 Author: Colm O hEigeartaighAuthored: Tue Dec 20 10:42:14 2016 + Committer: Colm O hEigeartaigh Committed: Tue Dec 20 10:42:14 2016 + -- .gitmergeinfo | 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/3e7e78b8/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 81b4bae..649f7a8 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -52,6 +52,7 @@ B 0ba19453f17be19aa2e46848b1908f776a6abb64 B 0befccd8a70d7896d9210f554e19375e5d8cc168 B 0c0555f4ac850ec8e38302d73207170affe4376a B 0c542f82652995db0d7ce6681dafab086c178b13 +B 0c57565cd6f38a87e801d35dfb0a21c3752e8267 B 0c5d2b9fc11c4e2a0590dc3f3f64612be8dda074 B 0cad194ee50841f1c740097430780044fa1e9eaf B 0cdd2c03fed0ca51386312e1772ac49edccf1ae3 @@ -618,6 +619,7 @@ B 708f53f7af5a53003f642a4422d8c11de18f8889 B 70aceaa6f3b93f2a64abdc219fac242f5f0830ab B 70b32b7e8f672edfbcce459b4f6276efb1c56285 B 712e96428c926bf8aedce8eb91c33d79801dd636 +B 713050c921e146d81191686b3965529ab0583efb B 71488c6fa7635c88285214a0479379aafef9ed3c B 716531d62eaa8b1dde566e59e2a5ff0be1b2b33c B 71811014ff69c2d7a9d7b884a6eb360723b189d8
[2/2] cxf git commit: Updating Karaf
Updating Karaf Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/713050c9 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/713050c9 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/713050c9 Branch: refs/heads/3.1.x-fixes Commit: 713050c921e146d81191686b3965529ab0583efb Parents: 0c57565 Author: Colm O hEigeartaighAuthored: Tue Dec 20 10:41:42 2016 + Committer: Colm O hEigeartaigh Committed: Tue Dec 20 10:41:42 2016 + -- parent/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/713050c9/parent/pom.xml -- diff --git a/parent/pom.xml b/parent/pom.xml index 0755d21..c26f12c 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -179,7 +179,7 @@ 1.3.1 [1.0,2) 4.2.0 -3.0.6 +3.0.8 1.6.0 4.7.0 2.0.5
[1/2] cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 4aa1a5225 -> 713050c92 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0c57565c Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0c57565c Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0c57565c Branch: refs/heads/3.1.x-fixes Commit: 0c57565cd6f38a87e801d35dfb0a21c3752e8267 Parents: 4aa1a52 Author: Colm O hEigeartaighAuthored: Tue Dec 20 10:04:05 2016 + Committer: Colm O hEigeartaigh Committed: Tue Dec 20 10:04:05 2016 + -- .gitmergeinfo | 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/0c57565c/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index b874aeb..6d2e682 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -4,6 +4,7 @@ B 02d826d7ad223c75ad706c7b5443bd06ee6e2589 B 0336a2399b1980e04372c651368f8718f75a4f14 B 042d1dbe5f236125c77db8348bf66d4a3d4d2385 B 04d072e8494cb223c8f7b288776640dea68339d6 +B 052582d56a99d96773dffcc8d83e96c26030e7c3 B 057b2a6d5d85285446ff762bd3451a0e3e945d7a B 08e8316aa5c575d6117d20c4054405e1ea0e2887 B 09a3b58100c04cacf755509a0160ba01bbce769a @@ -60,6 +61,7 @@ B 502db47a7c520767da2977376be5cf2fce3f56af B 517ef67f1a69d386de44153e5e09d51cb47bf4d7 B 519a67dfa240471bb585929f263cd85051a9eb06 B 53a46205871434d8c47ed45822e078e5ad6d2c60 +B 540a1255be34c047c094f53461925d46c3ed058b B 54910695917fb63a11982a8dc96a3b4d088963c5 B 54b71171e89bb1be7d169ac91bb626c9c1ca293b B 56dab42caaf27e3bedf08cbb419d3644aeccb7af
[2/2] cxf git commit: Updating XJC
Updating XJC Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/052582d5 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/052582d5 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/052582d5 Branch: refs/heads/master Commit: 052582d56a99d96773dffcc8d83e96c26030e7c3 Parents: 540a125 Author: Colm O hEigeartaighAuthored: Tue Dec 20 09:20:18 2016 + Committer: Colm O hEigeartaigh Committed: Tue Dec 20 09:20:18 2016 + -- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/052582d5/pom.xml -- diff --git a/pom.xml b/pom.xml index c209fb3..50e1e40 100644 --- a/pom.xml +++ b/pom.xml @@ -44,7 +44,7 @@ false 3.2.1 -3.0.5 +3.1.0 1.8 UTF-8 scp://people.apache.org/www/cxf.apache.org/maven-site
[1/2] cxf git commit: Updating Karaf
Repository: cxf Updated Branches: refs/heads/master 0e391a6a0 -> 052582d56 Updating Karaf Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/540a1255 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/540a1255 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/540a1255 Branch: refs/heads/master Commit: 540a1255be34c047c094f53461925d46c3ed058b Parents: 0e391a6 Author: Colm O hEigeartaighAuthored: Mon Dec 19 10:04:23 2016 + Committer: Colm O hEigeartaigh Committed: Tue Dec 20 09:20:06 2016 + -- parent/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/540a1255/parent/pom.xml -- diff --git a/parent/pom.xml b/parent/pom.xml index 668d60c..f22ba05 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -179,7 +179,7 @@ 1.3.1 [1.0,2) 4.2.0 -4.0.6 +4.0.8 1.6.0 4.7.0 2.0.5
buildbot success in on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building . Full details are available at: https://ci.apache.org/builders/cxf-site-production/builds/12937 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
buildbot failure in on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building . Full details are available at: https://ci.apache.org/builders/cxf-site-production/builds/12936 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot