Skip to content

Use java.time instead of joda-time#374

Merged
gkhaburzaniya-onelogin merged 2 commits intoSAML-Toolkits:exclude-joda-timefrom
maruTA-bis5:201-exclude-joda-time
Nov 18, 2022
Merged

Use java.time instead of joda-time#374
gkhaburzaniya-onelogin merged 2 commits intoSAML-Toolkits:exclude-joda-timefrom
maruTA-bis5:201-exclude-joda-time

Conversation

@maruTA-bis5
Copy link
Copy Markdown
Contributor

@maruTA-bis5 maruTA-bis5 commented Jan 17, 2022

fix #201

@maruTA-bis5
Copy link
Copy Markdown
Contributor Author

maruTA-bis5 commented Sep 21, 2022

I'm sorry for lack of activity.

I've rebased onto the latest master and mvn clean package is passed locally.
But, mvn clean verify failed caused by these error.

[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.3.1:check (default) on project java-saml-core: 
[ERROR] 
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0': 
[ERROR] 
[ERROR] jackson-databind-2.12.5.jar: CVE-2020-36518
[ERROR] 
[ERROR] See the dependency-check report for more details.

AFAIK, It can be fixed by #390.

Thanks.

haavar
haavar reviewed Sep 21, 2022
View reviewed changes
Comment thread core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java
if (sessionExpiration != null) {
sessionExpiration = sessionExpiration.plus(Constants.ALOWED_CLOCK_DRIFT * 1000);
if (sessionExpiration.isEqualNow() || sessionExpiration.isBeforeNow()) {
sessionExpiration = ChronoUnit.SECONDS.addTo(sessionExpiration, Constants.ALOWED_CLOCK_DRIFT);
Copy link
Copy Markdown

@haavar haavar Sep 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seem like this pattern repeat a lot. Think it would be good to make isOnOrAfterNow(Instant) and isBeforeNow(Instant) methods to the util class. The methods would account for the allowed clock drift.

It would make the code more readable.

@gkhaburzaniya-onelogin gkhaburzaniya-onelogin changed the base branch from master to exclude-joda-time November 18, 2022 23:06
@gkhaburzaniya-onelogin gkhaburzaniya-onelogin merged commit 9531b5d into SAML-Toolkits:exclude-joda-time Nov 18, 2022
@sbluhm sbluhm mentioned this pull request Nov 19, 2022
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@haavar haavar haavar left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Consider Java8 and/or jodatime exclusion

3 participants

@maruTA-bis5 @haavar @gkhaburzaniya-onelogin