Skip to content
Permalink
Browse files Browse the repository at this point in the history
Adding some audience restriction tests
  • Loading branch information
coheigea committed Jun 3, 2016
1 parent d30ea58 commit 0006581
Show file tree
Hide file tree
Showing 5 changed files with 618 additions and 3 deletions.
Expand Up @@ -85,7 +85,7 @@ public void init() {

public List<String> getAudienceUris() {
if (config.getAudienceUris() == null) {
return new ArrayList<String>();
return Collections.emptyList();
}
return config.getAudienceUris().getAudienceItem();
}
Expand Down
Expand Up @@ -72,7 +72,10 @@ public T handleRequest(HttpServletRequest request, HttpServletResponse response)
// process and validate the token
try {
FedizResponse federationResponse = processSigninRequest(responseToken, request, response);
validateAudienceRestrictions(federationResponse.getAudience(), request.getRequestURL().toString());
if (!validateAudienceRestrictions(federationResponse.getAudience(),
request.getRequestURL().toString())) {
return null;
}
LOG.debug("RSTR validated successfully");
return createPrincipal(request, response, federationResponse);
} catch (ProcessingException e) {
Expand Down Expand Up @@ -111,7 +114,7 @@ public FedizResponse processSigninRequest(String responseToken, HttpServletReque

protected boolean validateAudienceRestrictions(String audience, String requestURL) {
// Validate the AudienceRestriction in Security Token (e.g. SAML)
// validate against the configured list of audienceURIs
// validate against the configured list of audienceURIs
List<String> audienceURIs = fedizContext.getAudienceUris();
boolean validAudience = audienceURIs.isEmpty() && audience == null;
if (!validAudience && audience != null) {
Expand Down

0 comments on commit 0006581

Please sign in to comment.