Skip to content

Commit 0006581

Browse files
committed
Adding some audience restriction tests
1 parent d30ea58 commit 0006581

File tree

5 files changed

+618
-3
lines changed

5 files changed

+618
-3
lines changed

Diff for: plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,7 @@ public void init() {
8585

8686
public List<String> getAudienceUris() {
8787
if (config.getAudienceUris() == null) {
88-
return new ArrayList<String>();
88+
return Collections.emptyList();
8989
}
9090
return config.getAudienceUris().getAudienceItem();
9191
}

Diff for: plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java

+5-2
Original file line numberDiff line numberDiff line change
@@ -72,7 +72,10 @@ public T handleRequest(HttpServletRequest request, HttpServletResponse response)
7272
// process and validate the token
7373
try {
7474
FedizResponse federationResponse = processSigninRequest(responseToken, request, response);
75-
validateAudienceRestrictions(federationResponse.getAudience(), request.getRequestURL().toString());
75+
if (!validateAudienceRestrictions(federationResponse.getAudience(),
76+
request.getRequestURL().toString())) {
77+
return null;
78+
}
7679
LOG.debug("RSTR validated successfully");
7780
return createPrincipal(request, response, federationResponse);
7881
} catch (ProcessingException e) {
@@ -111,7 +114,7 @@ public FedizResponse processSigninRequest(String responseToken, HttpServletReque
111114

112115
protected boolean validateAudienceRestrictions(String audience, String requestURL) {
113116
// Validate the AudienceRestriction in Security Token (e.g. SAML)
114-
// validate against the configured list of audienceURIs
117+
// validate against the configured list of audienceURIs
115118
List<String> audienceURIs = fedizContext.getAudienceUris();
116119
boolean validAudience = audienceURIs.isEmpty() && audience == null;
117120
if (!validAudience && audience != null) {

0 commit comments

Comments
 (0)