Author: anil.saldhana(a)jboss.com Date: 2009-07-23 17:20:03 -0400 (Thu, 23 Jul 2009) New Revision: 656 Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java Log: JBID-143: use the validate method value Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-07-23 20:00:07 UTC (rev 655) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-07-23 21:20:03 UTC (rev 656) @@ -23,6 +23,7 @@ import java.io.IOException; import java.io.InputStream; +import java.security.GeneralSecurityException; import java.security.Principal; import java.util.List; @@ -150,7 +151,10 @@ try { requestAbstractType = webRequestUtil.getSAMLRequest(samlMessage); - this.validate(request); + boolean isValid = this.validate(request); + if(!isValid) + throw new GeneralSecurityException("Validation check failed"); + webRequestUtil.isTrusted(requestAbstractType.getIssuer().getValue()); List<String> roles = rg.generateRoles(userPrincipal); @@ -193,6 +197,14 @@ JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), this.identityURL); } + catch(GeneralSecurityException e) + { + log.trace(e); + responseType = + webRequestUtil.getErrorResponse(referer, + JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), + this.identityURL); + } finally { try @@ -338,7 +350,7 @@ started = false; } - protected boolean validate(Request request) + protected boolean validate(Request request) throws GeneralSecurityException { return request.getParameter("SAMLRequest") != null; }