dive4elements/river: gwt-client/src/main/java/org/dive4elements/river/client/server/auth/saml/Assertion.java comparison

comparison gwt-client/src/main/java/org/dive4elements/river/client/server/auth/saml/Assertion.java @ 8839:2c8259176c46

Add configurable time tolerance to SAML ticket validation. This allows e.g. to account for time skew between the ISP and the server this servlet is run on.

author	Tom Gottfried <tom@intevation.de>
date	Wed, 28 Jun 2017 20:09:53 +0200
parents	238fc722f87a
children	0a5239a1e46e

comparison

equal deleted inserted replaced

-:1fa03f3c9d3d
+:2c8259176c46
 "urn:conterra:names:sdi-suite:policy:attribute:group-id";
 private static final String ATTR_CONT_GROUP_NAME =
 "urn:conterra:names:sdi-suite:policy:attribute:group-name";
 private static final String ATTR_CONT_ROLE =
 "urn:conterra:names:sdi-suite:policy:attribute:role";
 public Assertion(Element assertion) {
 this.assertion = assertion;
 this.roles = new LinkedList<String>();
 this.parseCondition();
 /**
 * Returns whether the ticket to which the assertion belongs is
 * valid at the time the method is called. The method returns true,
 * if both dates (notbefore and notonorafter) have been determined
-* successfully and the current date/time is between both.
+* successfully and the current date/time is between both (with given
+* tolerance).
 * @return Whether the ticket is valid now.
 */
-public boolean isValidNow() {
+public boolean isValidNow(int timeEps) {
 Date now = new Date();
 return (this.notbefore != null && this.notonorafter != null
-&& now.after(this.notbefore)
+&& now.after(new Date(this.notbefore.getTime() - timeEps))
-&& !this.notonorafter.before(now));
+&& now.before(new Date(this.notonorafter.getTime() + timeEps)));
 }
 }
 // vim: set fileencoding=utf-8 ts=4 sw=4 et si tw=80:

Mercurial > dive4elements > river

comparison gwt-client/src/main/java/org/dive4elements/river/client/server/auth/saml/Assertion.java @ 8839:2c8259176c46