Mercurial > dive4elements > river
comparison gwt-client/src/main/java/org/dive4elements/river/client/server/auth/saml/Assertion.java @ 8839:2c8259176c46
Add configurable time tolerance to SAML ticket validation.
This allows e.g. to account for time skew between the ISP and
the server this servlet is run on.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Wed, 28 Jun 2017 20:09:53 +0200 |
parents | 238fc722f87a |
children | 0a5239a1e46e |
comparison
equal
deleted
inserted
replaced
8838:1fa03f3c9d3d | 8839:2c8259176c46 |
---|---|
45 "urn:conterra:names:sdi-suite:policy:attribute:group-id"; | 45 "urn:conterra:names:sdi-suite:policy:attribute:group-id"; |
46 private static final String ATTR_CONT_GROUP_NAME = | 46 private static final String ATTR_CONT_GROUP_NAME = |
47 "urn:conterra:names:sdi-suite:policy:attribute:group-name"; | 47 "urn:conterra:names:sdi-suite:policy:attribute:group-name"; |
48 private static final String ATTR_CONT_ROLE = | 48 private static final String ATTR_CONT_ROLE = |
49 "urn:conterra:names:sdi-suite:policy:attribute:role"; | 49 "urn:conterra:names:sdi-suite:policy:attribute:role"; |
50 | |
51 | 50 |
52 public Assertion(Element assertion) { | 51 public Assertion(Element assertion) { |
53 this.assertion = assertion; | 52 this.assertion = assertion; |
54 this.roles = new LinkedList<String>(); | 53 this.roles = new LinkedList<String>(); |
55 this.parseCondition(); | 54 this.parseCondition(); |
172 | 171 |
173 /** | 172 /** |
174 * Returns whether the ticket to which the assertion belongs is | 173 * Returns whether the ticket to which the assertion belongs is |
175 * valid at the time the method is called. The method returns true, | 174 * valid at the time the method is called. The method returns true, |
176 * if both dates (notbefore and notonorafter) have been determined | 175 * if both dates (notbefore and notonorafter) have been determined |
177 * successfully and the current date/time is between both. | 176 * successfully and the current date/time is between both (with given |
177 * tolerance). | |
178 * @return Whether the ticket is valid now. | 178 * @return Whether the ticket is valid now. |
179 */ | 179 */ |
180 public boolean isValidNow() { | 180 public boolean isValidNow(int timeEps) { |
181 Date now = new Date(); | 181 Date now = new Date(); |
182 return (this.notbefore != null && this.notonorafter != null | 182 return (this.notbefore != null && this.notonorafter != null |
183 && now.after(this.notbefore) | 183 && now.after(new Date(this.notbefore.getTime() - timeEps)) |
184 && !this.notonorafter.before(now)); | 184 && now.before(new Date(this.notonorafter.getTime() + timeEps))); |
185 } | 185 } |
186 } | 186 } |
187 // vim: set fileencoding=utf-8 ts=4 sw=4 et si tw=80: | 187 // vim: set fileencoding=utf-8 ts=4 sw=4 et si tw=80: |