Mercurial > dive4elements > river
diff gwt-client/src/main/java/org/dive4elements/river/client/server/auth/saml/Assertion.java @ 8839:2c8259176c46
Add configurable time tolerance to SAML ticket validation.
This allows e.g. to account for time skew between the ISP and
the server this servlet is run on.
| author | Tom Gottfried <tom@intevation.de> |
|---|---|
| date | Wed, 28 Jun 2017 20:09:53 +0200 |
| parents | 238fc722f87a |
| children | 0a5239a1e46e |
line wrap: on
line diff
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/saml/Assertion.java Tue May 30 12:51:42 2017 +0200 +++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/saml/Assertion.java Wed Jun 28 20:09:53 2017 +0200 @@ -48,7 +48,6 @@ private static final String ATTR_CONT_ROLE = "urn:conterra:names:sdi-suite:policy:attribute:role"; - public Assertion(Element assertion) { this.assertion = assertion; this.roles = new LinkedList<String>(); @@ -174,14 +173,15 @@ * Returns whether the ticket to which the assertion belongs is * valid at the time the method is called. The method returns true, * if both dates (notbefore and notonorafter) have been determined - * successfully and the current date/time is between both. + * successfully and the current date/time is between both (with given + * tolerance). * @return Whether the ticket is valid now. */ - public boolean isValidNow() { + public boolean isValidNow(int timeEps) { Date now = new Date(); return (this.notbefore != null && this.notonorafter != null - && now.after(this.notbefore) - && !this.notonorafter.before(now)); + && now.after(new Date(this.notbefore.getTime() - timeEps)) + && now.before(new Date(this.notonorafter.getTime() + timeEps))); } } // vim: set fileencoding=utf-8 ts=4 sw=4 et si tw=80: