Mercurial > dive4elements > river

diff gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java @ 8839:2c8259176c46

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add configurable time tolerance to SAML ticket validation. This allows e.g. to account for time skew between the ISP and the server this servlet is run on.
author Tom Gottfried <tom@intevation.de>
date Wed, 28 Jun 2017 20:09:53 +0200
parents 5aff82e77ec3
children 5e38e2924c07
line wrap: on
line diff
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java	Tue May 30 12:51:42 2017 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java	Wed Jun 28 20:09:53 2017 +0200
@@ -45,10 +45,11 @@
     private String password;
     private Features features;
     private String trustedKeyFile;
+    private String timeEpsilon;
 
 
     public Response(HttpEntity entity, String username, String password,
-                    Features features, String trustedKeyFile)
+            Features features, String trustedKeyFile, String timeEpsilon)
         throws AuthenticationException, IOException {
 
         if (entity == null) {
@@ -80,6 +81,7 @@
         this.password = password;
         this.features = features;
         this.trustedKeyFile = trustedKeyFile;
+        this.timeEpsilon = timeEpsilon;
     }
 
     @Override
@@ -97,8 +99,9 @@
     public Assertion getAssertion() {
         if (this.assertion == null && this.root != null) {
             try {
+                int timeEps = Integer.parseInt(this.timeEpsilon);
                 TicketValidator validator =
-                    new TicketValidator(this.trustedKeyFile);
+                    new TicketValidator(this.trustedKeyFile, timeEps);
                 this.assertion = validator.checkTicket(this.root);
             }
             catch (Exception e) {
http://dive4elements.wald.intevation.org