/** * Sets the flag that instructs the realm verifier to enforce validation * of the return URL agains the endpoints discovered from the RP's realm. */ public void setEnforceRpId(boolean enforceRpId) { _realmVerifier.setEnforceRpId(enforceRpId); }
public RealmVerifier getRealmVerifierForServer() { return new RealmVerifier(true, _yadisResolver); } }
/** * Non-public constructor. Use a {@link RealmVerifierFactory} to * create a {@link RealmVerifier}. */ RealmVerifier(boolean isOP, YadisResolver yadisResolver) { _deniedRealmDomains = new ArrayList(); addDeniedRealmDomain("\\*\\.[^\\.]+"); addDeniedRealmDomain("\\*\\.[a-z]{2}\\.[a-z]{2}"); _yadisResolver = yadisResolver; _enforceRpId = true; _isOP = isOP; }
if (isDeniedRealmDomain(realmDomain)) { _log.warn("Blacklisted realm domain: " + realmDomain); return DENIED_REALM; if (!domainMatch(realmDomain, returnToUrl.getHost())) { if (DEBUG) { _log.debug("Realm verification failed: " + if (!portMatch(realmUrl, returnToUrl)) { if (DEBUG) { _log.debug("Realm verification failed: " + if (!pathMatch(realmUrl, returnToUrl)) { if (DEBUG) { _log.debug("Realm verification failed: " +
public int validate(String realm, String returnTo, boolean compatibility, boolean enforceRpId) { int result; // 1. match the return_to against the realm result = match(realm, returnTo); if (OK != result) { _log.error("Return URL: " + returnTo + " does not match realm: " + realm); return result; } // 2. match the return_to against RP endpoints discovered from the realm if (!compatibility && enforceRpId) { result = validateRpId(realm, returnTo); if (OK != result) { _log.error("Failed to validate return URL: " + returnTo + " against endpoints discovered from the RP's realm."); } } else if (!compatibility && !enforceRpId && _isOP) { _log.warn("RP discovery / realm validation disabled; " + "this option SHOULD be enabled for OPs"); } return result; }
public void setDeniedRealmDomains(List deniedRealmDomains) { _deniedRealmDomains = deniedRealmDomains; compileDeniedRealms(); }
/** * Gets the flag that instructs the realm verifier to enforce validation * of the return URL agains the endpoints discovered from the RP's realm. */ public boolean getEnforceRpId() { return _realmVerifier.getEnforceRpId(); }
if (OK == match(endpointUrl, returnTo))
if (isDeniedRealmDomain(realmDomain)) if (!domainMatch(realmDomain, returnToUrl.getHost())) if (!portMatch(realmUrl, returnToUrl)) if (!pathMatch(realmUrl, returnToUrl))
public int validate(String realm, String returnTo, boolean compatibility, boolean enforceRpId) { int result; // 1. match the return_to against the realm result = match(realm, returnTo); if (OK != result) { _log.error("Return URL: " + returnTo + " does not match realm: " + realm); return result; } // 2. match the return_to against RP endpoints discovered from the realm if ( ! compatibility && enforceRpId) { result = validateRpId(realm, returnTo); if (OK != result) _log.error("Failed to validate return URL: " + returnTo + " against endpoints discovered from the RP's realm."); } else if ( ! compatibility && ! enforceRpId && _isOP) { _log.warn("RP discovery / realm validation disabled; " + "this option SHOULD be enabled for OPs"); } return result; }
public void setDeniedRealmDomains(List deniedRealmDomains) { _deniedRealmDomains = deniedRealmDomains; compileDeniedRealms(); }
/** * Gets the flag that instructs the realm verifier to enforce validation * of the return URL agains the endpoints discovered from the RP's realm. */ public boolean getEnforceRpId() { return _realmVerifier.getEnforceRpId(); }
if (OK == match(endpointUrl, returnTo)) { _log.info("Return URL: " + returnTo + " matched discovered RP endpoint: " + endpointUrl);
if (isDeniedRealmDomain(realmDomain)) if (!domainMatch(realmDomain, returnToUrl.getHost())) if (!portMatch(realmUrl, returnToUrl)) if (!pathMatch(realmUrl, returnToUrl))
public int validate(String realm, String returnTo, boolean compatibility, boolean enforceRpId) { int result; // 1. match the return_to against the realm result = match(realm, returnTo); if (OK != result) { _log.error("Return URL: " + returnTo + " does not match realm: " + realm); return result; } // 2. match the return_to against RP endpoints discovered from the realm if ( ! compatibility && enforceRpId) { result = validateRpId(realm, returnTo); if (OK != result) _log.error("Failed to validate return URL: " + returnTo + " against endpoints discovered from the RP's realm."); } else if ( ! compatibility && ! enforceRpId && _isOP) { _log.warn("RP discovery / realm validation disabled; " + "this option SHOULD be enabled for OPs"); } return result; }
/** * Sets the flag that instructs the realm verifier to enforce validation * of the return URL agains the endpoints discovered from the RP's realm. */ public void setEnforceRpId(boolean enforceRpId) { _realmVerifier.setEnforceRpId(enforceRpId); }
public void setDeniedRealmDomains(List deniedRealmDomains) { _deniedRealmDomains = deniedRealmDomains; compileDeniedRealms(); }
public RealmVerifier getRealmVerifierForServer() { return new RealmVerifier(true, _yadisResolver); } }
/** * Gets the flag that instructs the realm verifier to enforce validation * of the return URL agains the endpoints discovered from the RP's realm. */ public boolean getEnforceRpId() { return _realmVerifier.getEnforceRpId(); }
/** * Non-public constructor. Use a {@link RealmVerifierFactory} to * create a {@link RealmVerifier}. */ RealmVerifier(boolean isOP, YadisResolver yadisResolver) { _deniedRealmDomains = new ArrayList(); addDeniedRealmDomain("\\*\\.[^\\.]+"); addDeniedRealmDomain("\\*\\.[a-z]{2}\\.[a-z]{2}"); _yadisResolver = yadisResolver; _enforceRpId = true; _isOP = isOP; }