protected boolean validateAudienceRestrictions()

in plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java [127:152]

• 21 lines of code
• 10 McCabe index (conditional complexity)

    protected boolean validateAudienceRestrictions(String audience, String requestURL) {
        // Validate the AudienceRestriction in Security Token (e.g. SAML)
        // validate against the configured list of audienceURIs
        List<String> audienceURIs = fedizContext.getAudienceUris();
        boolean validAudience = audienceURIs.isEmpty() && audience == null;
        if (!validAudience && audience != null) {

            for (String a : audienceURIs) {
                if (audience.startsWith(a)) {
                    validAudience = true;
                    LOG.debug("Token audience matches with valid URIs.");
                    break;
                }
            }

            if (!validAudience) {
                LOG.warn("Token AudienceRestriction [{}] doesn't match with specified list of URIs.", audience);
                LOG.debug("Authenticated URIs are: {}", audienceURIs);
            }

            if (LOG.isDebugEnabled() && requestURL != null && requestURL.indexOf(audience) == -1) {
                LOG.debug("Token AudienceRestriction doesn't match with request URL [{}]  [{}]", audience, requestURL);
            }
        }
        return validAudience;
    }