cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r752238 - in /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security: policy/interceptors/SecureConversationInInterceptor.java tokenstore/MemoryTokenStore.java tokenstore/TokenStore.java
Date Tue, 10 Mar 2009 20:16:23 GMT
Author: dkulp
Date: Tue Mar 10 20:16:22 2009
New Revision: 752238

URL: http://svn.apache.org/viewvc?rev=752238&view=rev
Log:
Make sure expired and cancelled tokens get cleaned up.

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=752238&r1=752237&r2=752238&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
Tue Mar 10 20:16:22 2009
@@ -124,9 +124,7 @@
                 
                 Object s = message.getContextualProperty(SecurityConstants.STS_TOKEN_DO_CANCEL);
                 if (s != null && (Boolean.TRUE.equals(s) || "true".equalsIgnoreCase(s.toString())))
{
-                    SecureConversationToken tok = (SecureConversationToken)ais.iterator()
-                        .next().getAssertion();
-                    doCancel(message, aim, tok);
+                    message.getInterceptorChain().add(SecureConversationCancelInterceptor.INSTANCE);
                 }
                 return;
             }
@@ -210,50 +208,6 @@
             }
         }
     }
-    private void doCancel(SoapMessage message, AssertionInfoMap aim, SecureConversationToken
itok) {
-        Message m2 = message.getExchange().getOutMessage();
-        
-        SecurityToken tok = (SecurityToken)m2.getContextualProperty(SecurityConstants.TOKEN);
-        if (tok == null) {
-            String tokId = (String)m2.getContextualProperty(SecurityConstants.TOKEN_ID);
-            if (tokId != null) {
-                tok = SecureConversationTokenInterceptorProvider
-                    .getTokenStore(m2).getToken(tokId);
-            }
-        }
-
-        STSClient client = SecureConversationTokenInterceptorProvider.getClient(m2);
-        AddressingProperties maps =
-            (AddressingProperties)message
-                .get("javax.xml.ws.addressing.context.inbound");
-        if (maps == null) {
-            maps = (AddressingProperties)m2
-                .get("javax.xml.ws.addressing.context");
-        }
-        
-        synchronized (client) {
-            try {
-                SecureConversationTokenInterceptorProvider
-                    .setupClient(client, message, aim, itok, true);
-
-                if (maps != null) {
-                    client.setAddressingNamespace(maps.getNamespaceURI());
-                }
-                client.cancelSecurityToken(tok);
-            } catch (RuntimeException e) {
-                throw e;
-            } catch (Exception e) {
-                throw new Fault(e);
-            } finally {
-                client.setTrust((Trust10)null);
-                client.setTrust((Trust13)null);
-                client.setTemplate(null);
-                client.setLocation(null);
-                client.setAddressingNamespace(null);
-            }
-        }
-
-    }
     private void recalcEffectivePolicy(SoapMessage message, 
                                        String namespace,
                                        Policy policy) {
@@ -530,6 +484,83 @@
             }
         }
     }
+    
+    static class SecureConversationCancelInterceptor extends AbstractPhaseInterceptor<SoapMessage>
{
+        static final SecureConversationCancelInterceptor INSTANCE = new SecureConversationCancelInterceptor();
+        
+        public SecureConversationCancelInterceptor() {
+            super(Phase.POST_LOGICAL);
+        }
+        
+        public void handleMessage(SoapMessage message) throws Fault {
+            // TODO Auto-generated method stub
+            
+            AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+            // extract Assertion information
+            if (aim == null) {
+                return;
+            }
+            Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN);
+            if (ais == null || ais.isEmpty()) {
+                return;
+            }
+            
+            SecureConversationToken tok = (SecureConversationToken)ais.iterator()
+                .next().getAssertion();
+            doCancel(message, aim, tok);
+
+        }
+        private void doCancel(SoapMessage message, AssertionInfoMap aim, SecureConversationToken
itok) {
+            Message m2 = message.getExchange().getOutMessage();
+            
+            SecurityToken tok = (SecurityToken)m2.getContextualProperty(SecurityConstants.TOKEN);
+            if (tok == null) {
+                String tokId = (String)m2.getContextualProperty(SecurityConstants.TOKEN_ID);
+                if (tokId != null) {
+                    tok = SecureConversationTokenInterceptorProvider
+                        .getTokenStore(m2).getToken(tokId);
+                }
+            }
+
+            STSClient client = SecureConversationTokenInterceptorProvider.getClient(m2);
+            AddressingProperties maps =
+                (AddressingProperties)message
+                    .get("javax.xml.ws.addressing.context.inbound");
+            if (maps == null) {
+                maps = (AddressingProperties)m2
+                    .get("javax.xml.ws.addressing.context");
+            }
+            
+            synchronized (client) {
+                try {
+                    SecureConversationTokenInterceptorProvider
+                        .setupClient(client, message, aim, itok, true);
+
+                    if (maps != null) {
+                        client.setAddressingNamespace(maps.getNamespaceURI());
+                    }
+                    
+                    client.cancelSecurityToken(tok);
+                    SecureConversationTokenInterceptorProvider
+                        .getTokenStore(m2).remove(tok);
+                } catch (RuntimeException e) {
+                    throw e;
+                } catch (Exception e) {
+                    throw new Fault(e);
+                } finally {
+                    client.setTrust((Trust10)null);
+                    client.setTrust((Trust13)null);
+                    client.setTemplate(null);
+                    client.setLocation(null);
+                    client.setAddressingNamespace(null);
+                }
+            }
+
+        }
+
+        
+    }
+    
 
     
 }
\ No newline at end of file

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java?rev=752238&r1=752237&r2=752238&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
Tue Mar 10 20:16:22 2009
@@ -27,12 +27,14 @@
 
 
 import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken.State;
 
 /**
  * 
  */
 public class MemoryTokenStore implements TokenStore {
-
+    boolean autoRemove = true;
+    
     Map<String, SecurityToken> tokens = new ConcurrentHashMap<String, SecurityToken>();
     
     /** {@inheritDoc}*/
@@ -44,7 +46,18 @@
 
     /** {@inheritDoc}*/
     public void update(SecurityToken token) {
-        add(token);
+        if (autoRemove 
+            && (token.getState() == State.EXPIRED
+                || token.getState() == State.CANCELLED)) {
+            remove(token);
+        } else {
+            add(token);
+        }
+    }
+    public void remove(SecurityToken token) {
+        if (token != null && !StringUtils.isEmpty(token.getId())) {
+            tokens.remove(token.getId());
+        }
     }
 
     public Collection<SecurityToken> getCancelledTokens() {
@@ -57,6 +70,7 @@
         return getTokens(SecurityToken.State.RENEWED);
     }
     public Collection<String> getTokenIdentifiers() {
+        processTokenExpiry();        
         return tokens.keySet();
     }
 
@@ -94,14 +108,43 @@
     }
 
     protected void processTokenExpiry() {
+        long time = System.currentTimeMillis();
         for (SecurityToken token : tokens.values()) {
-            if (token.getExpires() != null 
-                && token.getExpires().getTimeInMillis() < System.currentTimeMillis())
{
+            if (token.getState() == State.EXPIRED
+                || token.getState() == State.CANCELLED) {
+                if (autoRemove) {
+                    remove(token);
+                }
+            } else if (token.getExpires() != null 
+                && token.getExpires().getTimeInMillis() < time) {
                 token.setState(SecurityToken.State.EXPIRED);
+                if (autoRemove) {
+                    remove(token);
+                }
             }            
         }
     }
-    
 
+
+    public void removeCancelledTokens() {
+        for (SecurityToken token : tokens.values()) {
+            if (token.getState() == State.CANCELLED) {
+                remove(token);
+            }
+        }
+    }
+
+    public void removeExpiredTokens() {
+        processTokenExpiry();
+        for (SecurityToken token : tokens.values()) {
+            if (token.getState() == State.EXPIRED) {
+                remove(token);
+            }
+        }
+    }
+
+    public void setAutoRemoveTokens(boolean auto) {
+        autoRemove = auto;
+    }
     
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java?rev=752238&r1=752237&r2=752238&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java
Tue Mar 10 20:16:22 2009
@@ -39,6 +39,11 @@
     void update(SecurityToken token);
     
     /**
+     * Remove an existing token.
+     */
+    void remove(SecurityToken token);
+    
+    /**
      * Return the list of all token identifiers.
      * @return As array of token identifiers
      */
@@ -76,4 +81,25 @@
      * @return The requested <code>Token</code> identified by the give id
      */
     SecurityToken getToken(String id);
+    
+    
+    
+    /**
+     * Removes all expired tokens.  
+     */
+    void removeExpiredTokens();
+    
+    /**
+     * Removes all cancelled tokens.
+     */
+    void removeCancelledTokens();
+    
+    /**
+     * Controls whether the store will automatically remove cancelled and expired 
+     * tokens.  If true, calls to getCancelledTokens() and getExpiredTokens() 
+     * will never return value;
+     * @param auto
+     */
+    void setAutoRemoveTokens(boolean auto);
+    
 }



Mime
View raw message