Return-Path: Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: (qmail 90172 invoked from network); 10 Mar 2009 20:16:48 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 10 Mar 2009 20:16:48 -0000 Received: (qmail 62790 invoked by uid 500); 10 Mar 2009 20:16:47 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 62749 invoked by uid 500); 10 Mar 2009 20:16:47 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 62740 invoked by uid 99); 10 Mar 2009 20:16:47 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Mar 2009 13:16:47 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Mar 2009 20:16:45 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 0A34223889B2; Tue, 10 Mar 2009 20:16:24 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r752238 - in /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security: policy/interceptors/SecureConversationInInterceptor.java tokenstore/MemoryTokenStore.java tokenstore/TokenStore.java Date: Tue, 10 Mar 2009 20:16:23 -0000 To: commits@cxf.apache.org From: dkulp@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20090310201624.0A34223889B2@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: dkulp Date: Tue Mar 10 20:16:22 2009 New Revision: 752238 URL: http://svn.apache.org/viewvc?rev=752238&view=rev Log: Make sure expired and cancelled tokens get cleaned up. Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=752238&r1=752237&r2=752238&view=diff ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java (original) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java Tue Mar 10 20:16:22 2009 @@ -124,9 +124,7 @@ Object s = message.getContextualProperty(SecurityConstants.STS_TOKEN_DO_CANCEL); if (s != null && (Boolean.TRUE.equals(s) || "true".equalsIgnoreCase(s.toString()))) { - SecureConversationToken tok = (SecureConversationToken)ais.iterator() - .next().getAssertion(); - doCancel(message, aim, tok); + message.getInterceptorChain().add(SecureConversationCancelInterceptor.INSTANCE); } return; } @@ -210,50 +208,6 @@ } } } - private void doCancel(SoapMessage message, AssertionInfoMap aim, SecureConversationToken itok) { - Message m2 = message.getExchange().getOutMessage(); - - SecurityToken tok = (SecurityToken)m2.getContextualProperty(SecurityConstants.TOKEN); - if (tok == null) { - String tokId = (String)m2.getContextualProperty(SecurityConstants.TOKEN_ID); - if (tokId != null) { - tok = SecureConversationTokenInterceptorProvider - .getTokenStore(m2).getToken(tokId); - } - } - - STSClient client = SecureConversationTokenInterceptorProvider.getClient(m2); - AddressingProperties maps = - (AddressingProperties)message - .get("javax.xml.ws.addressing.context.inbound"); - if (maps == null) { - maps = (AddressingProperties)m2 - .get("javax.xml.ws.addressing.context"); - } - - synchronized (client) { - try { - SecureConversationTokenInterceptorProvider - .setupClient(client, message, aim, itok, true); - - if (maps != null) { - client.setAddressingNamespace(maps.getNamespaceURI()); - } - client.cancelSecurityToken(tok); - } catch (RuntimeException e) { - throw e; - } catch (Exception e) { - throw new Fault(e); - } finally { - client.setTrust((Trust10)null); - client.setTrust((Trust13)null); - client.setTemplate(null); - client.setLocation(null); - client.setAddressingNamespace(null); - } - } - - } private void recalcEffectivePolicy(SoapMessage message, String namespace, Policy policy) { @@ -530,6 +484,83 @@ } } } + + static class SecureConversationCancelInterceptor extends AbstractPhaseInterceptor { + static final SecureConversationCancelInterceptor INSTANCE = new SecureConversationCancelInterceptor(); + + public SecureConversationCancelInterceptor() { + super(Phase.POST_LOGICAL); + } + + public void handleMessage(SoapMessage message) throws Fault { + // TODO Auto-generated method stub + + AssertionInfoMap aim = message.get(AssertionInfoMap.class); + // extract Assertion information + if (aim == null) { + return; + } + Collection ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN); + if (ais == null || ais.isEmpty()) { + return; + } + + SecureConversationToken tok = (SecureConversationToken)ais.iterator() + .next().getAssertion(); + doCancel(message, aim, tok); + + } + private void doCancel(SoapMessage message, AssertionInfoMap aim, SecureConversationToken itok) { + Message m2 = message.getExchange().getOutMessage(); + + SecurityToken tok = (SecurityToken)m2.getContextualProperty(SecurityConstants.TOKEN); + if (tok == null) { + String tokId = (String)m2.getContextualProperty(SecurityConstants.TOKEN_ID); + if (tokId != null) { + tok = SecureConversationTokenInterceptorProvider + .getTokenStore(m2).getToken(tokId); + } + } + + STSClient client = SecureConversationTokenInterceptorProvider.getClient(m2); + AddressingProperties maps = + (AddressingProperties)message + .get("javax.xml.ws.addressing.context.inbound"); + if (maps == null) { + maps = (AddressingProperties)m2 + .get("javax.xml.ws.addressing.context"); + } + + synchronized (client) { + try { + SecureConversationTokenInterceptorProvider + .setupClient(client, message, aim, itok, true); + + if (maps != null) { + client.setAddressingNamespace(maps.getNamespaceURI()); + } + + client.cancelSecurityToken(tok); + SecureConversationTokenInterceptorProvider + .getTokenStore(m2).remove(tok); + } catch (RuntimeException e) { + throw e; + } catch (Exception e) { + throw new Fault(e); + } finally { + client.setTrust((Trust10)null); + client.setTrust((Trust13)null); + client.setTemplate(null); + client.setLocation(null); + client.setAddressingNamespace(null); + } + } + + } + + + } + } \ No newline at end of file Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java?rev=752238&r1=752237&r2=752238&view=diff ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java (original) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java Tue Mar 10 20:16:22 2009 @@ -27,12 +27,14 @@ import org.apache.cxf.common.util.StringUtils; +import org.apache.cxf.ws.security.tokenstore.SecurityToken.State; /** * */ public class MemoryTokenStore implements TokenStore { - + boolean autoRemove = true; + Map tokens = new ConcurrentHashMap(); /** {@inheritDoc}*/ @@ -44,7 +46,18 @@ /** {@inheritDoc}*/ public void update(SecurityToken token) { - add(token); + if (autoRemove + && (token.getState() == State.EXPIRED + || token.getState() == State.CANCELLED)) { + remove(token); + } else { + add(token); + } + } + public void remove(SecurityToken token) { + if (token != null && !StringUtils.isEmpty(token.getId())) { + tokens.remove(token.getId()); + } } public Collection getCancelledTokens() { @@ -57,6 +70,7 @@ return getTokens(SecurityToken.State.RENEWED); } public Collection getTokenIdentifiers() { + processTokenExpiry(); return tokens.keySet(); } @@ -94,14 +108,43 @@ } protected void processTokenExpiry() { + long time = System.currentTimeMillis(); for (SecurityToken token : tokens.values()) { - if (token.getExpires() != null - && token.getExpires().getTimeInMillis() < System.currentTimeMillis()) { + if (token.getState() == State.EXPIRED + || token.getState() == State.CANCELLED) { + if (autoRemove) { + remove(token); + } + } else if (token.getExpires() != null + && token.getExpires().getTimeInMillis() < time) { token.setState(SecurityToken.State.EXPIRED); + if (autoRemove) { + remove(token); + } } } } - + + public void removeCancelledTokens() { + for (SecurityToken token : tokens.values()) { + if (token.getState() == State.CANCELLED) { + remove(token); + } + } + } + + public void removeExpiredTokens() { + processTokenExpiry(); + for (SecurityToken token : tokens.values()) { + if (token.getState() == State.EXPIRED) { + remove(token); + } + } + } + + public void setAutoRemoveTokens(boolean auto) { + autoRemove = auto; + } } Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java?rev=752238&r1=752237&r2=752238&view=diff ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java (original) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java Tue Mar 10 20:16:22 2009 @@ -39,6 +39,11 @@ void update(SecurityToken token); /** + * Remove an existing token. + */ + void remove(SecurityToken token); + + /** * Return the list of all token identifiers. * @return As array of token identifiers */ @@ -76,4 +81,25 @@ * @return The requested Token identified by the give id */ SecurityToken getToken(String id); + + + + /** + * Removes all expired tokens. + */ + void removeExpiredTokens(); + + /** + * Removes all cancelled tokens. + */ + void removeCancelledTokens(); + + /** + * Controls whether the store will automatically remove cancelled and expired + * tokens. If true, calls to getCancelledTokens() and getExpiredTokens() + * will never return value; + * @param auto + */ + void setAutoRemoveTokens(boolean auto); + }