cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1301018 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/ services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/ services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/ servi...
Date Thu, 15 Mar 2012 14:53:38 GMT
Author: coheigea
Date: Thu Mar 15 14:53:38 2012
New Revision: 1301018

URL: http://svn.apache.org/viewvc?rev=1301018&view=rev
Log:
Some updates relating to caching security tokens in the STS

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SCTRenewer.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java?rev=1301018&r1=1301017&r2=1301018&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
Thu Mar 15 14:53:38 2012
@@ -369,6 +369,23 @@ public class SecurityToken implements Se
     public Date getExpires() {
         return expires;
     }
+    
+    /**
+     * Return whether this SecurityToken is expired or not
+     */
+    public boolean isExpired() {
+        if (state == State.EXPIRED) {
+            return true;
+        }
+        if (expires != null) {
+            Date rightNow = new Date();
+            if (expires.before(rightNow)) {
+                state = State.EXPIRED;
+                return true;
+            }
+        }
+        return false;
+    }
 
     /**
      * @param expires The expires to set.

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java?rev=1301018&r1=1301017&r2=1301018&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
Thu Mar 15 14:53:38 2012
@@ -21,6 +21,7 @@ package org.apache.cxf.sts.token.provide
 
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -125,7 +126,11 @@ public class SAMLTokenProvider implement
             
             // set the token in cache
             if (tokenParameters.getTokenStore() != null) {
-                SecurityToken securityToken = new SecurityToken(assertion.getId());
+                Date expires = new Date();
+                long currentTime = expires.getTime();
+                expires.setTime(currentTime + (conditionsProvider.getLifetime() * 1000L));
+                
+                SecurityToken securityToken = new SecurityToken(assertion.getId(), null,
expires);
                 securityToken.setToken(token);
                 securityToken.setPrincipal(tokenParameters.getPrincipal());
                 int hash = 0;
@@ -142,8 +147,8 @@ public class SAMLTokenProvider implement
                     props.setProperty(STSConstants.TOKEN_REALM, tokenParameters.getRealm());
                     securityToken.setProperties(props);
                 }
-                Integer timeToLive = (int)(conditionsProvider.getLifetime() * 1000);
-                tokenParameters.getTokenStore().add(securityToken, timeToLive);
+                int ttl = (int)conditionsProvider.getLifetime();
+                tokenParameters.getTokenStore().add(securityToken, ttl);
             }
             
             TokenProviderResponse response = new TokenProviderResponse();

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java?rev=1301018&r1=1301017&r2=1301018&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java
Thu Mar 15 14:53:38 2012
@@ -19,6 +19,7 @@
 
 package org.apache.cxf.sts.token.provider;
 
+import java.util.Date;
 import java.util.Properties;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -130,7 +131,14 @@ public class SCTProvider implements Toke
             response.setComputedKey(keyHandler.isComputedKey());
             
             // putting the secret key into the cache
-            SecurityToken token = new SecurityToken(sct.getIdentifier());
+            Date expires = null;
+            if (lifetime > 0) {
+                expires = new Date();
+                long currentTime = expires.getTime();
+                expires.setTime(currentTime + (lifetime * 1000L));
+            }
+            
+            SecurityToken token = new SecurityToken(sct.getIdentifier(), null, expires);
             token.setSecret(keyHandler.getSecret());
             token.setPrincipal(tokenParameters.getPrincipal());
             if (tokenParameters.getRealm() != null) {
@@ -147,7 +155,7 @@ public class SCTProvider implements Toke
             } else {
                 tokenParameters.getTokenStore().add(token);
             }
-            
+
             // Create the references
             TokenReference attachedReference = new TokenReference();
             attachedReference.setIdentifier(sct.getID());

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SCTRenewer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SCTRenewer.java?rev=1301018&r1=1301017&r2=1301018&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SCTRenewer.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SCTRenewer.java
Thu Mar 15 14:53:38 2012
@@ -20,6 +20,7 @@
 package org.apache.cxf.sts.token.renewer;
 
 import java.util.Arrays;
+import java.util.Date;
 import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -126,19 +127,17 @@ public class SCTRenewer implements Token
                 tokenParameters.getTokenStore().remove(token);
                 
                 // Create a new token corresponding to the old token
-                SecurityToken newToken = new SecurityToken(identifier);
+                Date expires = new Date();
+                long currentTime = expires.getTime();
+                expires.setTime(currentTime + (lifetime * 1000L));
+                
+                SecurityToken newToken = new SecurityToken(identifier, null, expires);
                 newToken.setPrincipal(token.getPrincipal());
                 newToken.setSecret(token.getSecret());
                 if (token.getProperties() != null) {
                     newToken.setProperties(token.getProperties());
                 }
-                
-                if (lifetime > 0) {
-                    Integer lifetimeInteger = new Integer(Long.valueOf(lifetime).intValue());
-                    tokenParameters.getTokenStore().add(newToken, lifetimeInteger);
-                } else {
-                    tokenParameters.getTokenStore().add(newToken);
-                }
+                tokenParameters.getTokenStore().add(newToken);
                 
                 response.setTokenRenewed(true);
                 response.setRenewedToken(sct.getElement());

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java?rev=1301018&r1=1301017&r2=1301018&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
Thu Mar 15 14:53:38 2012
@@ -153,6 +153,11 @@ public class SAMLTokenValidator implemen
                     secToken = tokenParameters.getTokenStore().getTokenByAssociatedHash(hash);
                 }
             }
+            if (secToken != null && secToken.isExpired()) {
+                LOG.fine("Token: " + secToken.getId() + " is in the cache but expired - revalidating");
+                secToken = null;
+            }
+            
             if (secToken == null) {
                 if (!assertion.isSigned()) {
                     LOG.log(Level.WARNING, "The received assertion is not signed, and therefore
not trusted");

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java?rev=1301018&r1=1301017&r2=1301018&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
Thu Mar 15 14:53:38 2012
@@ -107,6 +107,10 @@ public class SCTValidator implements Tok
                     LOG.fine("Identifier: " + identifier + " is not found in the cache");
                     return response;
                 }
+                if (token.isExpired()) {
+                    LOG.fine("Token: " + identifier + " is in the cache but expired");
+                    return response;
+                }
                 byte[] secret = token.getSecret();
                 Map<String, Object> properties = new HashMap<String, Object>();
                 properties.put(SCT_VALIDATOR_SECRET, secret);



Mime
View raw message