cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1301040 - in /cxf/branches/2.5.x-fixes: rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/ services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/ services/sts/sts-core/src/main/java/org/apache/cxf/sts/token...
Date Thu, 15 Mar 2012 15:20:33 GMT
Author: coheigea
Date: Thu Mar 15 15:20:32 2012
New Revision: 1301040

URL: http://svn.apache.org/viewvc?rev=1301040&view=rev
Log:
Some updates relating to caching security tokens in the STS


Conflicts:

	services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SCTRenewer.java
	services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java

Modified:
    cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
    cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
    cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java
    cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
    cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java

Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java?rev=1301040&r1=1301039&r2=1301040&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
Thu Mar 15 15:20:32 2012
@@ -369,6 +369,23 @@ public class SecurityToken implements Se
     public Date getExpires() {
         return expires;
     }
+    
+    /**
+     * Return whether this SecurityToken is expired or not
+     */
+    public boolean isExpired() {
+        if (state == State.EXPIRED) {
+            return true;
+        }
+        if (expires != null) {
+            Date rightNow = new Date();
+            if (expires.before(rightNow)) {
+                state = State.EXPIRED;
+                return true;
+            }
+        }
+        return false;
+    }
 
     /**
      * @param expires The expires to set.

Modified: cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java?rev=1301040&r1=1301039&r2=1301040&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
(original)
+++ cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
Thu Mar 15 15:20:32 2012
@@ -21,6 +21,7 @@ package org.apache.cxf.sts.token.provide
 
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -125,7 +126,11 @@ public class SAMLTokenProvider implement
             
             // set the token in cache
             if (tokenParameters.getTokenStore() != null) {
-                SecurityToken securityToken = new SecurityToken(assertion.getId());
+                Date expires = new Date();
+                long currentTime = expires.getTime();
+                expires.setTime(currentTime + (conditionsProvider.getLifetime() * 1000L));
+                
+                SecurityToken securityToken = new SecurityToken(assertion.getId(), null,
expires);
                 securityToken.setToken(token);
                 securityToken.setPrincipal(tokenParameters.getPrincipal());
                 int hash = 0;
@@ -142,8 +147,8 @@ public class SAMLTokenProvider implement
                     props.setProperty(STSConstants.TOKEN_REALM, tokenParameters.getRealm());
                     securityToken.setProperties(props);
                 }
-                Integer timeToLive = (int)(conditionsProvider.getLifetime() * 1000);
-                tokenParameters.getTokenStore().add(securityToken, timeToLive);
+                int ttl = (int)conditionsProvider.getLifetime();
+                tokenParameters.getTokenStore().add(securityToken, ttl);
             }
             
             TokenProviderResponse response = new TokenProviderResponse();

Modified: cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java?rev=1301040&r1=1301039&r2=1301040&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java
(original)
+++ cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java
Thu Mar 15 15:20:32 2012
@@ -19,6 +19,7 @@
 
 package org.apache.cxf.sts.token.provider;
 
+import java.util.Date;
 import java.util.Properties;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -130,7 +131,14 @@ public class SCTProvider implements Toke
             response.setComputedKey(keyHandler.isComputedKey());
             
             // putting the secret key into the cache
-            SecurityToken token = new SecurityToken(sct.getIdentifier());
+            Date expires = null;
+            if (lifetime > 0) {
+                expires = new Date();
+                long currentTime = expires.getTime();
+                expires.setTime(currentTime + (lifetime * 1000L));
+            }
+            
+            SecurityToken token = new SecurityToken(sct.getIdentifier(), null, expires);
             token.setSecret(keyHandler.getSecret());
             token.setPrincipal(tokenParameters.getPrincipal());
             if (tokenParameters.getRealm() != null) {
@@ -147,7 +155,7 @@ public class SCTProvider implements Toke
             } else {
                 tokenParameters.getTokenStore().add(token);
             }
-            
+
             // Create the references
             TokenReference attachedReference = new TokenReference();
             attachedReference.setIdentifier(sct.getID());

Modified: cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java?rev=1301040&r1=1301039&r2=1301040&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
(original)
+++ cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
Thu Mar 15 15:20:32 2012
@@ -151,6 +151,11 @@ public class SAMLTokenValidator implemen
                     secToken = tokenParameters.getTokenStore().getTokenByAssociatedHash(hash);
                 }
             }
+            if (secToken != null && secToken.isExpired()) {
+                LOG.fine("Token: " + secToken.getId() + " is in the cache but expired - revalidating");
+                secToken = null;
+            }
+            
             if (secToken == null) {
                 if (!assertion.isSigned()) {
                     LOG.log(Level.WARNING, "The received assertion is not signed, and therefore
not trusted");

Modified: cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java?rev=1301040&r1=1301039&r2=1301040&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
(original)
+++ cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
Thu Mar 15 15:20:32 2012
@@ -107,7 +107,11 @@ public class SCTValidator implements Tok
                     LOG.fine("Identifier: " + identifier + " is not found in the cache");
                     return response;
                 }
-                byte[] secret = (byte[])token.getSecret();
+                if (token.isExpired()) {
+                    LOG.fine("Token: " + identifier + " is in the cache but expired");
+                    return response;
+                }
+                byte[] secret = token.getSecret();
                 Map<String, Object> properties = new HashMap<String, Object>();
                 properties.put(SCT_VALIDATOR_SECRET, secret);
                 response.setAdditionalProperties(properties);



Mime
View raw message