cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1308337 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/ rt/ws/securi...
Date Mon, 02 Apr 2012 13:09:53 GMT
Author: coheigea
Date: Mon Apr  2 13:09:53 2012
New Revision: 1308337

URL: http://svn.apache.org/viewvc?rev=1308337&view=rev
Log:
[CXF-4219] - Switch to using EhCache for the SecurityToken caching solution in the cxf-rt-ws-security module

Added:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStore.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStoreFactory.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreFactory.java
Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/DefaultInMemoryTokenStore.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java
    cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/DefaultInMemoryTokenStoreTest.java
    cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/HazelCastTokenStoreTest.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1308337&r1=1308336&r2=1308337&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Mon Apr  2 13:09:53 2012
@@ -175,6 +175,14 @@ public final class SecurityConstants {
     public static final String CACHE_CONFIG_FILE = 
         "ws-security.cache.config.file";
     
+    /**
+     * The TokenStore instance to use to cache security tokens. By default this uses the
+     * EHCacheTokenStore if EhCache is available. Otherwise it uses the MemoryTokenStore.
+     */
+    public static final String TOKEN_STORE_CACHE_INSTANCE = 
+        "org.apache.cxf.ws.security.tokenstore.TokenStore";
+
+    
     public static final Set<String> ALL_PROPERTIES;
     
     static {
@@ -191,7 +199,7 @@ public final class SecurityConstants {
             KERBEROS_CLIENT, SCT_TOKEN_VALIDATOR, CACHE_ISSUED_TOKEN_IN_ENDPOINT,
             KERBEROS_JAAS_CONTEXT_NAME, KERBEROS_SPN, SPNEGO_CLIENT_ACTION,
             ENABLE_NONCE_CACHE, NONCE_CACHE_INSTANCE, ENABLE_TIMESTAMP_CACHE,
-            TIMESTAMP_CACHE_INSTANCE, CACHE_CONFIG_FILE
+            TIMESTAMP_CACHE_INSTANCE, CACHE_CONFIG_FILE, TOKEN_STORE_CACHE_INSTANCE
         }));
         ALL_PROPERTIES = Collections.unmodifiableSet(s);
     }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=1308337&r1=1308336&r2=1308337&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java Mon Apr  2 13:09:53 2012
@@ -47,9 +47,9 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.policy.model.IssuedToken;
 import org.apache.cxf.ws.security.policy.model.Trust10;
 import org.apache.cxf.ws.security.policy.model.Trust13;
-import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
 import org.apache.cxf.ws.security.trust.STSClient;
 import org.apache.cxf.ws.security.trust.STSUtils;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
@@ -93,15 +93,20 @@ public class IssuedTokenInterceptorProvi
     static final TokenStore createTokenStore(Message message) {
         EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
         synchronized (info) {
-            TokenStore tokenStore = (TokenStore)message.getContextualProperty(TokenStore.class.getName());
+            TokenStore tokenStore = 
+                (TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
             if (tokenStore == null) {
-                tokenStore = (TokenStore)info.getProperty(TokenStore.class.getName());
+                tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
             }
             if (tokenStore == null) {
-                tokenStore = new MemoryTokenStore();
-                info.setProperty(TokenStore.class.getName(), tokenStore);
+                TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
+                tokenStore = 
+                    tokenStoreFactory.newTokenStore(
+                        SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, message
+                    );
+                info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
             }
-            return tokenStore; 
+            return tokenStore;
         }
     }
     static final TokenStore getTokenStore(Message message) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java?rev=1308337&r1=1308336&r2=1308337&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java Mon Apr  2 13:09:53 2012
@@ -39,9 +39,9 @@ import org.apache.cxf.ws.security.kerber
 import org.apache.cxf.ws.security.kerberos.KerberosUtils;
 import org.apache.cxf.ws.security.policy.SP11Constants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor;
 import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
@@ -78,13 +78,18 @@ public class KerberosTokenInterceptorPro
     static final TokenStore getTokenStore(Message message) {
         EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
         synchronized (info) {
-            TokenStore tokenStore = (TokenStore)message.getContextualProperty(TokenStore.class.getName());
+            TokenStore tokenStore = 
+                (TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
             if (tokenStore == null) {
-                tokenStore = (TokenStore)info.getProperty(TokenStore.class.getName());
+                tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
             }
             if (tokenStore == null) {
-                tokenStore = new MemoryTokenStore();
-                info.setProperty(TokenStore.class.getName(), tokenStore);
+                TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
+                tokenStore = 
+                    tokenStoreFactory.newTokenStore(
+                        SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, message
+                    );
+                info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
             }
             return tokenStore;
         }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java?rev=1308337&r1=1308336&r2=1308337&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java Mon Apr  2 13:09:53 2012
@@ -52,9 +52,9 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.policy.model.Binding;
 import org.apache.cxf.ws.security.policy.model.Trust10;
 import org.apache.cxf.ws.security.policy.model.Trust13;
-import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
 import org.apache.cxf.ws.security.trust.STSUtils;
 import org.apache.neethi.Assertion;
 import org.apache.neethi.Policy;
@@ -98,13 +98,18 @@ final class NegotiationUtils {
     static TokenStore getTokenStore(Message message) {
         EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
         synchronized (info) {
-            TokenStore tokenStore = (TokenStore)message.getContextualProperty(TokenStore.class.getName());
+            TokenStore tokenStore = 
+                (TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
             if (tokenStore == null) {
-                tokenStore = (TokenStore)info.getProperty(TokenStore.class.getName());
+                tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
             }
             if (tokenStore == null) {
-                tokenStore = new MemoryTokenStore();
-                info.setProperty(TokenStore.class.getName(), tokenStore);
+                TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
+                tokenStore = 
+                    tokenStoreFactory.newTokenStore(
+                        SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, message
+                    );
+                info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
             }
             return tokenStore;
         }
@@ -196,11 +201,7 @@ final class NegotiationUtils {
         try {
             Endpoint endpoint = message.getExchange().getEndpoint();
 
-            TokenStore store = (TokenStore)message.getContextualProperty(TokenStore.class.getName());
-            if (store == null) {
-                store = new MemoryTokenStore();
-                endpoint.getEndpointInfo().setProperty(TokenStore.class.getName(), store);
-            }
+            TokenStore store = getTokenStore(message);
             endpoint = STSUtils.createSTSEndpoint(bus, 
                     namespace,
                     endpoint.getEndpointInfo().getTransportId(),

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java?rev=1308337&r1=1308336&r2=1308337&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java Mon Apr  2 13:09:53 2012
@@ -160,8 +160,7 @@ abstract class STSInvoker implements Inv
         
         TokenStore store = (TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
                 .getProperty(TokenStore.class.getName());
-        cancelToken.setState(SecurityToken.State.CANCELLED);
-        store.update(cancelToken);
+        store.remove(cancelToken);
         writer.writeEmptyElement(prefix, "RequestedTokenCancelled", namespace);
         exchange.put(SecurityConstants.TOKEN, cancelToken);
         

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java?rev=1308337&r1=1308336&r2=1308337&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java Mon Apr  2 13:09:53 2012
@@ -95,7 +95,7 @@ class SecureConversationOutInterceptor e
                             AssertionInfoMap aim, 
                             SecurityToken tok,
                             SecureConversationToken itok) {
-        if (tok.getState() != SecurityToken.State.EXPIRED) {
+        if (!tok.isExpired()) {
             return;
         }
         

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStore.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStore.java?rev=1308337&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStore.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStore.java Mon Apr  2 13:09:53 2012
@@ -0,0 +1,158 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.tokenstore;
+
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+
+import net.sf.ehcache.Cache;
+import net.sf.ehcache.CacheManager;
+import net.sf.ehcache.Element;
+
+import org.apache.cxf.common.util.StringUtils;
+
+/**
+ * An in-memory EHCache implementation of the TokenStore interface. The default TTL is 60 minutes
+ * and the max TTL is 12 hours.
+ */
+public class EHCacheTokenStore implements TokenStore {
+
+    public static final long DEFAULT_TTL = 3600L;
+    public static final long MAX_TTL = DEFAULT_TTL * 12L;
+    
+    private Cache cache;
+    private CacheManager cacheManager;
+    private long ttl = DEFAULT_TTL;
+    
+    public EHCacheTokenStore(String key, URL configFileURL) {
+        if (cacheManager == null) {
+            if (configFileURL == null) {
+                cacheManager = CacheManager.create();
+            } else {
+                cacheManager = CacheManager.create(configFileURL);
+            }
+        }
+        
+        if (!cacheManager.cacheExists(key)) {
+            // Cannot overflow to disk as SecurityToken Elements can't be serialized
+            cache = new Cache(key, 0, false, false, DEFAULT_TTL, DEFAULT_TTL);
+            cacheManager.addCache(cache);
+        } else {
+            cache = cacheManager.getCache(key);
+        }
+    }
+    
+    /**
+     * Set a new (default) TTL value in seconds
+     * @param newTtl a new (default) TTL value in seconds
+     */
+    public void setTTL(long newTtl) {
+        ttl = newTtl;
+    }
+    
+    /**
+     * Get the (default) TTL value in seconds
+     * @return the (default) TTL value in seconds
+     */
+    public long getTTL() {
+        return ttl;
+    }
+    
+    public void add(SecurityToken token) {
+        if (token != null && !StringUtils.isEmpty(token.getId())) {
+            
+            int parsedTTL = 0;
+            if (token.getExpires() != null) {
+                Date expires = token.getExpires();
+                Date current = new Date();
+                long expiryTime = (expires.getTime() - current.getTime()) / 1000L;
+                
+                parsedTTL = (int)expiryTime;
+                if (expiryTime != (long)parsedTTL || parsedTTL < 0 || parsedTTL > MAX_TTL) {
+                    // Default to configured value
+                    parsedTTL = (int)ttl;
+                    if (ttl != (long)parsedTTL) {
+                        // Fall back to 60 minutes if the default TTL is set incorrectly
+                        parsedTTL = 3600;
+                    }
+                }
+            } else {
+                // Default to configured value
+                parsedTTL = (int)ttl;
+                if (ttl != (long)parsedTTL) {
+                    // Fall back to 60 minutes if the default TTL is set incorrectly
+                    parsedTTL = 3600;
+                }
+            }
+            
+            cache.put(new Element(token.getId(), token, false, parsedTTL, parsedTTL));
+        }
+    }
+    
+    public void remove(SecurityToken token) {
+        if (token != null && !StringUtils.isEmpty(token.getId())) {
+            cache.remove(token.getId());
+        }
+    }
+
+    @SuppressWarnings("unchecked")
+    public Collection<String> getTokenIdentifiers() {
+        return cache.getKeysWithExpiryCheck();
+    }
+    
+    public Collection<SecurityToken> getExpiredTokens() {
+        List<SecurityToken> expiredTokens = new ArrayList<SecurityToken>();
+        @SuppressWarnings("unchecked")
+        Iterator<String> ids = cache.getKeys().iterator();
+        while (ids.hasNext()) {
+            Element element = cache.get(ids.next());
+            if (cache.isExpired(element)) {
+                expiredTokens.add((SecurityToken)element.getObjectValue());
+            }
+        }
+        return expiredTokens;
+    }
+    
+    public SecurityToken getToken(String id) {
+        Element element = cache.get(id);
+        if (element != null && !cache.isExpired(element)) {
+            return (SecurityToken)element.getObjectValue();
+        }
+        return null;
+    }
+
+    public SecurityToken getTokenByAssociatedHash(int hashCode) {
+        @SuppressWarnings("unchecked")
+        Iterator<String> ids = cache.getKeysWithExpiryCheck().iterator();
+        while (ids.hasNext()) {
+            Element element = cache.get(ids.next());
+            SecurityToken securityToken = (SecurityToken)element.getObjectValue();
+            if (hashCode == securityToken.getAssociatedHash()) {
+                return securityToken;
+            }
+        }
+        return null;
+    }
+    
+}

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java?rev=1308337&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java Mon Apr  2 13:09:53 2012
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.tokenstore;
+
+import java.io.IOException;
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.resource.ResourceManager;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.cache.EHCacheReplayCacheFactory;
+
+
+/**
+ * A factory to return an EHCacheTokenStore instance.
+ */
+public class EHCacheTokenStoreFactory extends TokenStoreFactory {
+    
+    public TokenStore newTokenStore(String key, Message message) {
+        URL configFileURL = getConfigFileURL(message);
+        if (configFileURL == null) {
+            String defaultConfigFile = "cxf-ehcache.xml";
+            ResourceManager rm = message.getExchange().get(Bus.class).getExtension(ResourceManager.class);
+            configFileURL = rm.resolveResource(defaultConfigFile, URL.class);
+            try {
+                if (configFileURL == null) {
+                    configFileURL = 
+                        ClassLoaderUtils.getResource(defaultConfigFile, EHCacheReplayCacheFactory.class);
+                }
+                if (configFileURL == null) {
+                    configFileURL = new URL(defaultConfigFile);
+                }
+            } catch (IOException e) {
+                // Do nothing
+            }
+        }
+        if (configFileURL != null) {
+            message.setContextualProperty(SecurityConstants.CACHE_CONFIG_FILE, configFileURL);
+        }
+        return new EHCacheTokenStore(key, configFileURL);
+    }
+    
+}

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java?rev=1308337&r1=1308336&r2=1308337&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java Mon Apr  2 13:09:53 2012
@@ -26,139 +26,127 @@ import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
-
 import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken.State;
 
 /**
- * 
+ * A simple HashMap-based TokenStore. The default TTL is 5 minutes and the max TTL is 1 hour.
  */
 public class MemoryTokenStore implements TokenStore {
-    boolean autoRemove = true;
+    public static final long DEFAULT_TTL = 60L * 5L;
+    public static final long MAX_TTL = DEFAULT_TTL * 12L;
     
-    Map<String, SecurityToken> tokens = new ConcurrentHashMap<String, SecurityToken>();
+    private Map<String, CacheEntry> tokens = new ConcurrentHashMap<String, CacheEntry>();
     
-    /** {@inheritDoc}*/
     public void add(SecurityToken token) {
         if (token != null && !StringUtils.isEmpty(token.getId())) {
-            tokens.put(token.getId(), token);
-        }
-    }
-
-    /** {@inheritDoc}*/
-    public void update(SecurityToken token) {
-        if (autoRemove 
-            && (token.getState() == State.EXPIRED
-                || token.getState() == State.CANCELLED)) {
-            remove(token);
-        } else {
-            add(token);
+            CacheEntry cacheEntry = null;
+            if (token.getExpires() == null) {
+                Date expires = new Date();
+                long currentTime = expires.getTime();
+                expires.setTime(currentTime + (DEFAULT_TTL * 1000L));
+                cacheEntry = new CacheEntry(token, expires);
+            } else {
+                Date expires = token.getExpires();
+                Date current = new Date();
+                long expiryTime = expires.getTime() - current.getTime();
+                if (expiryTime < 0 || expiryTime > (MAX_TTL * 1000L)) {
+                    expires.setTime(current.getTime() + (DEFAULT_TTL * 1000L));
+                }
+                cacheEntry = new CacheEntry(token, expires);
+            }
+            
+            tokens.put(token.getId(), cacheEntry);
         }
     }
+    
     public void remove(SecurityToken token) {
         if (token != null && !StringUtils.isEmpty(token.getId())) {
             tokens.remove(token.getId());
         }
     }
 
-    public Collection<SecurityToken> getCancelledTokens() {
-        return getTokens(SecurityToken.State.CANCELLED);
-    }
-    public Collection<SecurityToken> getExpiredTokens() {
-        return getTokens(SecurityToken.State.EXPIRED);
-    }
-    public Collection<SecurityToken> getRenewedTokens() {
-        return getTokens(SecurityToken.State.RENEWED);
-    }
     public Collection<String> getTokenIdentifiers() {
-        processTokenExpiry();        
+        processTokenExpiry();
         return tokens.keySet();
     }
-
-    public Collection<SecurityToken> getValidTokens() {
-        Collection<SecurityToken> toks = getTokens(SecurityToken.State.ISSUED);
-        toks.addAll(getTokens(SecurityToken.State.RENEWED));
-        toks.addAll(getTokens(SecurityToken.State.UNKNOWN));
-        return toks;
-    }
-
-    public SecurityToken getToken(String id) {
-        processTokenExpiry();
-        
-        SecurityToken token = tokens.get(id);
-        if (token == null) {
-            for (SecurityToken t : tokens.values()) {
-                if (id.equals(t.getWsuId())) {
-                    return t;
+    
+    public Collection<SecurityToken> getExpiredTokens() {
+        List<SecurityToken> expiredTokens = new ArrayList<SecurityToken>();
+        Date current = new Date();
+        synchronized (tokens) {
+            for (String id : tokens.keySet()) {
+                CacheEntry cacheEntry = tokens.get(id);
+                if (cacheEntry.getExpiry().before(current)) {
+                    expiredTokens.add(cacheEntry.getSecurityToken());
                 }
             }
         }
-        return token;
+        return expiredTokens;
     }
     
-    public SecurityToken getTokenByAssociatedHash(int hashCode) {
+    public SecurityToken getToken(String id) {
         processTokenExpiry();
         
-        for (String id : tokens.keySet()) {
-            SecurityToken securityToken = tokens.get(id);
-            if (hashCode == securityToken.getAssociatedHash()) {
-                return securityToken;
-            }
+        CacheEntry cacheEntry = tokens.get(id);
+        if (cacheEntry != null) {
+            return cacheEntry.getSecurityToken();
         }
         return null;
     }
-
     
-    protected Collection<SecurityToken> getTokens(SecurityToken.State state) {
+    public SecurityToken getTokenByAssociatedHash(int hashCode) {
         processTokenExpiry();
-        List<SecurityToken> t = new ArrayList<SecurityToken>();
-        for (SecurityToken token : tokens.values()) {
-            if (token.getState() == state) {
-                t.add(token);
+        
+        synchronized (tokens) {
+            for (String id : tokens.keySet()) {
+                CacheEntry cacheEntry = tokens.get(id);
+                SecurityToken securityToken = cacheEntry.getSecurityToken();
+                if (hashCode == securityToken.getAssociatedHash()) {
+                    return securityToken;
+                }
             }
         }
-        return t;
+        return null;
     }
 
     protected void processTokenExpiry() {
-        for (SecurityToken token : tokens.values()) {
-            if (token.getState() == State.EXPIRED
-                || token.getState() == State.CANCELLED) {
-                if (autoRemove) {
-                    remove(token);
-                }
-            } else if (token.getExpires() != null) {
-                Date current = new Date();
-                if (token.getExpires().before(current)) {
-                    token.setState(SecurityToken.State.EXPIRED);
-                    if (autoRemove) {
-                        remove(token);
-                    }
+        Date current = new Date();
+        synchronized (tokens) {
+            for (String id : tokens.keySet()) {
+                CacheEntry cacheEntry = tokens.get(id);
+                if (cacheEntry.getExpiry().before(current)) {
+                    tokens.remove(id);
                 }
-            }            
-        }
-    }
-
-
-    public void removeCancelledTokens() {
-        for (SecurityToken token : tokens.values()) {
-            if (token.getState() == State.CANCELLED) {
-                remove(token);
             }
         }
     }
-
-    public void removeExpiredTokens() {
-        processTokenExpiry();
-        for (SecurityToken token : tokens.values()) {
-            if (token.getState() == State.EXPIRED) {
-                remove(token);
-            }
+    
+    private static class CacheEntry {
+        
+        private final SecurityToken securityToken;
+        private final Date expires;
+        
+        public CacheEntry(SecurityToken securityToken, Date expires) {
+            this.securityToken = securityToken;
+            this.expires = expires;
         }
+        
+        /**
+         * Get the SecurityToken
+         * @return the SecurityToken
+         */
+        public SecurityToken getSecurityToken() {
+            return securityToken;
+        }
+        
+        /**
+         * Get when this CacheEntry is to be removed from the cache
+         * @return when this CacheEntry is to be removed from the cache
+         */
+        public Date getExpiry() {
+            return expires;
+        }
+        
     }
-
-    public void setAutoRemoveTokens(boolean auto) {
-        autoRemove = auto;
-    }
-    
+ 
 }

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStoreFactory.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStoreFactory.java?rev=1308337&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStoreFactory.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStoreFactory.java Mon Apr  2 13:09:53 2012
@@ -0,0 +1,34 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.tokenstore;
+
+import org.apache.cxf.message.Message;
+
+
+/**
+ * A factory to return a MemoryTokenStore instance.
+ */
+public class MemoryTokenStoreFactory extends TokenStoreFactory {
+    
+    public TokenStore newTokenStore(String key, Message message) {
+        return new MemoryTokenStore();
+    }
+    
+}

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java?rev=1308337&r1=1308336&r2=1308337&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java Mon Apr  2 13:09:53 2012
@@ -45,14 +45,6 @@ public class SecurityToken implements Se
     
     private static final long serialVersionUID = -8023092932997444513L;
 
-    public enum State {
-        UNKNOWN,
-        ISSUED, 
-        EXPIRED, 
-        CANCELLED, 
-        RENEWED
-    };
-    
     /**
      * Token identifier
      */
@@ -64,11 +56,6 @@ public class SecurityToken implements Se
     private String wsuId;
     
     /**
-     * Current state of the token
-     */
-    private State state = State.UNKNOWN;
-    
-    /**
      * The actual token in its current state
      */
     private Element token;
@@ -160,16 +147,12 @@ public class SecurityToken implements Se
     
     public SecurityToken(String id) {
         this.id = id;
-        createDefaultExpires();
     }
 
     public SecurityToken(String id, Date created, Date expires) {
         this.id = id;
         this.created = created;
         this.expires = expires;
-        if (expires == null) {
-            createDefaultExpires();
-        }
     }
     
     public SecurityToken(String id,
@@ -180,9 +163,6 @@ public class SecurityToken implements Se
         this.token = cloneElement(tokenElem);
         this.created = created;
         this.expires = expires;
-        if (expires == null) {
-            createDefaultExpires();
-        }
     }
 
     public SecurityToken(String id,
@@ -193,9 +173,6 @@ public class SecurityToken implements Se
         if (lifetimeElem != null) {
             processLifeTime(lifetimeElem);
         }
-        if (expires == null) {
-            createDefaultExpires();
-        }
     }
     
     private static Element cloneElement(Element el) {
@@ -262,20 +239,6 @@ public class SecurityToken implements Se
     }
 
     /**
-     * @return Returns the state.
-     */
-    public State getState() {
-        return state;
-    }
-
-    /**
-     * @param state The state to set.
-     */
-    public void setState(State state) {
-        this.state = state;
-    }
-
-    /**
      * @return Returns the token.
      */
     public Element getToken() {
@@ -374,13 +337,9 @@ public class SecurityToken implements Se
      * Return whether this SecurityToken is expired or not
      */
     public boolean isExpired() {
-        if (state == State.EXPIRED) {
-            return true;
-        }
         if (expires != null) {
             Date rightNow = new Date();
             if (expires.before(rightNow)) {
-                state = State.EXPIRED;
                 return true;
             }
         }
@@ -511,13 +470,4 @@ public class SecurityToken implements Se
         return principal;
     }
     
-    /**
-     * Create a default Expires date 5 minutes in the future
-     */
-    private void createDefaultExpires() {
-        expires = new Date();
-        long currentTime = expires.getTime();
-        expires.setTime(currentTime + 300L * 1000L);
-    }
-
 } 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java?rev=1308337&r1=1308336&r2=1308337&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java Mon Apr  2 13:09:53 2012
@@ -22,63 +22,38 @@ package org.apache.cxf.ws.security.token
 import java.util.Collection;
 
 /**
- * 
+ * This interface defines a caching mechanism for security tokens. It is up to the underlying implementation
+ * to handle token expiration (e.g. by querying the SecurityToken's expires date).
  */
 public interface TokenStore {
+    
     /**
-     * Add the given token to the list.
+     * Add the given token to the cache.
      * @param token The token to be added
-     * @throws TokenStoreException
      */
     void add(SecurityToken token);
     
     /**
-     * Update an existing token.
-     * @param token
-     */
-    void update(SecurityToken token);
-    
-    /**
      * Remove an existing token.
      */
     void remove(SecurityToken token);
     
     /**
-     * Return the list of all token identifiers.
-     * @return As array of token identifiers
+     * Return the list of all valid token identifiers.
+     * @return As array of (valid) token identifiers
      */
     Collection<String> getTokenIdentifiers();
     
     /**
-     * Return the list of <code>EXPIRED</code> tokens.
-     * If there are no <code>EXPIRED</code> tokens <code>null</code> will be 
-     * returned
+     * Return the list of expired tokens.
      * @return An array of expired <code>Tokens</code>
      */
     Collection<SecurityToken> getExpiredTokens();
     
     /**
-     * Return the list of ISSUED and RENEWED tokens.
-     * @return An array of ISSUED and RENEWED <code>Tokens</code>.
-     */
-    Collection<SecurityToken> getValidTokens();
-    
-    /**
-     * Return the list of RENEWED tokens.
-     * @return An array of RENEWED <code>Tokens</code>
-     */
-    Collection<SecurityToken> getRenewedTokens();
-    
-    /**
-     * Return the list of CANCELLED tokens
-     * @return An array of CANCELLED <code>Tokens</code>
-     */
-    Collection<SecurityToken> getCancelledTokens();
-    
-    /**
      * Returns the <code>Token</code> of the given id
      * @param id
-     * @return The requested <code>Token</code> identified by the give id
+     * @return The requested <code>Token</code> identified by the given id
      */
     SecurityToken getToken(String id);
     
@@ -89,22 +64,4 @@ public interface TokenStore {
      */
     SecurityToken getTokenByAssociatedHash(int hashCode);
     
-    /**
-     * Removes all expired tokens.  
-     */
-    void removeExpiredTokens();
-    
-    /**
-     * Removes all cancelled tokens.
-     */
-    void removeCancelledTokens();
-    
-    /**
-     * Controls whether the store will automatically remove cancelled and expired 
-     * tokens.  If true, calls to getCancelledTokens() and getExpiredTokens() 
-     * will never return value;
-     * @param auto
-     */
-    void setAutoRemoveTokens(boolean auto);
-    
 }

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreFactory.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreFactory.java?rev=1308337&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreFactory.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreFactory.java Mon Apr  2 13:09:53 2012
@@ -0,0 +1,89 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.tokenstore;
+
+import java.io.IOException;
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.resource.ResourceManager;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.cache.ReplayCacheFactory;
+
+/**
+ * An abstract factory to return a TokenStore instance. It returns an EHCacheTokenStoreFactory
+ * if EH-Cache is available. Otherwise it returns a MemoryTokenStoreFactory.
+ */
+public abstract class TokenStoreFactory {
+    
+    private static boolean ehCacheInstalled;
+    
+    static {
+        try {
+            Class<?> cacheManagerClass = 
+                ClassLoaderUtils.loadClass("net.sf.ehcache.CacheManager", TokenStoreFactory.class);
+            if (cacheManagerClass != null) {
+                ehCacheInstalled = true;
+            }
+        } catch (Exception e) {
+            //ignore
+        }
+    }
+    
+    protected static synchronized boolean isEhCacheInstalled() {
+        return ehCacheInstalled;
+    }
+    
+    public static TokenStoreFactory newInstance() {
+        if (isEhCacheInstalled()) {
+            return new EHCacheTokenStoreFactory();
+        }
+        
+        return new MemoryTokenStoreFactory();
+    }
+    
+    public abstract TokenStore newTokenStore(String key, Message message);
+    
+    protected URL getConfigFileURL(Message message) {
+        Object o = message.getContextualProperty(SecurityConstants.CACHE_CONFIG_FILE);
+        if (o instanceof String) {
+            URL url = null;
+            ResourceManager rm = message.getExchange().get(Bus.class).getExtension(ResourceManager.class);
+            url = rm.resolveResource((String)o, URL.class);
+            try {
+                if (url == null) {
+                    url = ClassLoaderUtils.getResource((String)o, ReplayCacheFactory.class);
+                }
+                if (url == null) {
+                    url = new URL((String)o);
+                }
+                return url;
+            } catch (IOException e) {
+                // Do nothing
+            }
+        } else if (o instanceof URL) {
+            return (URL)o;        
+        }
+        return null;
+    }
+    
+}

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=1308337&r1=1308336&r2=1308337&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java Mon Apr  2 13:09:53 2012
@@ -1061,7 +1061,6 @@ public class STSClient implements Config
 
         try {
             client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));
-            token.setState(SecurityToken.State.CANCELLED);
             return true;
         } catch (Exception ex) {
             LOG.log(Level.WARNING, "Problem cancelling token", ex);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java?rev=1308337&r1=1308336&r2=1308337&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java Mon Apr  2 13:09:53 2012
@@ -27,9 +27,10 @@ import org.apache.cxf.binding.soap.SoapM
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.service.model.EndpointInfo;
-import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
+import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.saml.ext.AssertionWrapper;
@@ -123,13 +124,18 @@ public class STSTokenValidator implement
     static final TokenStore getTokenStore(Message message) {
         EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
         synchronized (info) {
-            TokenStore tokenStore = (TokenStore)message.getContextualProperty(TokenStore.class.getName());
+            TokenStore tokenStore = 
+                (TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
             if (tokenStore == null) {
-                tokenStore = (TokenStore)info.getProperty(TokenStore.class.getName());
+                tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
             }
             if (tokenStore == null) {
-                tokenStore = new MemoryTokenStore();
-                info.setProperty(TokenStore.class.getName(), tokenStore);
+                TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
+                tokenStore = 
+                    tokenStoreFactory.newTokenStore(
+                        SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, message
+                    );
+                info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
             }
             return tokenStore;
         }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1308337&r1=1308336&r2=1308337&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Mon Apr  2 13:09:53 2012
@@ -532,12 +532,13 @@ public class WSS4JInInterceptor extends 
                 
                 if (SecurityTokenReference.ENC_KEY_SHA1_URI.equals(pc.getType())
                     || WSConstants.WSS_KRB_KI_VALUE_TYPE.equals(pc.getType())) {
-                    for (SecurityToken token : store.getValidTokens()) {
+                    for (String tokenId : store.getTokenIdentifiers()) {
+                        SecurityToken token = store.getToken(tokenId);
                         if (id.equals(token.getSHA1())) {
                             pc.setKey(token.getSecret());
                             return;
                         }
-                    }                    
+                    }
                 } else { 
                     SecurityToken tok = store.getToken(id);
                     if (tok != null) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1308337&r1=1308336&r2=1308337&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Mon Apr  2 13:09:53 2012
@@ -97,9 +97,9 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.policy.model.Wss10;
 import org.apache.cxf.ws.security.policy.model.Wss11;
 import org.apache.cxf.ws.security.policy.model.X509Token;
-import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
 import org.apache.neethi.Assertion;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSEncryptionPart;
@@ -362,13 +362,18 @@ public abstract class AbstractBindingBui
     protected final TokenStore getTokenStore() {
         EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
         synchronized (info) {
-            TokenStore tokenStore = (TokenStore)message.getContextualProperty(TokenStore.class.getName());
+            TokenStore tokenStore = 
+                (TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
             if (tokenStore == null) {
-                tokenStore = (TokenStore)info.getProperty(TokenStore.class.getName());
+                tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
             }
             if (tokenStore == null) {
-                tokenStore = new MemoryTokenStore();
-                info.setProperty(TokenStore.class.getName(), tokenStore);
+                TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
+                tokenStore = 
+                    tokenStoreFactory.newTokenStore(
+                        SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, message
+                    );
+                info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
             }
             return tokenStore;
         }

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/DefaultInMemoryTokenStore.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/DefaultInMemoryTokenStore.java?rev=1308337&r1=1308336&r2=1308337&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/DefaultInMemoryTokenStore.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/DefaultInMemoryTokenStore.java Mon Apr  2 13:09:53 2012
@@ -19,117 +19,13 @@
 
 package org.apache.cxf.sts.cache;
 
-import java.util.Collection;
-import java.util.Iterator;
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.ws.security.tokenstore.EHCacheTokenStore;
 
-import net.sf.ehcache.Cache;
-import net.sf.ehcache.CacheManager;
-import net.sf.ehcache.Element;
+public class DefaultInMemoryTokenStore extends EHCacheTokenStore {
 
-import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken.State;
-import org.apache.cxf.ws.security.tokenstore.TokenStore;
-
-public class DefaultInMemoryTokenStore implements TokenStore {
-
-    private Cache cache;
-    private CacheManager cacheManager = CacheManager.create();
-    private boolean autoRemove = true;
-    
     public DefaultInMemoryTokenStore() {
-        String key = "STS";
-        if (!cacheManager.cacheExists(key)) {
-            cache = new Cache(key, 5000, false, false, 3600, 3600);
-            cacheManager.addCache(cache);
-        } else {
-            cache = cacheManager.getCache(key);
-        }
-    }
-    
-    public void add(SecurityToken token) {
-        if (token != null && !StringUtils.isEmpty(token.getId())) {
-            cache.put(new Element(token.getId(), token));
-        }
-    }
-
-    public void add(SecurityToken token, Integer timeToLiveSeconds) {
-        if (token != null && !StringUtils.isEmpty(token.getId())) {
-            cache.put(new Element(token.getId(), token, false, timeToLiveSeconds, timeToLiveSeconds));
-        }
+        super("STS", ClassLoaderUtils.getResource("cxf-ehcache.xml", DefaultInMemoryTokenStore.class));
     }
     
-    public void update(SecurityToken token) {
-        if (autoRemove 
-            && (token.getState() == State.EXPIRED || token.getState() == State.CANCELLED)) {
-            remove(token);
-        } else {
-            add(token);
-        }
-    }
-
-    public void remove(SecurityToken token) {
-        if (token != null && !StringUtils.isEmpty(token.getId())) {
-            cache.remove(token.getId());
-        }
-    }
-
-    @SuppressWarnings("unchecked")
-    public Collection<String> getTokenIdentifiers() {
-        return cache.getKeys();
-    }
-
-    public Collection<SecurityToken> getExpiredTokens() {
-        // TODO Auto-generated method stub
-        return null;
-    }
-
-    @SuppressWarnings("unchecked")
-    public Collection<SecurityToken> getValidTokens() {
-        return cache.getAllWithLoader(cache.getKeysWithExpiryCheck(), null).values();
-    }
-
-    public Collection<SecurityToken> getRenewedTokens() {
-        // TODO Auto-generated method stub
-        return null;
-    }
-
-    public Collection<SecurityToken> getCancelledTokens() {
-        // TODO Auto-generated method stub
-        return null;
-    }
-
-    public SecurityToken getToken(String id) {
-        Element element = cache.get(id);
-        if (element != null) {
-            return (SecurityToken)element.getObjectValue();
-        } else {
-            return null;
-        }
-    }
-
-    public SecurityToken getTokenByAssociatedHash(int hashCode) {
-        @SuppressWarnings("unchecked")
-        Iterator<String> ids = cache.getKeys().iterator();
-        while (ids.hasNext()) {
-            SecurityToken securityToken = getToken(ids.next());
-            if (hashCode == securityToken.getAssociatedHash()) {
-                return securityToken;
-            }
-        }
-        return null;
-    }
-
-    public void removeExpiredTokens() {
-        // TODO Auto-generated method stub
-    }
-
-    public void removeCancelledTokens() {
-        // TODO Auto-generated method stub
-    }
-
-    public void setAutoRemoveTokens(boolean auto) {
-        this.autoRemove = auto;
-    }
-
 }

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java?rev=1308337&r1=1308336&r2=1308337&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java Mon Apr  2 13:09:53 2012
@@ -20,6 +20,7 @@
 package org.apache.cxf.sts.cache;
 
 import java.util.Collection;
+import java.util.Date;
 import java.util.Iterator;
 import java.util.concurrent.TimeUnit;
 
@@ -29,34 +30,66 @@ import com.hazelcast.core.IMap;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken.State;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 
 public class HazelCastTokenStore implements TokenStore {
+    
+    public static final long DEFAULT_TTL = 3600L;
+    public static final long MAX_TTL = DEFAULT_TTL * 12L;
 
-    IMap<Object, Object> cacheMap;
-    boolean autoRemove = true;
+    private IMap<Object, Object> cacheMap;
+    private long ttl = DEFAULT_TTL;
     
     public HazelCastTokenStore(String mapName) {
         cacheMap = Hazelcast.getDefaultInstance().getMap(mapName);
-        
+    }
+    
+    /**
+     * Set a new (default) TTL value in seconds
+     * @param newTtl a new (default) TTL value in seconds
+     */
+    public void setTTL(long newTtl) {
+        ttl = newTtl;
+    }
+    
+    /**
+     * Get the (default) TTL value in seconds
+     * @return the (default) TTL value in seconds
+     */
+    public long getTTL() {
+        return ttl;
     }
     
     public void add(SecurityToken token) {
         if (token != null && !StringUtils.isEmpty(token.getId())) {
-            cacheMap.put(token.getId(), token);
-        }
-    }
-
-    public void update(SecurityToken token) {
-        if (autoRemove 
-            && (token.getState() == State.EXPIRED || token.getState() == State.CANCELLED)) {
-            remove(token);
-        } else {
-            add(token);
+            int parsedTTL = 0;
+            if (token.getExpires() != null) {
+                Date expires = token.getExpires();
+                Date current = new Date();
+                long expiryTime = (expires.getTime() - current.getTime()) / 1000L;
+                
+                parsedTTL = (int)expiryTime;
+                if (expiryTime != (long)parsedTTL || parsedTTL < 0 || parsedTTL > MAX_TTL) {
+                    // Default to configured value
+                    parsedTTL = (int)ttl;
+                    if (ttl != (long)parsedTTL) {
+                        // Fall back to 60 minutes if the default TTL is set incorrectly
+                        parsedTTL = 3600;
+                    }
+                }
+            } else {
+                // Default to configured value
+                parsedTTL = (int)ttl;
+                if (ttl != (long)parsedTTL) {
+                    // Fall back to 60 minutes if the default TTL is set incorrectly
+                    parsedTTL = 3600;
+                }
+            }
+            
+            cacheMap.put(token.getId(), token, parsedTTL, TimeUnit.SECONDS);
         }
     }
-
+    
     public void remove(SecurityToken token) {
         if (token != null && !StringUtils.isEmpty(token.getId())) {
             cacheMap.remove(token.getId());
@@ -72,21 +105,6 @@ public class HazelCastTokenStore impleme
         return null;
     }
 
-    
-    public Collection<SecurityToken> getValidTokens() {
-        return CastUtils.cast((Collection<?>)cacheMap.keySet());
-    }
-
-    public Collection<SecurityToken> getRenewedTokens() {
-        // TODO Auto-generated method stub
-        return null;
-    }
-
-    public Collection<SecurityToken> getCancelledTokens() {
-        // TODO Auto-generated method stub
-        return null;
-    }
-
     public SecurityToken getToken(String id) {
         return (SecurityToken)cacheMap.get(id);
     }
@@ -101,28 +119,6 @@ public class HazelCastTokenStore impleme
         }
         return null;
     }
-
-    public void removeExpiredTokens() {
-        // TODO Auto-generated method stub
-        
-    }
-
-    
-    public void removeCancelledTokens() {
-        // TODO Auto-generated method stub
-        
-    }
-
     
-    public void setAutoRemoveTokens(boolean auto) {
-        this.autoRemove = auto;
-    }
-
     
-    public void add(SecurityToken token, Integer timeToLiveSeconds) {
-        if (token != null && !StringUtils.isEmpty(token.getId())) {
-            cacheMap.put(token.getId(), token, timeToLiveSeconds, TimeUnit.SECONDS);
-        }
-    }
-
 }

Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/DefaultInMemoryTokenStoreTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/DefaultInMemoryTokenStoreTest.java?rev=1308337&r1=1308336&r2=1308337&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/DefaultInMemoryTokenStoreTest.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/DefaultInMemoryTokenStoreTest.java Mon Apr  2 13:09:53 2012
@@ -51,11 +51,11 @@ public class DefaultInMemoryTokenStoreTe
         store.add(token1);
         store.add(token2);
         store.add(token3);
-        assertTrue(store.getValidTokens().size() == 3);
+        assertTrue(store.getTokenIdentifiers().size() == 3);
         store.remove(token3);
         assertNull(store.getToken("test3"));
         store.remove(token1);
         store.remove(token2);
-        assertTrue(store.getValidTokens().size() == 0);
+        assertTrue(store.getTokenIdentifiers().size() == 0);
     }
 }

Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/HazelCastTokenStoreTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/HazelCastTokenStoreTest.java?rev=1308337&r1=1308336&r2=1308337&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/HazelCastTokenStoreTest.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/HazelCastTokenStoreTest.java Mon Apr  2 13:09:53 2012
@@ -52,11 +52,11 @@ public class HazelCastTokenStoreTest ext
         store.add(token1);
         store.add(token2);
         store.add(token3);
-        assertTrue(store.getValidTokens().size() == 3);
+        assertTrue(store.getTokenIdentifiers().size() == 3);
         store.remove(token3);
         assertNull(store.getToken("test3"));
         store.remove(token1);
         store.remove(token2);
-        assertTrue(store.getValidTokens().size() == 0);
+        assertTrue(store.getTokenIdentifiers().size() == 0);
     }
 }



Mime
View raw message