cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1308908 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/ servic...
Date Tue, 03 Apr 2012 13:46:00 GMT
Author: coheigea
Date: Tue Apr  3 13:45:59 2012
New Revision: 1308908

URL: http://svn.apache.org/viewvc?rev=1308908&view=rev
Log:
[CXF-4219] - Another refactor of TokenStore. Removed AssociatedHash functionality.

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStore.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/canceller/SCTCanceller.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SCTRenewer.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
    cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/DefaultInMemoryTokenStoreTest.java
    cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/HazelCastTokenStoreTest.java
    cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateSCTUnitTest.java
    cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SCTValidatorTest.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/CustomUsernameTokenProvider.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
Tue Apr  3 13:45:59 2012
@@ -160,7 +160,7 @@ abstract class STSInvoker implements Inv
         
         TokenStore store = (TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
                 .getProperty(TokenStore.class.getName());
-        store.remove(cancelToken);
+        store.remove(cancelToken.getId());
         writer.writeEmptyElement(prefix, "RequestedTokenCancelled", namespace);
         exchange.put(SecurityConstants.TOKEN, cancelToken);
         

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
Tue Apr  3 13:45:59 2012
@@ -372,7 +372,7 @@ class SecureConversationInInterceptor ex
                     }
                     
                     client.cancelSecurityToken(tok);
-                    NegotiationUtils.getTokenStore(m2).remove(tok);
+                    NegotiationUtils.getTokenStore(m2).remove(tok.getId());
                 } catch (RuntimeException e) {
                     throw e;
                 } catch (Exception e) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStore.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStore.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStore.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStore.java
Tue Apr  3 13:45:59 2012
@@ -82,38 +82,21 @@ public class EHCacheTokenStore implement
     
     public void add(SecurityToken token) {
         if (token != null && !StringUtils.isEmpty(token.getId())) {
-            
-            int parsedTTL = 0;
-            if (token.getExpires() != null) {
-                Date expires = token.getExpires();
-                Date current = new Date();
-                long expiryTime = (expires.getTime() - current.getTime()) / 1000L;
-                
-                parsedTTL = (int)expiryTime;
-                if (expiryTime != (long)parsedTTL || parsedTTL < 0 || parsedTTL > MAX_TTL)
{
-                    // Default to configured value
-                    parsedTTL = (int)ttl;
-                    if (ttl != (long)parsedTTL) {
-                        // Fall back to 60 minutes if the default TTL is set incorrectly
-                        parsedTTL = 3600;
-                    }
-                }
-            } else {
-                // Default to configured value
-                parsedTTL = (int)ttl;
-                if (ttl != (long)parsedTTL) {
-                    // Fall back to 60 minutes if the default TTL is set incorrectly
-                    parsedTTL = 3600;
-                }
-            }
-            
+            int parsedTTL = getTTL(token);
             cache.put(new Element(token.getId(), token, false, parsedTTL, parsedTTL));
         }
     }
     
-    public void remove(SecurityToken token) {
-        if (token != null && !StringUtils.isEmpty(token.getId())) {
-            cache.remove(token.getId());
+    public void add(String identifier, SecurityToken token) {
+        if (token != null && !StringUtils.isEmpty(identifier)) {
+            int parsedTTL = getTTL(token);
+            cache.put(new Element(identifier, token, false, parsedTTL, parsedTTL));
+        }
+    }
+    
+    public void remove(String identifier) {
+        if (!StringUtils.isEmpty(identifier) && cache.isKeyInCache(identifier)) {
+            cache.remove(identifier);
         }
     }
 
@@ -135,25 +118,39 @@ public class EHCacheTokenStore implement
         return expiredTokens;
     }
     
-    public SecurityToken getToken(String id) {
-        Element element = cache.get(id);
+    public SecurityToken getToken(String identifier) {
+        Element element = cache.get(identifier);
         if (element != null && !cache.isExpired(element)) {
             return (SecurityToken)element.getObjectValue();
         }
         return null;
     }
-
-    public SecurityToken getTokenByAssociatedHash(int hashCode) {
-        @SuppressWarnings("unchecked")
-        Iterator<String> ids = cache.getKeysWithExpiryCheck().iterator();
-        while (ids.hasNext()) {
-            Element element = cache.get(ids.next());
-            SecurityToken securityToken = (SecurityToken)element.getObjectValue();
-            if (hashCode == securityToken.getAssociatedHash()) {
-                return securityToken;
+    
+    private int getTTL(SecurityToken token) {
+        int parsedTTL = 0;
+        if (token.getExpires() != null) {
+            Date expires = token.getExpires();
+            Date current = new Date();
+            long expiryTime = (expires.getTime() - current.getTime()) / 1000L;
+            
+            parsedTTL = (int)expiryTime;
+            if (expiryTime != (long)parsedTTL || parsedTTL < 0 || parsedTTL > MAX_TTL)
{
+                // Default to configured value
+                parsedTTL = (int)ttl;
+                if (ttl != (long)parsedTTL) {
+                    // Fall back to 60 minutes if the default TTL is set incorrectly
+                    parsedTTL = 3600;
+                }
+            }
+        } else {
+            // Default to configured value
+            parsedTTL = (int)ttl;
+            if (ttl != (long)parsedTTL) {
+                // Fall back to 60 minutes if the default TTL is set incorrectly
+                parsedTTL = 3600;
             }
         }
-        return null;
+        return parsedTTL;
     }
     
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
Tue Apr  3 13:45:59 2012
@@ -39,29 +39,21 @@ public class MemoryTokenStore implements
     
     public void add(SecurityToken token) {
         if (token != null && !StringUtils.isEmpty(token.getId())) {
-            CacheEntry cacheEntry = null;
-            if (token.getExpires() == null) {
-                Date expires = new Date();
-                long currentTime = expires.getTime();
-                expires.setTime(currentTime + (DEFAULT_TTL * 1000L));
-                cacheEntry = new CacheEntry(token, expires);
-            } else {
-                Date expires = token.getExpires();
-                Date current = new Date();
-                long expiryTime = expires.getTime() - current.getTime();
-                if (expiryTime < 0 || expiryTime > (MAX_TTL * 1000L)) {
-                    expires.setTime(current.getTime() + (DEFAULT_TTL * 1000L));
-                }
-                cacheEntry = new CacheEntry(token, expires);
-            }
-            
+            CacheEntry cacheEntry = createCacheEntry(token);
             tokens.put(token.getId(), cacheEntry);
         }
     }
     
-    public void remove(SecurityToken token) {
-        if (token != null && !StringUtils.isEmpty(token.getId())) {
-            tokens.remove(token.getId());
+    public void add(String identifier, SecurityToken token) {
+        if (token != null && !StringUtils.isEmpty(identifier)) {
+            CacheEntry cacheEntry = createCacheEntry(token);
+            tokens.put(identifier, cacheEntry);
+        }
+    }
+    
+    public void remove(String identifier) {
+        if (!StringUtils.isEmpty(identifier) && tokens.containsKey(identifier)) {
+            tokens.remove(identifier);
         }
     }
 
@@ -94,21 +86,6 @@ public class MemoryTokenStore implements
         return null;
     }
     
-    public SecurityToken getTokenByAssociatedHash(int hashCode) {
-        processTokenExpiry();
-        
-        synchronized (tokens) {
-            for (String id : tokens.keySet()) {
-                CacheEntry cacheEntry = tokens.get(id);
-                SecurityToken securityToken = cacheEntry.getSecurityToken();
-                if (hashCode == securityToken.getAssociatedHash()) {
-                    return securityToken;
-                }
-            }
-        }
-        return null;
-    }
-
     protected void processTokenExpiry() {
         Date current = new Date();
         synchronized (tokens) {
@@ -121,6 +98,25 @@ public class MemoryTokenStore implements
         }
     }
     
+    private CacheEntry createCacheEntry(SecurityToken token) {
+        CacheEntry cacheEntry = null;
+        if (token.getExpires() == null) {
+            Date expires = new Date();
+            long currentTime = expires.getTime();
+            expires.setTime(currentTime + (DEFAULT_TTL * 1000L));
+            cacheEntry = new CacheEntry(token, expires);
+        } else {
+            Date expires = token.getExpires();
+            Date current = new Date();
+            long expiryTime = expires.getTime() - current.getTime();
+            if (expiryTime < 0 || expiryTime > (MAX_TTL * 1000L)) {
+                expires.setTime(current.getTime() + (DEFAULT_TTL * 1000L));
+            }
+            cacheEntry = new CacheEntry(token, expires);
+        }
+        return cacheEntry;
+    }
+    
     private static class CacheEntry {
         
         private final SecurityToken securityToken;

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
Tue Apr  3 13:45:59 2012
@@ -61,11 +61,6 @@ public class SecurityToken implements Se
     private Element token;
     
     /**
-     * The token in its previous state
-     */
-    private Element previousToken;
-    
-    /**
      * The RequestedAttachedReference element
      * NOTE : The oasis-200401-wss-soap-message-security-1.0 spec allows 
      * an extensibility mechanism for wsse:SecurityTokenReference and 
@@ -116,11 +111,15 @@ public class SecurityToken implements Se
     private String encrKeySha1Value;
     
     /**
-     * A hash code associated with this token. Note that it is not the hashcode of this 
-     * token, but a hash corresponding to an association with this token. It could refer
-     * to the hash of another SecurityToken which maps to this token. 
+     * A hash code associated with this token.
      */
-    private int associatedHash;
+    private int tokenHash;
+    
+    /**
+     * This holds the identifier of another SecurityToken which represents a transformed
+     * version of this token. 
+     */
+    private String transformedTokenIdentifier;
     
     /**
      * The tokenType
@@ -234,24 +233,24 @@ public class SecurityToken implements Se
     }
 
     /**
-     * @return Returns the id.
+     * Get the identifier corresponding to a transformed version of this token
      */
-    public String getId() {
-        return id;
+    public String getTransformedTokenIdentifier() {
+        return transformedTokenIdentifier;
     }
 
     /**
-     * @return Returns the presivousToken.
+     * Set the identifier corresponding to a transformed version of this token
      */
-    public Element getPreviousToken() {
-        return previousToken;
+    public void setTransformedTokenIdentifier(String transformedTokenIdentifier) {
+        this.transformedTokenIdentifier = transformedTokenIdentifier;
     }
-
+    
     /**
-     * @param presivousToken The presivousToken to set.
+     * @return Returns the id.
      */
-    public void setPreviousToken(Element previousToken) {
-        this.previousToken = cloneElement(previousToken);
+    public String getId() {
+        return id;
     }
 
     /**
@@ -419,20 +418,19 @@ public class SecurityToken implements Se
     }
     
     /**
-     * Set a hash code associated with this token. Note that it is not the hashcode of this

-     * token, but a hash corresponding to an association with this token.
+     * Set a hash code associated with this token.
      * @param hash a hash code associated with this token
      */
-    public void setAssociatedHash(int hash) {
-        associatedHash = hash;
+    public void setTokenHash(int hash) {
+        tokenHash = hash;
     }
     
     /**
      * Get a hash code associated with this token.
      * @return a hash code associated with this token.
      */
-    public int getAssociatedHash() {
-        return associatedHash;
+    public int getTokenHash() {
+        return tokenHash;
     }
     
     /**

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java
Tue Apr  3 13:45:59 2012
@@ -28,15 +28,23 @@ import java.util.Collection;
 public interface TokenStore {
     
     /**
-     * Add the given token to the cache.
+     * Add the given token to the cache. The SecurityTokens getId() identifier will be used
to
+     * key it in the cache.
      * @param token The token to be added
      */
     void add(SecurityToken token);
     
     /**
-     * Remove an existing token.
+     * Add the given token to the cache under the given identifier
+     * @param identifier The identifier to use to key the SecurityToken in the cache
+     * @param token The token to be added
+     */
+    void add(String identifier, SecurityToken token);
+    
+    /**
+     * Remove an existing token by its identifier
      */
-    void remove(SecurityToken token);
+    void remove(String identifier);
     
     /**
      * Return the list of all valid token identifiers.
@@ -51,17 +59,10 @@ public interface TokenStore {
     Collection<SecurityToken> getExpiredTokens();
     
     /**
-     * Returns the <code>Token</code> of the given id
-     * @param id
-     * @return The requested <code>Token</code> identified by the given id
-     */
-    SecurityToken getToken(String id);
-    
-    /**
-     * Returns the <code>Token</code> by the associated hash. 
-     * @param hashCode
-     * @return the <code>Token</code> by the associated hash. 
+     * Returns the <code>Token</code> of the given identifier
+     * @param identifier
+     * @return The requested <code>Token</code> identified by the given identifier
      */
-    SecurityToken getTokenByAssociatedHash(int hashCode);
+    SecurityToken getToken(String identifier);
     
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
Tue Apr  3 13:45:59 2012
@@ -91,13 +91,14 @@ public class STSTokenValidator implement
             
             TokenStore tokenStore = getTokenStore(message);
             if (tokenStore != null && hash != 0) {
-                SecurityToken recoveredToken = tokenStore.getTokenByAssociatedHash(hash);
-                if (recoveredToken != null) {
-                    AssertionWrapper assertion = new AssertionWrapper(recoveredToken.getToken());
+                SecurityToken transformedToken = getTransformedToken(tokenStore, hash);
+                if (transformedToken != null) {
+                    AssertionWrapper assertion = new AssertionWrapper(transformedToken.getToken());
                     credential.setTransformedToken(assertion);
                     return credential;
                 }
             }
+            token.setTokenHash(hash);
             
             STSClient c = STSUtils.getClient(message, "sts");
             synchronized (c) {
@@ -108,8 +109,9 @@ public class STSTokenValidator implement
                     AssertionWrapper assertion = new AssertionWrapper(returnedToken.getToken());
                     credential.setTransformedToken(assertion);
                     if (hash != 0) {
-                        returnedToken.setAssociatedHash(hash);
                         tokenStore.add(returnedToken);
+                        token.setTransformedTokenIdentifier(returnedToken.getId());
+                        tokenStore.add(Integer.toString(hash), token);
                     }
                 }
                 return credential;
@@ -157,4 +159,14 @@ public class STSTokenValidator implement
         return false;
     }
 
+    private SecurityToken getTransformedToken(TokenStore tokenStore, int hash) {
+        SecurityToken recoveredToken = tokenStore.getToken(Integer.toString(hash));
+        if (recoveredToken != null && recoveredToken.getTokenHash() == hash) {
+            String transformedTokenId = recoveredToken.getTransformedTokenIdentifier();
+            if (transformedTokenId != null) {
+                return tokenStore.getToken(transformedTokenId);
+            }
+        }
+        return null;
+    }
 }

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java
Tue Apr  3 13:45:59 2012
@@ -21,7 +21,6 @@ package org.apache.cxf.sts.cache;
 
 import java.util.Collection;
 import java.util.Date;
-import java.util.Iterator;
 import java.util.concurrent.TimeUnit;
 
 import com.hazelcast.core.Hazelcast;
@@ -62,37 +61,21 @@ public class HazelCastTokenStore impleme
     
     public void add(SecurityToken token) {
         if (token != null && !StringUtils.isEmpty(token.getId())) {
-            int parsedTTL = 0;
-            if (token.getExpires() != null) {
-                Date expires = token.getExpires();
-                Date current = new Date();
-                long expiryTime = (expires.getTime() - current.getTime()) / 1000L;
-                
-                parsedTTL = (int)expiryTime;
-                if (expiryTime != (long)parsedTTL || parsedTTL < 0 || parsedTTL > MAX_TTL)
{
-                    // Default to configured value
-                    parsedTTL = (int)ttl;
-                    if (ttl != (long)parsedTTL) {
-                        // Fall back to 60 minutes if the default TTL is set incorrectly
-                        parsedTTL = 3600;
-                    }
-                }
-            } else {
-                // Default to configured value
-                parsedTTL = (int)ttl;
-                if (ttl != (long)parsedTTL) {
-                    // Fall back to 60 minutes if the default TTL is set incorrectly
-                    parsedTTL = 3600;
-                }
-            }
-            
+            int parsedTTL = getTTL(token);
             cacheMap.put(token.getId(), token, parsedTTL, TimeUnit.SECONDS);
         }
     }
     
-    public void remove(SecurityToken token) {
-        if (token != null && !StringUtils.isEmpty(token.getId())) {
-            cacheMap.remove(token.getId());
+    public void add(String identifier, SecurityToken token) {
+        if (token != null && !StringUtils.isEmpty(identifier)) {
+            int parsedTTL = getTTL(token);
+            cacheMap.put(identifier, token, parsedTTL, TimeUnit.SECONDS);
+        }
+    }
+    
+    public void remove(String identifier) {
+        if (!StringUtils.isEmpty(identifier) && cacheMap.containsKey(identifier))
{
+            cacheMap.remove(identifier);
         }
     }
     
@@ -105,20 +88,35 @@ public class HazelCastTokenStore impleme
         return null;
     }
 
-    public SecurityToken getToken(String id) {
-        return (SecurityToken)cacheMap.get(id);
+    public SecurityToken getToken(String identifier) {
+        return (SecurityToken)cacheMap.get(identifier);
     }
 
-    public SecurityToken getTokenByAssociatedHash(int hashCode) {
-        Iterator<Object> ids = cacheMap.keySet().iterator();
-        while (ids.hasNext()) {
-            SecurityToken securityToken = getToken((String)ids.next());
-            if (hashCode == securityToken.getAssociatedHash()) {
-                return securityToken;
+    private int getTTL(SecurityToken token) {
+        int parsedTTL = 0;
+        if (token.getExpires() != null) {
+            Date expires = token.getExpires();
+            Date current = new Date();
+            long expiryTime = (expires.getTime() - current.getTime()) / 1000L;
+            
+            parsedTTL = (int)expiryTime;
+            if (expiryTime != (long)parsedTTL || parsedTTL < 0 || parsedTTL > MAX_TTL)
{
+                // Default to configured value
+                parsedTTL = (int)ttl;
+                if (ttl != (long)parsedTTL) {
+                    // Fall back to 60 minutes if the default TTL is set incorrectly
+                    parsedTTL = 3600;
+                }
+            }
+        } else {
+            // Default to configured value
+            parsedTTL = (int)ttl;
+            if (ttl != (long)parsedTTL) {
+                // Fall back to 60 minutes if the default TTL is set incorrectly
+                parsedTTL = 3600;
             }
         }
-        return null;
+        return parsedTTL;
     }
     
-    
 }

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/canceller/SCTCanceller.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/canceller/SCTCanceller.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/canceller/SCTCanceller.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/canceller/SCTCanceller.java
Tue Apr  3 13:45:59 2012
@@ -103,7 +103,7 @@ public class SCTCanceller implements Tok
                         STSException.INVALID_REQUEST
                     );
                 }
-                tokenParameters.getTokenStore().remove(token);
+                tokenParameters.getTokenStore().remove(token.getId());
                 cancelTarget.setState(STATE.CANCELLED);
             } catch (WSSecurityException ex) {
                 LOG.log(Level.WARNING, "", ex);

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
Tue Apr  3 13:45:59 2012
@@ -124,8 +124,10 @@ public class SAMLTokenProvider implement
             AssertionWrapper assertion = createSamlToken(tokenParameters, secret, doc);
             Element token = assertion.toDOM(doc);
             
-            // set the token in cache
-            if (tokenParameters.getTokenStore() != null) {
+            // set the token in cache (only if the token is signed)
+            byte[] signatureValue = assertion.getSignatureValue();
+            if (tokenParameters.getTokenStore() != null && signatureValue != null
+                && signatureValue.length > 0) {
                 Date expires = new Date();
                 long currentTime = expires.getTime();
                 expires.setTime(currentTime + (conditionsProvider.getLifetime() * 1000L));
@@ -133,12 +135,6 @@ public class SAMLTokenProvider implement
                 SecurityToken securityToken = new SecurityToken(assertion.getId(), null,
expires);
                 securityToken.setToken(token);
                 securityToken.setPrincipal(tokenParameters.getPrincipal());
-                int hash = 0;
-                byte[] signatureValue = assertion.getSignatureValue();
-                if (signatureValue != null && signatureValue.length > 0) {
-                    hash = Arrays.hashCode(signatureValue);
-                    securityToken.setAssociatedHash(hash);
-                }
                 if (tokenParameters.getRealm() != null) {
                     Properties props = securityToken.getProperties();
                     if (props == null) {
@@ -147,7 +143,10 @@ public class SAMLTokenProvider implement
                     props.setProperty(STSConstants.TOKEN_REALM, tokenParameters.getRealm());
                     securityToken.setProperties(props);
                 }
-                tokenParameters.getTokenStore().add(securityToken);
+                int hash = Arrays.hashCode(signatureValue);
+                securityToken.setTokenHash(hash);
+                String identifier = Integer.toString(hash);
+                tokenParameters.getTokenStore().add(identifier, securityToken);
             }
             
             TokenProviderResponse response = new TokenProviderResponse();

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SCTRenewer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SCTRenewer.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SCTRenewer.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SCTRenewer.java
Tue Apr  3 13:45:59 2012
@@ -124,7 +124,7 @@ public class SCTRenewer implements Token
                     );
                 }
                 // Remove old token from the cache
-                tokenParameters.getTokenStore().remove(token);
+                tokenParameters.getTokenStore().remove(token.getId());
                 
                 // Create a new token corresponding to the old token
                 Date expires = new Date();

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
Tue Apr  3 13:45:59 2012
@@ -146,14 +146,15 @@ public class SAMLTokenValidator implemen
             response.setPrincipal(samlPrincipal);
             
             SecurityToken secToken = null;
-            if (tokenParameters.getTokenStore() != null) {
-                int hash = 0;
-                byte[] signatureValue = assertion.getSignatureValue();
-                if (signatureValue != null && signatureValue.length > 0) {
-                    hash = Arrays.hashCode(signatureValue);
-                    secToken = tokenParameters.getTokenStore().getTokenByAssociatedHash(hash);
-                    response.setSecurityToken(secToken);
+            byte[] signatureValue = assertion.getSignatureValue();
+            if (tokenParameters.getTokenStore() != null && signatureValue != null
+                && signatureValue.length > 0) {
+                int hash = Arrays.hashCode(signatureValue);
+                secToken = tokenParameters.getTokenStore().getToken(Integer.toString(hash));
+                if (secToken != null && secToken.getTokenHash() != hash) {
+                    secToken = null;
                 }
+                response.setSecurityToken(secToken);
             }
             if (secToken != null && secToken.isExpired()) {
                 LOG.fine("Token: " + secToken.getId() + " is in the cache but expired - revalidating");
@@ -282,13 +283,13 @@ public class SAMLTokenValidator implemen
         if (validFrom.isAfterNow()) {
             LOG.log(Level.WARNING, "SAML Token condition not met");
             if (secToken != null) {
-                tokenStore.remove(secToken);
+                tokenStore.remove(secToken.getId());
             }
             return false;
         } else if (validTill.isBeforeNow()) {
             LOG.log(Level.WARNING, "SAML Token condition not met");
             if (secToken != null) {
-                tokenStore.remove(secToken);
+                tokenStore.remove(secToken.getId());
             }
             validateTarget.setState(STATE.EXPIRED);
             return false;

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
Tue Apr  3 13:45:59 2012
@@ -131,12 +131,6 @@ public class UsernameTokenValidator impl
         //
         UsernameTokenType usernameTokenType = (UsernameTokenType)validateTarget.getToken();
         
-        SecurityToken secToken = null;
-        if (tokenParameters.getTokenStore() != null) {
-            secToken = tokenParameters.getTokenStore().getToken(usernameTokenType.getId());
-            response.setSecurityToken(secToken);
-        }
-
         // Marshall the received JAXB object into a DOM Element
         Element usernameTokenElement = null;
         try {
@@ -170,12 +164,23 @@ public class UsernameTokenValidator impl
             if (ut.getPassword() == null) {
                 return response;
             }
-            if (secToken == null || secToken.isExpired() 
-                || (secToken.getAssociatedHash() != ut.hashCode())) {
+            
+            // See if the UsernameToken is stored in the cache
+            int hash = ut.hashCode();
+            SecurityToken secToken = null;
+            if (tokenParameters.getTokenStore() != null) {
+                secToken = tokenParameters.getTokenStore().getToken(Integer.toString(hash));
+                if (secToken != null && secToken.getTokenHash() != hash) {
+                    secToken = null;
+                }
+            }
+            
+            if (secToken == null) {
                 Credential credential = new Credential();
                 credential.setUsernametoken(ut);
                 validator.validate(credential, requestData);
             }
+            
             Principal principal = 
                 createPrincipal(
                     ut.getName(), ut.getPassword(), ut.getPasswordType(), ut.getNonce(),
ut.getCreated()

Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/DefaultInMemoryTokenStoreTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/DefaultInMemoryTokenStoreTest.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/DefaultInMemoryTokenStoreTest.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/DefaultInMemoryTokenStoreTest.java
Tue Apr  3 13:45:59 2012
@@ -38,7 +38,7 @@ public class DefaultInMemoryTokenStoreTe
         SecurityToken token = new SecurityToken(key);
         store.add(token);
         assertEquals(token, store.getToken(key));
-        store.remove(token);
+        store.remove(token.getId());
         assertNull(store.getToken(key));
     }
     
@@ -52,10 +52,10 @@ public class DefaultInMemoryTokenStoreTe
         store.add(token2);
         store.add(token3);
         assertTrue(store.getTokenIdentifiers().size() == 3);
-        store.remove(token3);
+        store.remove(token3.getId());
         assertNull(store.getToken("test3"));
-        store.remove(token1);
-        store.remove(token2);
+        store.remove(token1.getId());
+        store.remove(token2.getId());
         assertTrue(store.getTokenIdentifiers().size() == 0);
     }
 }

Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/HazelCastTokenStoreTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/HazelCastTokenStoreTest.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/HazelCastTokenStoreTest.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/HazelCastTokenStoreTest.java
Tue Apr  3 13:45:59 2012
@@ -39,7 +39,7 @@ public class HazelCastTokenStoreTest ext
         store.add(token);
         SecurityToken cachedToken = store.getToken(key);
         assertEquals(token.getId(), cachedToken.getId());
-        store.remove(token);
+        store.remove(token.getId());
         assertNull(store.getToken(key));
     }
     
@@ -53,10 +53,10 @@ public class HazelCastTokenStoreTest ext
         store.add(token2);
         store.add(token3);
         assertTrue(store.getTokenIdentifiers().size() == 3);
-        store.remove(token3);
+        store.remove(token3.getId());
         assertNull(store.getToken("test3"));
-        store.remove(token1);
-        store.remove(token2);
+        store.remove(token1.getId());
+        store.remove(token2.getId());
         assertTrue(store.getTokenIdentifiers().size() == 0);
     }
 }

Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateSCTUnitTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateSCTUnitTest.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateSCTUnitTest.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateSCTUnitTest.java
Tue Apr  3 13:45:59 2012
@@ -132,7 +132,7 @@ public class ValidateSCTUnitTest extends
         assertTrue(validateResponse(response));
         
         // Now remove the token from the cache before validating again
-        tokenStore.remove(tokenStore.getToken(providerResponse.getTokenId()));
+        tokenStore.remove(tokenStore.getToken(providerResponse.getTokenId()).getId());
         assertNull(tokenStore.getToken(providerResponse.getTokenId()));
         response = validateOperation.validate(request, webServiceContext);
         assertFalse(validateResponse(response));

Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SCTValidatorTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SCTValidatorTest.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SCTValidatorTest.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SCTValidatorTest.java
Tue Apr  3 13:45:59 2012
@@ -83,7 +83,7 @@ public class SCTValidatorTest extends or
         assertTrue(validatorResponse.getPrincipal().getName().equals("alice"));
         
         // Now remove the SCT from the cache
-        tokenStore.remove(tokenStore.getToken(providerResponse.getTokenId()));
+        tokenStore.remove(tokenStore.getToken(providerResponse.getTokenId()).getId());
         assertNull(tokenStore.getToken(providerResponse.getTokenId()));
         validatorResponse = sctValidator.validateToken(validatorParameters);
         assertTrue(validatorResponse != null);

Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/CustomUsernameTokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/CustomUsernameTokenProvider.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/CustomUsernameTokenProvider.java
(original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/CustomUsernameTokenProvider.java
Tue Apr  3 13:45:59 2012
@@ -68,10 +68,12 @@ public class CustomUsernameTokenProvider
             
             // Store the token in the cache
             if (tokenParameters.getTokenStore() != null) {
-                SecurityToken secrutiyToken = new SecurityToken(usernameToken.getID());
-                secrutiyToken.setToken(usernameToken.getElement());
-                secrutiyToken.setAssociatedHash(usernameToken.hashCode());
-                tokenParameters.getTokenStore().add(secrutiyToken);
+                SecurityToken securityToken = new SecurityToken(usernameToken.getID());
+                securityToken.setToken(usernameToken.getElement());
+                int hashCode = usernameToken.hashCode();
+                String identifier = Integer.toString(hashCode);
+                securityToken.setTokenHash(hashCode);
+                tokenParameters.getTokenStore().add(identifier, securityToken);
             }
             
             return response;



Mime
View raw message