cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1324794 - in /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security: policy/interceptors/ tokenstore/ wss4j/policyhandlers/
Date Wed, 11 Apr 2012 14:51:46 GMT
Author: coheigea
Date: Wed Apr 11 14:51:44 2012
New Revision: 1324794

URL: http://svn.apache.org/viewvc?rev=1324794&view=rev
Log:
[CXF-4158] - Added the ability to renew an expired token in the IssuedTokenInterceptorProvider.

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=1324794&r1=1324793&r2=1324794&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
Wed Apr 11 14:51:44 2012
@@ -203,7 +203,7 @@ public class IssuedTokenInterceptorProvi
                             }
                         }
                     } else {
-                        //renew token?
+                        tok = renewToken(message, aim, itok, tok);
                     }
                     if (tok != null) {
                         for (AssertionInfo ai : ais) {
@@ -214,10 +214,12 @@ public class IssuedTokenInterceptorProvi
                                 message, SecurityConstants.CACHE_ISSUED_TOKEN_IN_ENDPOINT,
true
                             );
                         if (cacheIssuedToken) {
-                            message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID,

-                                                                          tok.getId());
+                            message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN,
tok);
+                            message.getExchange().put(SecurityConstants.TOKEN, tok);
                             message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId());
+                            message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID,
tok.getId());
                         } else {
+                            message.put(SecurityConstants.TOKEN, tok);
                             message.put(SecurityConstants.TOKEN_ID, tok.getId());
                         }
                         getTokenStore(message).add(tok);
@@ -252,14 +254,20 @@ public class IssuedTokenInterceptorProvi
                 );
             SecurityToken tok = null;
             if (cacheIssuedToken) {
-                String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
-                if (tokId != null) {
-                    tok = getTokenStore(message).getToken(tokId);
+                tok = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
+                if (tok == null) {
+                    String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
+                    if (tokId != null) {
+                        tok = getTokenStore(message).getToken(tokId);
+                    }
                 }
             } else {
-                String tokId = (String)message.get(SecurityConstants.TOKEN_ID);
-                if (tokId != null) {
-                    tok = getTokenStore(message).getToken(tokId);
+                tok = (SecurityToken)message.get(SecurityConstants.TOKEN);
+                if (tok == null) {
+                    String tokId = (String)message.get(SecurityConstants.TOKEN_ID);
+                    if (tokId != null) {
+                        tok = getTokenStore(message).getToken(tokId);
+                    }
                 }
             }
             return tok;
@@ -397,6 +405,49 @@ public class IssuedTokenInterceptorProvi
             }
         }
         
+        private SecurityToken renewToken(
+            Message message, 
+            AssertionInfoMap aim,
+            IssuedToken itok,
+            SecurityToken tok
+        ) {
+            if (!tok.isExpired()) {
+                return tok;
+            }
+            
+            STSClient client = STSUtils.getClient(message, "sts", itok);
+            AddressingProperties maps =
+                (AddressingProperties)message
+                    .get("javax.xml.ws.addressing.context.outbound");
+            if (maps == null) {
+                maps = (AddressingProperties)message
+                    .get("javax.xml.ws.addressing.context");
+            }
+            synchronized (client) {
+                try {
+                    Map<String, Object> ctx = client.getRequestContext();
+                    mapSecurityProps(message, ctx);
+                
+                    client.setMessage(message);
+                    
+                    client.setTrust(getTrust10(aim));
+                    client.setTrust(getTrust13(aim));
+                    
+                    client.setTemplate(itok.getRstTemplate());
+                    return client.renewSecurityToken(tok);
+                } catch (RuntimeException e) {
+                    throw e;
+                } catch (Exception e) {
+                    throw new Fault(e);
+                } finally {
+                    client.setTrust((Trust10)null);
+                    client.setTrust((Trust13)null);
+                    client.setTemplate(null);
+                    client.setAddressingNamespace(null);
+                }
+            }
+        }
+        
     }
     
     static class IssuedTokenInInterceptor extends AbstractPhaseInterceptor<Message>
{
@@ -447,7 +498,9 @@ public class IssuedTokenInterceptorProvi
                 boolean valid = issuedValidator.validatePolicy(issuedAis, assertionWrapper);
                 if (valid) {
                     SecurityToken token = createSecurityToken(assertionWrapper);
-                    message.getExchange().put(SecurityConstants.TOKEN, token);
+                    getTokenStore(message).add(token);
+                    message.getExchange().remove(SecurityConstants.TOKEN);
+                    message.getExchange().put(SecurityConstants.TOKEN_ID, token.getId());
                     return;
                 }
             }
@@ -455,7 +508,9 @@ public class IssuedTokenInterceptorProvi
                 boolean valid = issuedValidator.validatePolicy(issuedAis, binarySecurityToken);
                 if (valid) {
                     SecurityToken token = createSecurityToken(binarySecurityToken);
-                    message.getExchange().put(SecurityConstants.TOKEN, token);
+                    getTokenStore(message).add(token);
+                    message.getExchange().remove(SecurityConstants.TOKEN);
+                    message.getExchange().put(SecurityConstants.TOKEN_ID, token.getId());
                     return;
                 }
             }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java?rev=1324794&r1=1324793&r2=1324794&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
Wed Apr 11 14:51:44 2012
@@ -259,7 +259,7 @@ final class NegotiationUtils {
                         token.setToken(tok.getElement());
                         token.setSecret(secret);
                         token.setTokenType(tok.getTokenType());
-                        message.getExchange().put(SecurityConstants.TOKEN, token);
+                        getTokenStore(message).add(token);
                     }
                     return true;
                 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java?rev=1324794&r1=1324793&r2=1324794&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
Wed Apr 11 14:51:44 2012
@@ -41,7 +41,6 @@ import org.apache.cxf.staxutils.W3CDOMSt
 import org.apache.cxf.ws.addressing.AddressingProperties;
 import org.apache.cxf.ws.addressing.AttributedURIType;
 import org.apache.cxf.ws.addressing.JAXWSAConstants;
-import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.cxf.ws.security.trust.STSUtils;
@@ -162,7 +161,6 @@ abstract class STSInvoker implements Inv
                 .getProperty(TokenStore.class.getName());
         store.remove(cancelToken.getId());
         writer.writeEmptyElement(prefix, "RequestedTokenCancelled", namespace);
-        exchange.put(SecurityConstants.TOKEN, cancelToken);
         
         writer.writeEndElement();
         if (STSUtils.WST_NS_05_12.equals(namespace)) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java?rev=1324794&r1=1324793&r2=1324794&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
Wed Apr 11 14:51:44 2012
@@ -74,10 +74,10 @@ class SecureConversationOutInterceptor e
                     for (AssertionInfo ai : ais) {
                         ai.setAsserted(true);
                     }
-                    message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID,

-                                                                  tok.getId());
-                    message.getExchange().put(SecurityConstants.TOKEN_ID, 
-                                              tok.getId());
+                    message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN,
tok);
+                    message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID,
tok.getId());
+                    message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId());
+                    message.getExchange().put(SecurityConstants.TOKEN, tok);
                     NegotiationUtils.getTokenStore(message).add(tok);
                     
                 }
@@ -118,7 +118,7 @@ class SecureConversationOutInterceptor e
                 client.setLocation(s);
                 
                 Map<String, Object> ctx = client.getRequestContext();
-                ctx.put(SecurityConstants.TOKEN, tok);
+                ctx.put(SecurityConstants.TOKEN_ID, tok.getId());
                 if (maps != null) {
                     client.setAddressingNamespace(maps.getNamespaceURI());
                 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java?rev=1324794&r1=1324793&r2=1324794&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
Wed Apr 11 14:51:44 2012
@@ -247,6 +247,13 @@ public class SecurityToken implements Se
     }
     
     /**
+     * Set the id
+     */
+    public void setId(String id) {
+        this.id = id;
+    }
+    
+    /**
      * @return Returns the id.
      */
     public String getId() {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1324794&r1=1324793&r2=1324794&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Wed Apr 11 14:51:44 2012
@@ -630,13 +630,13 @@ public abstract class AbstractBindingBui
 
     protected SecurityToken getSecurityToken() {
         SecurityToken st = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
-        if (st == null || st.isExpired()) {
+        if (st == null) {
             String id = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
             if (id != null) {
                 st = getTokenStore().getToken(id);
             }
         }
-        if (st != null && !st.isExpired()) {
+        if (st != null) {
             getTokenStore().add(st);
             return st;
         }



Mime
View raw message