cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1433902 - /cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
Date Wed, 16 Jan 2013 11:29:32 GMT
Author: coheigea
Date: Wed Jan 16 11:29:32 2013
New Revision: 1433902

URL: http://svn.apache.org/viewvc?rev=1433902&view=rev
Log:
Merged revisions 1433898 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/branches/2.7.x-fixes

........
  r1433898 | coheigea | 2013-01-16 11:08:41 +0000 (Wed, 16 Jan 2013) | 10 lines

  Merged revisions 1433895 via  git cherry-pick from
  https://svn.apache.org/repos/asf/cxf/trunk

  ........
    r1433895 | coheigea | 2013-01-16 11:01:29 +0000 (Wed, 16 Jan 2013) | 2 lines

    [CXF-4742] - Not possible to disable token renewal in STS client

  ........

........

Modified:
    cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java

Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=1433902&r1=1433901&r2=1433902&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
Wed Jan 16 11:29:32 2013
@@ -146,63 +146,7 @@ public class IssuedTokenInterceptorProvi
                     
                     SecurityToken tok = retrieveCachedToken(message);
                     if (tok == null) {
-                        STSClient client = STSUtils.getClient(message, "sts", itok);
-                        AddressingProperties maps =
-                            (AddressingProperties)message
-                                .get("javax.xml.ws.addressing.context.outbound");
-                        if (maps == null) {
-                            maps = (AddressingProperties)message
-                                .get("javax.xml.ws.addressing.context");
-                        }
-                        synchronized (client) {
-                            try {
-                                // Transpose ActAs/OnBehalfOf info from original request
to the STS client.
-                                Object token = 
-                                    message.getContextualProperty(SecurityConstants.STS_TOKEN_ACT_AS);
-                                if (token != null) {
-                                    client.setActAs(token);
-                                }
-                                token = 
-                                    message.getContextualProperty(SecurityConstants.STS_TOKEN_ON_BEHALF_OF);
-                                if (token != null) {
-                                    client.setOnBehalfOf(token);
-                                }
-                                Map<String, Object> ctx = client.getRequestContext();
-                                mapSecurityProps(message, ctx);
-                            
-                                Object o = message.getContextualProperty(SecurityConstants.STS_APPLIES_TO);
-                                String appliesTo = o == null ? null : o.toString();
-                                appliesTo = appliesTo == null 
-                                    ? message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString()
-                                        : appliesTo;
-                                boolean enableAppliesTo = client.isEnableAppliesTo();
-                                
-                                client.setMessage(message);
-                                Element onBehalfOfToken = client.getOnBehalfOfToken();
-                                Element actAsToken = client.getActAsToken();
-                                
-                                SecurityToken secToken = 
-                                    handleDelegation(
-                                        message, onBehalfOfToken, actAsToken, appliesTo,
enableAppliesTo
-                                    );
-                                if (secToken == null) {
-                                    secToken = getTokenFromSTS(message, client, aim, maps,
itok, appliesTo);
-                                }
-                                tok = secToken;
-                                storeDelegationTokens(
-                                    message, tok, onBehalfOfToken, actAsToken, appliesTo,
enableAppliesTo
-                                );
-                            } catch (RuntimeException e) {
-                                throw e;
-                            } catch (Exception e) {
-                                throw new Fault(e);
-                            } finally {
-                                client.setTrust((Trust10)null);
-                                client.setTrust((Trust13)null);
-                                client.setTemplate(null);
-                                client.setAddressingNamespace(null);
-                            }
-                        }
+                        tok = issueToken(message, aim, itok);
                     } else {
                         tok = renewToken(message, aim, itok, tok);
                     }
@@ -413,11 +357,18 @@ public class IssuedTokenInterceptorProvi
             IssuedToken itok,
             SecurityToken tok
         ) {
+            // If the token has not expired then we don't need to renew it
             if (!tok.isExpired()) {
                 return tok;
             }
             
+            // If the user has explicitly disabled Renewing then we can't renew a token,
+            // so just get a new one
             STSClient client = STSUtils.getClient(message, "sts", itok);
+            if (!client.isAllowRenewing()) {
+                return issueToken(message, aim, itok);
+            }
+            
             AddressingProperties maps =
                 (AddressingProperties)message
                     .get("javax.xml.ws.addressing.context.outbound");
@@ -454,6 +405,70 @@ public class IssuedTokenInterceptorProvi
             }
         }
         
+        private SecurityToken issueToken(
+             Message message, 
+             AssertionInfoMap aim,
+             IssuedToken itok
+        ) {
+            STSClient client = STSUtils.getClient(message, "sts", itok);
+            AddressingProperties maps =
+                (AddressingProperties)message
+                    .get("javax.xml.ws.addressing.context.outbound");
+            if (maps == null) {
+                maps = (AddressingProperties)message
+                    .get("javax.xml.ws.addressing.context");
+            }
+            synchronized (client) {
+                try {
+                    // Transpose ActAs/OnBehalfOf info from original request to the STS client.
+                    Object token = 
+                        message.getContextualProperty(SecurityConstants.STS_TOKEN_ACT_AS);
+                    if (token != null) {
+                        client.setActAs(token);
+                    }
+                    token = 
+                        message.getContextualProperty(SecurityConstants.STS_TOKEN_ON_BEHALF_OF);
+                    if (token != null) {
+                        client.setOnBehalfOf(token);
+                    }
+                    Map<String, Object> ctx = client.getRequestContext();
+                    mapSecurityProps(message, ctx);
+                
+                    Object o = message.getContextualProperty(SecurityConstants.STS_APPLIES_TO);
+                    String appliesTo = o == null ? null : o.toString();
+                    appliesTo = appliesTo == null 
+                        ? message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString()
+                            : appliesTo;
+                    boolean enableAppliesTo = client.isEnableAppliesTo();
+                    
+                    client.setMessage(message);
+                    Element onBehalfOfToken = client.getOnBehalfOfToken();
+                    Element actAsToken = client.getActAsToken();
+                    
+                    SecurityToken secToken = 
+                        handleDelegation(
+                            message, onBehalfOfToken, actAsToken, appliesTo, enableAppliesTo
+                        );
+                    if (secToken == null) {
+                        secToken = getTokenFromSTS(message, client, aim, maps, itok, appliesTo);
+                    }
+                    storeDelegationTokens(
+                        message, secToken, onBehalfOfToken, actAsToken, appliesTo, enableAppliesTo
+                    );
+                    return secToken;
+                } catch (RuntimeException e) {
+                    throw e;
+                } catch (Exception e) {
+                    throw new Fault(e);
+                } finally {
+                    client.setTrust((Trust10)null);
+                    client.setTrust((Trust13)null);
+                    client.setTemplate(null);
+                    client.setAddressingNamespace(null);
+                }
+            }
+        }
+        
     }
     
     static class IssuedTokenInInterceptor extends AbstractPhaseInterceptor<Message>
{



Mime
View raw message