cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1436836 - in /cxf/fediz/trunk: pom.xml services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java
Date Tue, 22 Jan 2013 11:15:18 GMT
Author: coheigea
Date: Tue Jan 22 11:15:18 2013
New Revision: 1436836

URL: http://svn.apache.org/viewvc?rev=1436836&view=rev
Log:
[FEDIZ-47] - OnBehalfOf Token does not expire in the IdP

Modified:
    cxf/fediz/trunk/pom.xml
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java

Modified: cxf/fediz/trunk/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/pom.xml?rev=1436836&r1=1436835&r2=1436836&view=diff
==============================================================================
--- cxf/fediz/trunk/pom.xml (original)
+++ cxf/fediz/trunk/pom.xml Tue Jan 22 11:15:18 2013
@@ -34,7 +34,7 @@
     <properties>
         <commons.lang.version>3.0.1</commons.lang.version>
         <commons.logging.version>1.1.1</commons.logging.version>
-        <cxf.version>2.7.2</cxf.version>
+        <cxf.version>2.7.3-SNAPSHOT</cxf.version>
         <cxf.build-utils.version>2.5.0</cxf.build-utils.version>
         <ehcache.version>2.5.1</ehcache.version>
         <httpclient.version>4.2.2</httpclient.version>

Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java?rev=1436836&r1=1436835&r2=1436836&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
(original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
Tue Jan 22 11:15:18 2013
@@ -19,28 +19,16 @@
 package org.apache.cxf.fediz.service.idp;
 
 import java.io.StringWriter;
-import java.security.cert.X509Certificate;
 
 import javax.xml.transform.OutputKeys;
 import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerException;
 import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
 import javax.xml.transform.stream.StreamResult;
 
-import org.w3c.dom.Element;
-
 import org.apache.cxf.Bus;
-import org.apache.cxf.binding.soap.SoapBindingConstants;
-import org.apache.cxf.helpers.DOMUtils;
-import org.apache.cxf.service.model.BindingOperationInfo;
-import org.apache.cxf.staxutils.StaxUtils;
-import org.apache.cxf.staxutils.W3CDOMStreamWriter;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.trust.STSClient;
-import org.apache.cxf.ws.security.trust.STSUtils;
-import org.apache.ws.security.components.crypto.Crypto;
-
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -66,123 +54,13 @@ public class IdpSTSClient extends STSCli
 
     public String requestSecurityTokenResponse(String appliesTo, String action,
             String requestType, SecurityToken target) throws Exception {
-        createClient();
-        BindingOperationInfo boi = findOperation("/RST/Issue");
-
-        client.getRequestContext().putAll(ctx);
-        if (action != null) {
-            client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION,
-                    action);
-        } else {
-            client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION,
-                    namespace + "/RST/Issue");
-        }
-
-        W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
-        writer.writeStartElement("wst", "RequestSecurityToken", namespace);
-        writer.writeNamespace("wst", namespace);
-        if (context != null) {
-            writer.writeAttribute(null, "Context", context);
-        }
-
-        boolean wroteKeySize = false;
-        String keyTypeTemplate = null;
-        String sptt = null;
-
-        if (template != null) {
-            if (this.useSecondaryParameters()) {
-                writer.writeStartElement("wst", "SecondaryParameters",
-                        namespace);
-            }
-
-            Element tl = DOMUtils.getFirstElement(template);
-            while (tl != null) {
-                StaxUtils.copy(tl, writer);
-                if ("KeyType".equals(tl.getLocalName())) {
-                    keyTypeTemplate = DOMUtils.getContent(tl);
-                } else if ("KeySize".equals(tl.getLocalName())) {
-                    wroteKeySize = true;
-                    keySize = Integer.parseInt(DOMUtils.getContent(tl));
-                } else if ("TokenType".equals(tl.getLocalName())) {
-                    sptt = DOMUtils.getContent(tl);
-                }
-                tl = DOMUtils.getNextElement(tl);
-            }
-
-            if (this.useSecondaryParameters()) {
-                writer.writeEndElement();
-            }
-        }
-
-        addRequestType(requestType, writer);
-        if (enableAppliesTo) {
-            addAppliesTo(writer, appliesTo);
-        }
-
-        addClaims(writer);
-
-        Element onBehalfOfToken = getOnBehalfOfToken();
-        if (onBehalfOfToken != null) {
-            writer.writeStartElement("wst", "OnBehalfOf", namespace);
-            StaxUtils.copy(onBehalfOfToken, writer);
-            writer.writeEndElement();
-        }
-        if (sptt == null) {
-            addTokenType(writer);
-        }
-        if (isSecureConv || enableLifetime) {
-            addLifetime(writer);
-        }
-        if (keyTypeTemplate == null) {
-            keyTypeTemplate = writeKeyType(writer, keyType);
-        }
-
-        byte[] requestorEntropy = null;
-        X509Certificate cert = null;
-        Crypto crypto = null;
-
-        if (keySize <= 0) {
-            keySize = 256;
-        }
-        if (keyTypeTemplate != null && keyTypeTemplate.endsWith("SymmetricKey"))
{
-            requestorEntropy = writeElementsForRSTSymmetricKey(writer,
-                    wroteKeySize);
-        } else if (keyTypeTemplate != null
-                && keyTypeTemplate.endsWith("PublicKey")) {
-            crypto = createCrypto(false);
-            cert = getCert(crypto);
-            writeElementsForRSTPublicKey(writer, cert);
-        }
-
-        if (target != null) {
-            writer.writeStartElement("wst", "RenewTarget", namespace);
-            Element el = target.getUnattachedReference();
-            if (el == null) {
-                el = target.getAttachedReference();
-            }
-            StaxUtils.copy(el, writer);
-            writer.writeEndElement();
-        }
-
-        Element actAsSecurityToken = getActAsToken();
-        if (actAsSecurityToken != null) {
-            writer.writeStartElement(STSUtils.WST_NS_08_02, "ActAs");
-            StaxUtils.copy(actAsSecurityToken, writer);
-            writer.writeEndElement();
-        }
-
-        writer.writeEndElement();
-
-        Object obj[] = client.invoke(boi, new DOMSource(writer.getDocument()
-                .getDocumentElement()));
-
-        DOMSource rstr = (DOMSource) obj[0];
+        STSResponse response = issue(appliesTo, null, "/Issue", null);
 
         StringWriter sw = new StringWriter();
         try {
             Transformer t = TransformerFactory.newInstance().newTransformer();
             t.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
-            t.transform(rstr, new StreamResult(sw));
+            t.transform(response.getResponse(), new StreamResult(sw));
         } catch (TransformerException te) {
             LOG.warn("nodeToString Transformer Exception");
         }

Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java?rev=1436836&r1=1436835&r2=1436836&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java
(original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java
Tue Jan 22 11:15:18 2013
@@ -201,7 +201,14 @@ public class STSClientFilter extends Abs
             
             if (context.get(tokenStoreName) != null) {
                 LOG.info("Security token '" + tokenStoreName + "' already created.");
-                return;
+                Object token = context.get(tokenStoreName);
+                if ((token instanceof SecurityToken)
+                    && ((SecurityToken)token).isExpired()) {
+                    LOG.info("Security token '" + tokenStoreName + "' has expired.");
+                    context.remove(tokenStoreName);
+                } else {
+                    return;
+                }
             }
 
             Bus cxfBus = getBus();



Mime
View raw message