cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1450977 - in /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security: SecurityConstants.java wss4j/AbstractWSS4JInterceptor.java
Date Wed, 27 Feb 2013 21:36:06 GMT
Author: coheigea
Date: Wed Feb 27 21:36:06 2013
New Revision: 1450977

URL: http://svn.apache.org/r1450977
Log:
Adding ability to configure UsernameToken TTL

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1450977&r1=1450976&r2=1450977&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Wed Feb 27 21:36:06 2013
@@ -200,6 +200,19 @@ public final class SecurityConstants {
     public static final String TIMESTAMP_FUTURE_TTL = "ws-security.timestamp.futureTimeToLive";
     
     /**
+     * The time in seconds to append to the Creation value of an incoming UsernameToken to
determine
+     * whether to accept the UsernameToken as valid or not. The default value is 300 seconds
(5 minutes).
+     */
+    public static final String USERNAMETOKEN_TTL = "ws-security.usernametoken.timeToLive";
+    
+    /**
+     * The time in seconds in the future within which the Created time of an incoming 
+     * UsernameToken is valid. The default value is "60", to avoid problems where clocks
are 
+     * slightly askew. To reject all future-created UsernameTokens, set this value to "0".

+     */
+    public static final String USERNAMETOKEN_FUTURE_TTL = "ws-security.usernametoken.futureTimeToLive";
+    
+    /**
      * The attribute URI of the SAML AttributeStatement where the role information is stored.
      * The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role".
      */

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=1450977&r1=1450976&r2=1450977&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
Wed Feb 27 21:36:06 2013
@@ -173,6 +173,18 @@ public abstract class AbstractWSS4JInter
         if (ttl != null) {
             msg.setContextualProperty(WSHandlerConstants.TTL_TIMESTAMP, ttl);
         }
+        
+        String utFutureTTL = 
+            (String)msg.getContextualProperty(SecurityConstants.USERNAMETOKEN_FUTURE_TTL);
+        if (utFutureTTL != null) {
+            msg.setContextualProperty(WSHandlerConstants.TTL_FUTURE_USERNAMETOKEN, utFutureTTL);
+        }
+        String utTTL = 
+            (String)msg.getContextualProperty(SecurityConstants.USERNAMETOKEN_TTL);
+        if (utTTL != null) {
+            msg.setContextualProperty(WSHandlerConstants.TTL_USERNAMETOKEN, utTTL);
+        }
+        
         String certConstraints = 
             (String)msg.getContextualProperty(SecurityConstants.SUBJECT_CERT_CONSTRAINTS);
         if (certConstraints != null) {



Mime
View raw message