Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 94B33EBAC for ; Wed, 27 Feb 2013 22:30:50 +0000 (UTC) Received: (qmail 99452 invoked by uid 500); 27 Feb 2013 22:30:50 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 99367 invoked by uid 500); 27 Feb 2013 22:30:50 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 99359 invoked by uid 99); 27 Feb 2013 22:30:50 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Feb 2013 22:30:50 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Feb 2013 22:30:47 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id CF682238890B; Wed, 27 Feb 2013 22:30:25 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1451006 - in /cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security: SecurityConstants.java wss4j/AbstractWSS4JInterceptor.java Date: Wed, 27 Feb 2013 22:30:25 -0000 To: commits@cxf.apache.org From: coheigea@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130227223025.CF682238890B@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: coheigea Date: Wed Feb 27 22:30:25 2013 New Revision: 1451006 URL: http://svn.apache.org/r1451006 Log: Merged revisions 1451001 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/branches/2.7.x-fixes ........ r1451001 | coheigea | 2013-02-27 14:18:52 -0800 (Wed, 27 Feb 2013) | 10 lines Merged revisions 1450977 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/trunk ........ r1450977 | coheigea | 2013-02-27 13:36:06 -0800 (Wed, 27 Feb 2013) | 2 lines Adding ability to configure UsernameToken TTL ........ ........ Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1451006&r1=1451005&r2=1451006&view=diff ============================================================================== --- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (original) +++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Wed Feb 27 22:30:25 2013 @@ -201,6 +201,19 @@ public final class SecurityConstants { public static final String TIMESTAMP_FUTURE_TTL = "ws-security.timestamp.futureTimeToLive"; /** + * The time in seconds to append to the Creation value of an incoming UsernameToken to determine + * whether to accept the UsernameToken as valid or not. The default value is 300 seconds (5 minutes). + */ + public static final String USERNAMETOKEN_TTL = "ws-security.usernametoken.timeToLive"; + + /** + * The time in seconds in the future within which the Created time of an incoming + * UsernameToken is valid. The default value is "60", to avoid problems where clocks are + * slightly askew. To reject all future-created UsernameTokens, set this value to "0". + */ + public static final String USERNAMETOKEN_FUTURE_TTL = "ws-security.usernametoken.futureTimeToLive"; + + /** * The attribute URI of the SAML AttributeStatement where the role information is stored. * The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role". */ Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=1451006&r1=1451005&r2=1451006&view=diff ============================================================================== --- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java (original) +++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java Wed Feb 27 22:30:25 2013 @@ -173,6 +173,18 @@ public abstract class AbstractWSS4JInter if (ttl != null) { msg.setContextualProperty(WSHandlerConstants.TTL_TIMESTAMP, ttl); } + + String utFutureTTL = + (String)msg.getContextualProperty(SecurityConstants.USERNAMETOKEN_FUTURE_TTL); + if (utFutureTTL != null) { + msg.setContextualProperty(WSHandlerConstants.TTL_FUTURE_USERNAMETOKEN, utFutureTTL); + } + String utTTL = + (String)msg.getContextualProperty(SecurityConstants.USERNAMETOKEN_TTL); + if (utTTL != null) { + msg.setContextualProperty(WSHandlerConstants.TTL_USERNAMETOKEN, utTTL); + } + String certConstraints = (String)msg.getContextualProperty(SecurityConstants.SUBJECT_CERT_CONSTRAINTS); if (certConstraints != null) {