cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1456878 - /cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/
Date Fri, 15 Mar 2013 10:45:58 GMT
Author: coheigea
Date: Fri Mar 15 10:45:58 2013
New Revision: 1456878

URL: http://svn.apache.org/r1456878
Log:
Merged revisions 1456876 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1456876 | coheigea | 2013-03-15 10:42:25 +0000 (Fri, 15 Mar 2013) | 2 lines

  Remove expired tokens from cache + always retrieve a new token for the Kerberos case

........

Modified:
    cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
    cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
    cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
    cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java

Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=1456878&r1=1456877&r2=1456878&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
Fri Mar 15 10:45:58 2013
@@ -367,6 +367,13 @@ public class IssuedTokenInterceptorProvi
                 return tok;
             }
             
+            // Remove token from cache
+            message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN);
+            message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
+            message.getExchange().remove(SecurityConstants.TOKEN_ID);
+            message.getExchange().remove(SecurityConstants.TOKEN);
+            NegotiationUtils.getTokenStore(message).remove(tok.getId());
+            
             // If the user has explicitly disabled Renewing then we can't renew a token,
             // so just get a new one
             STSClient client = STSUtils.getClient(message, "sts", itok);

Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java?rev=1456878&r1=1456877&r2=1456878&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
Fri Mar 15 10:45:58 2013
@@ -108,21 +108,15 @@ public class KerberosTokenInterceptorPro
                 }
                 if (isRequestor(message)) {
                     SecurityToken tok = null;
-                    String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
-                    if (tokId != null) {
-                        tok = getTokenStore(message).getToken(tokId);
-                    }
-                    if (tok == null) {
-                        try {
-                            KerberosClient client = KerberosUtils.getClient(message, "kerberos");
-                            synchronized (client) {
-                                tok = client.requestSecurityToken();
-                            }
-                        } catch (RuntimeException e) {
-                            throw e;
-                        } catch (Exception e) {
-                            throw new Fault(e);
+                    try {
+                        KerberosClient client = KerberosUtils.getClient(message, "kerberos");
+                        synchronized (client) {
+                            tok = client.requestSecurityToken();
                         }
+                    } catch (RuntimeException e) {
+                        throw e;
+                    } catch (Exception e) {
+                        throw new Fault(e);
                     }
                     if (tok != null) {
                         for (AssertionInfo ai : ais) {

Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java?rev=1456878&r1=1456877&r2=1456878&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
Fri Mar 15 10:45:58 2013
@@ -99,6 +99,14 @@ class SecureConversationOutInterceptor e
             return tok;
         }
         
+        
+        // Remove the old token
+        message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN);
+        message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
+        message.getExchange().remove(SecurityConstants.TOKEN_ID);
+        message.getExchange().remove(SecurityConstants.TOKEN);
+        NegotiationUtils.getTokenStore(message).remove(tok.getId());
+        
         STSClient client = STSUtils.getClient(message, "sct");
         AddressingProperties maps =
             (AddressingProperties)message

Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java?rev=1456878&r1=1456877&r2=1456878&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
Fri Mar 15 10:45:58 2013
@@ -60,8 +60,16 @@ class SpnegoContextTokenOutInterceptor e
                 SecurityToken tok = null;
                 if (tokId != null) {
                     tok = NegotiationUtils.getTokenStore(message).getToken(tokId);
+                    
+                    if (tok != null && tok.isExpired()) {
+                        message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
+                        message.getExchange().remove(SecurityConstants.TOKEN_ID);
+                        NegotiationUtils.getTokenStore(message).remove(tokId);
+                        tok = null;
+                    }
                 }
-                if (tok == null || !tok.isExpired()) {
+                
+                if (tok == null) {
                     tok = issueToken(message, aim);
                 }
                 if (tok != null) {



Mime
View raw message