cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1456893 - /cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/
Date Fri, 15 Mar 2013 11:03:50 GMT
Author: coheigea
Date: Fri Mar 15 11:03:50 2013
New Revision: 1456893

URL: http://svn.apache.org/r1456893
Log:
Merged revisions 1456888 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/branches/2.6.x-fixes

........
  r1456888 | coheigea | 2013-03-15 10:59:46 +0000 (Fri, 15 Mar 2013) | 18 lines

  Merged revisions 1456878 via  git cherry-pick from
  https://svn.apache.org/repos/asf/cxf/branches/2.7.x-fixes

  ........
    r1456878 | coheigea | 2013-03-15 10:45:58 +0000 (Fri, 15 Mar 2013) | 10 lines

    Merged revisions 1456876 via  git cherry-pick from
    https://svn.apache.org/repos/asf/cxf/trunk

    ........
      r1456876 | coheigea | 2013-03-15 10:42:25 +0000 (Fri, 15 Mar 2013) | 2 lines

      Remove expired tokens from cache + always retrieve a new token for the Kerberos case

    ........

  ........

........

Modified:
    cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
    cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
    cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
    cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java

Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=1456893&r1=1456892&r2=1456893&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
Fri Mar 15 11:03:50 2013
@@ -389,6 +389,50 @@ public class IssuedTokenInterceptorProvi
             client.setTrust(getTrust10(aim));
             client.setTrust(getTrust13(aim));
             client.setTemplate(itok.getRstTemplate());
+<<<<<<< HEAD
+=======
+            Element policy = itok.getPolicy();
+            if (policy != null && policy.getNamespaceURI() != null) {
+                client.setWspNamespace(policy.getNamespaceURI());
+            }
+            if (maps != null && maps.getNamespaceURI() != null) {
+                client.setAddressingNamespace(maps.getNamespaceURI());
+            }
+            if (itok.getClaims() != null) {
+                client.setClaims(itok.getClaims());
+            }
+            return client.requestSecurityToken(appliesTo);
+        }
+        
+        private SecurityToken renewToken(
+            Message message, 
+            AssertionInfoMap aim,
+            IssuedToken itok,
+            SecurityToken tok
+        ) {
+            // If the token has not expired then we don't need to renew it
+            if (!tok.isExpired()) {
+                return tok;
+            }
+            
+            // Remove token from cache
+            message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN);
+            message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
+            message.getExchange().remove(SecurityConstants.TOKEN_ID);
+            message.getExchange().remove(SecurityConstants.TOKEN);
+            NegotiationUtils.getTokenStore(message).remove(tok.getId());
+            
+            // If the user has explicitly disabled Renewing then we can't renew a token,
+            // so just get a new one
+            STSClient client = STSUtils.getClient(message, "sts", itok);
+            if (!client.isAllowRenewing()) {
+                return issueToken(message, aim, itok);
+            }
+            
+            AddressingProperties maps =
+                (AddressingProperties)message
+                    .get("javax.xml.ws.addressing.context.outbound");
+>>>>>>> 5b53eba... Merged revisions 1456878 via  git cherry-pick from
             if (maps == null) {
                 return client.requestSecurityToken();
             } else {

Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java?rev=1456893&r1=1456892&r2=1456893&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
Fri Mar 15 11:03:50 2013
@@ -99,6 +99,7 @@ public class KerberosTokenInterceptorPro
                     return;
                 }
                 if (isRequestor(message)) {
+<<<<<<< HEAD
                     SecurityToken tok = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
                     if (tok == null) {
                         String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
@@ -116,7 +117,18 @@ public class KerberosTokenInterceptorPro
                             throw e;
                         } catch (Exception e) {
                             throw new Fault(e);
+=======
+                    SecurityToken tok = null;
+                    try {
+                        KerberosClient client = KerberosUtils.getClient(message, "kerberos");
+                        synchronized (client) {
+                            tok = client.requestSecurityToken();
+>>>>>>> 5b53eba... Merged revisions 1456878 via  git cherry-pick from
                         }
+                    } catch (RuntimeException e) {
+                        throw e;
+                    } catch (Exception e) {
+                        throw new Fault(e);
                     }
                     if (tok != null) {
                         for (AssertionInfo ai : ais) {

Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java?rev=1456893&r1=1456892&r2=1456893&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
Fri Mar 15 11:03:50 2013
@@ -99,6 +99,14 @@ class SecureConversationOutInterceptor e
             return;
         }
         
+        
+        // Remove the old token
+        message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN);
+        message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
+        message.getExchange().remove(SecurityConstants.TOKEN_ID);
+        message.getExchange().remove(SecurityConstants.TOKEN);
+        NegotiationUtils.getTokenStore(message).remove(tok.getId());
+        
         STSClient client = STSUtils.getClient(message, "sct");
         AddressingProperties maps =
             (AddressingProperties)message

Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java?rev=1456893&r1=1456892&r2=1456893&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
Fri Mar 15 11:03:50 2013
@@ -56,14 +56,28 @@ class SpnegoContextTokenOutInterceptor e
                 return;
             }
             if (isRequestor(message)) {
+<<<<<<< HEAD
                 SecurityToken tok = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
                 if (tok == null) {
                     String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
                     if (tokId != null) {
                         tok = NegotiationUtils.getTokenStore(message).getToken(tokId);
+=======
+                String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
+                SecurityToken tok = null;
+                if (tokId != null) {
+                    tok = NegotiationUtils.getTokenStore(message).getToken(tokId);
+                    
+                    if (tok != null && tok.isExpired()) {
+                        message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
+                        message.getExchange().remove(SecurityConstants.TOKEN_ID);
+                        NegotiationUtils.getTokenStore(message).remove(tokId);
+                        tok = null;
+>>>>>>> 5b53eba... Merged revisions 1456878 via  git cherry-pick from
                     }
                 }
-                if (tok == null || !tok.isExpired()) {
+                
+                if (tok == null) {
                     tok = issueToken(message, aim);
                 }
                 if (tok != null) {



Mime
View raw message