Return-Path: 
 <commits-return-25479-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-commits-archive@www.apache.org
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 0ED39EFFE
	for <apmail-cxf-commits-archive@www.apache.org>;
 Fri, 15 Mar 2013 11:01:55 +0000 (UTC)
Received: (qmail 85539 invoked by uid 500); 15 Mar 2013 11:01:54 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 85411 invoked by uid 500); 15 Mar 2013 11:01:53 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 85390 invoked by uid 99); 15 Mar 2013 11:01:53 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 15 Mar 2013 11:01:53 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 15 Mar 2013 11:01:52 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
	by eris.apache.org (Postfix) with ESMTP id 41B172388962;
	Fri, 15 Mar 2013 10:59:47 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1456888 -
 /cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/
Date: Fri, 15 Mar 2013 10:59:47 -0000
To: commits@cxf.apache.org
From: coheigea@apache.org
X-Mailer: svnmailer-1.0.8-patched
Message-Id: <20130315105947.41B172388962@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: coheigea
Date: Fri Mar 15 10:59:46 2013
New Revision: 1456888

URL: http://svn.apache.org/r1456888
Log:
Merged revisions 1456878 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/branches/2.7.x-fixes

........
  r1456878 | coheigea | 2013-03-15 10:45:58 +0000 (Fri, 15 Mar 2013) | 10 lines

  Merged revisions 1456876 via  git cherry-pick from
  https://svn.apache.org/repos/asf/cxf/trunk

  ........
    r1456876 | coheigea | 2013-03-15 10:42:25 +0000 (Fri, 15 Mar 2013) | 2 lines

    Remove expired tokens from cache + always retrieve a new token for the Kerberos case

  ........

........

Modified:
    cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
    cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
    cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
    cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java

Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=1456888&r1=1456887&r2=1456888&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java (original)
+++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java Fri Mar 15 10:59:46 2013
@@ -367,6 +367,13 @@ public class IssuedTokenInterceptorProvi
                 return tok;
             }
             
+            // Remove token from cache
+            message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN);
+            message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
+            message.getExchange().remove(SecurityConstants.TOKEN_ID);
+            message.getExchange().remove(SecurityConstants.TOKEN);
+            NegotiationUtils.getTokenStore(message).remove(tok.getId());
+            
             // If the user has explicitly disabled Renewing then we can't renew a token,
             // so just get a new one
             STSClient client = STSUtils.getClient(message, "sts", itok);

Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java?rev=1456888&r1=1456887&r2=1456888&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java (original)
+++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java Fri Mar 15 10:59:46 2013
@@ -108,21 +108,15 @@ public class KerberosTokenInterceptorPro
                 }
                 if (isRequestor(message)) {
                     SecurityToken tok = null;
-                    String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
-                    if (tokId != null) {
-                        tok = getTokenStore(message).getToken(tokId);
-                    }
-                    if (tok == null) {
-                        try {
-                            KerberosClient client = KerberosUtils.getClient(message, "kerberos");
-                            synchronized (client) {
-                                tok = client.requestSecurityToken();
-                            }
-                        } catch (RuntimeException e) {
-                            throw e;
-                        } catch (Exception e) {
-                            throw new Fault(e);
+                    try {
+                        KerberosClient client = KerberosUtils.getClient(message, "kerberos");
+                        synchronized (client) {
+                            tok = client.requestSecurityToken();
                         }
+                    } catch (RuntimeException e) {
+                        throw e;
+                    } catch (Exception e) {
+                        throw new Fault(e);
                     }
                     if (tok != null) {
                         for (AssertionInfo ai : ais) {

Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java?rev=1456888&r1=1456887&r2=1456888&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java (original)
+++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java Fri Mar 15 10:59:46 2013
@@ -99,6 +99,14 @@ class SecureConversationOutInterceptor e
             return tok;
         }
         
+        
+        // Remove the old token
+        message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN);
+        message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
+        message.getExchange().remove(SecurityConstants.TOKEN_ID);
+        message.getExchange().remove(SecurityConstants.TOKEN);
+        NegotiationUtils.getTokenStore(message).remove(tok.getId());
+        
         STSClient client = STSUtils.getClient(message, "sct");
         AddressingProperties maps =
             (AddressingProperties)message

Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java?rev=1456888&r1=1456887&r2=1456888&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java (original)
+++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java Fri Mar 15 10:59:46 2013
@@ -60,8 +60,16 @@ class SpnegoContextTokenOutInterceptor e
                 SecurityToken tok = null;
                 if (tokId != null) {
                     tok = NegotiationUtils.getTokenStore(message).getToken(tokId);
+                    
+                    if (tok != null && tok.isExpired()) {
+                        message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
+                        message.getExchange().remove(SecurityConstants.TOKEN_ID);
+                        NegotiationUtils.getTokenStore(message).remove(tokId);
+                        tok = null;
+                    }
                 }
-                if (tok == null || !tok.isExpired()) {
+                
+                if (tok == null) {
                     tok = issueToken(message, aim);
                 }
                 if (tok != null) {