cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1504117 - in /cxf/trunk/services/sts/sts-core/src: main/java/org/apache/cxf/sts/token/provider/ main/java/org/apache/cxf/sts/token/renewer/ main/java/org/apache/cxf/sts/token/validator/ test/java/org/apache/cxf/sts/token/renewer/
Date Wed, 17 Jul 2013 13:21:37 GMT
Author: coheigea
Date: Wed Jul 17 13:21:37 2013
New Revision: 1504117

URL: http://svn.apache.org/r1504117
Log:
[CXF-5133] - CXF STS renewed token not itself renewable.

Modified:
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
    cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerTest.java

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java?rev=1504117&r1=1504116&r2=1504117&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
Wed Jul 17 13:21:37 2013
@@ -138,10 +138,7 @@ public class SAMLTokenProvider implement
                 securityToken.setToken(token);
                 securityToken.setPrincipal(tokenParameters.getPrincipal());
 
-                Properties props = securityToken.getProperties();
-                if (props == null) {
-                    props = new Properties();
-                }
+                Properties props = new Properties();
                 securityToken.setProperties(props);
                 if (tokenParameters.getRealm() != null) {
                     props.setProperty(STSConstants.TOKEN_REALM, tokenParameters.getRealm());

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java?rev=1504117&r1=1504116&r2=1504117&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
Wed Jul 17 13:21:37 2013
@@ -35,7 +35,6 @@ import javax.xml.ws.handler.MessageConte
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
-
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.DOMUtils;
@@ -45,6 +44,7 @@ import org.apache.cxf.sts.STSPropertiesM
 import org.apache.cxf.sts.SignatureProperties;
 import org.apache.cxf.sts.request.ReceivedToken;
 import org.apache.cxf.sts.request.ReceivedToken.STATE;
+import org.apache.cxf.sts.request.Renewing;
 import org.apache.cxf.sts.token.provider.ConditionsProvider;
 import org.apache.cxf.sts.token.provider.DefaultConditionsProvider;
 import org.apache.cxf.sts.token.realm.SAMLRealm;
@@ -212,7 +212,7 @@ public class SAMLTokenRenewer implements
             
             // Cache the token
             storeTokenInCache(
-                tokenStore, renewedAssertion, tokenParameters.getPrincipal(), tokenParameters.getRealm()
+                tokenStore, renewedAssertion, tokenParameters.getPrincipal(), tokenParameters
             );
             
             response.setToken(token);
@@ -556,7 +556,7 @@ public class SAMLTokenRenewer implements
         TokenStore tokenStore, 
         SamlAssertionWrapper assertion, 
         Principal principal,
-        String tokenRealm
+        TokenRenewerParameters tokenParameters
     ) throws WSSecurityException {
         // Store the successfully renewed token in the cache
         byte[] signatureValue = assertion.getSignatureValue();
@@ -572,11 +572,29 @@ public class SAMLTokenRenewer implements
             securityToken.setToken(assertion.getElement());
             securityToken.setPrincipal(principal);
             
+            Properties props = new Properties();
+            String tokenRealm = tokenParameters.getRealm();
             if (tokenRealm != null) {
-                Properties props = new Properties();
                 props.setProperty(STSConstants.TOKEN_REALM, tokenRealm);
-                securityToken.setProperties(props);
             }
+            
+            // Handle Renewing logic
+            Renewing renewing = tokenParameters.getTokenRequirements().getRenewing();
+            if (renewing != null) {
+                props.put(
+                    STSConstants.TOKEN_RENEWING_ALLOW, 
+                    String.valueOf(renewing.isAllowRenewing())
+                );
+                props.put(
+                    STSConstants.TOKEN_RENEWING_ALLOW_AFTER_EXPIRY, 
+                    String.valueOf(renewing.isAllowRenewingAfterExpiry())
+                );
+            } else {
+                props.setProperty(STSConstants.TOKEN_RENEWING_ALLOW, "true");
+                props.setProperty(STSConstants.TOKEN_RENEWING_ALLOW_AFTER_EXPIRY, "false");
+            }
+            
+            securityToken.setProperties(props);
 
             int hash = Arrays.hashCode(signatureValue);
             securityToken.setTokenHash(hash);

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java?rev=1504117&r1=1504116&r2=1504117&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
Wed Jul 17 13:21:37 2013
@@ -215,7 +215,7 @@ public class SAMLTokenValidator implemen
                     Properties props = secToken.getProperties();
                     if (props != null) {
                         String cachedRealm = props.getProperty(STSConstants.TOKEN_REALM);
-                        if (!tokenRealm.equals(cachedRealm)) {
+                        if (cachedRealm != null && !tokenRealm.equals(cachedRealm))
{
                             return response;
                         }
                     }

Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerTest.java?rev=1504117&r1=1504116&r2=1504117&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerTest.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerTest.java
Wed Jul 17 13:21:37 2013
@@ -135,6 +135,17 @@ public class SAMLTokenRenewerTest extend
         assertTrue(validatorResponse != null);
         assertTrue(validatorResponse.getToken() != null);
         assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
+        
+        // Now try to renew it again!
+        renewerParameters.setToken(validatorResponse.getToken());
+        
+        samlTokenRenewer = new SAMLTokenRenewer();
+        samlTokenRenewer.setVerifyProofOfPossession(false);
+        assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken()));
+        
+        renewerResponse = samlTokenRenewer.renewToken(renewerParameters);
+        assertTrue(renewerResponse != null);
+        assertTrue(renewerResponse.getToken() != null);
     }
     
     /**



Mime
View raw message