cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Don't cache issued tokens on the service side
Date Thu, 27 Feb 2014 12:22:14 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 30fb5ca09 -> 3889d046a


Don't cache issued tokens on the service side


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3889d046
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3889d046
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3889d046

Branch: refs/heads/master
Commit: 3889d046ace523adf2e22a0020cc95adbaac560c
Parents: 30fb5ca
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Feb 27 12:21:42 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Feb 27 12:22:06 2014 +0000

----------------------------------------------------------------------
 .../IssuedTokenInterceptorProvider.java         |  9 +++----
 .../policy/interceptors/STSInvoker.java         |  2 +-
 .../policyhandlers/AbstractBindingBuilder.java  | 26 +++++++++++---------
 .../AbstractCommonBindingHandler.java           |  6 +----
 .../AsymmetricBindingHandler.java               |  2 +-
 5 files changed, 20 insertions(+), 25 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/3889d046/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
index a72c72a..42746ba 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
@@ -540,6 +540,7 @@ public class IssuedTokenInterceptorProvider extends AbstractPolicyInterceptorPro
                 assertIssuedToken(itok, aim);
                 
                 if (!isRequestor(message)) {
+                    message.getExchange().remove(SecurityConstants.TOKEN);
                     List<WSHandlerResult> results = 
                         CastUtils.cast((List<?>)message.get(WSHandlerConstants.RECV_RESULTS));
                     if (results != null && results.size() > 0) {
@@ -566,9 +567,7 @@ public class IssuedTokenInterceptorProvider extends AbstractPolicyInterceptorPro
                 boolean valid = issuedValidator.validatePolicy(issuedAis, assertionWrapper);
                 if (valid) {
                     SecurityToken token = createSecurityToken(assertionWrapper);
-                    WSS4JUtils.getTokenStore(message).add(token);
-                    message.getExchange().remove(SecurityConstants.TOKEN);
-                    message.getExchange().put(SecurityConstants.TOKEN_ID, token.getId());
+                    message.getExchange().put(SecurityConstants.TOKEN, token);
                     return;
                 }
             }
@@ -576,9 +575,7 @@ public class IssuedTokenInterceptorProvider extends AbstractPolicyInterceptorPro
                 boolean valid = issuedValidator.validatePolicy(issuedAis, binarySecurityToken);
                 if (valid) {
                     SecurityToken token = createSecurityToken(binarySecurityToken);
-                    WSS4JUtils.getTokenStore(message).add(token);
-                    message.getExchange().remove(SecurityConstants.TOKEN);
-                    message.getExchange().put(SecurityConstants.TOKEN_ID, token.getId());
+                    message.getExchange().put(SecurityConstants.TOKEN, token);
                     return;
                 }
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/3889d046/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
index c443b67..f5f2c77 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
@@ -162,7 +162,7 @@ abstract class STSInvoker implements Invoker {
                 .getProperty(TokenStore.class.getName());
         store.remove(cancelToken.getId());
         // Put the token on the out message so that we can sign the response
-        exchange.getEndpoint().put(SecurityConstants.TOKEN, cancelToken);
+        exchange.put(SecurityConstants.TOKEN, cancelToken);
         writer.writeEmptyElement(prefix, "RequestedTokenCancelled", namespace);
         
         writer.writeEndElement();

http://git-wip-us.apache.org/repos/asf/cxf/blob/3889d046/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 12e4732..e1a1061 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -796,18 +796,20 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         //
         Object o = message.getContextualProperty(SecurityConstants.SAML_CALLBACK_HANDLER);
     
-        if (o == null && message.getContextualProperty(SecurityConstants.TOKEN) !=
null) {
-            SecurityToken securityToken = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
-            Element tokenElement = (Element)securityToken.getToken();
-            String namespace = tokenElement.getNamespaceURI();
-            String localname = tokenElement.getLocalName();
-            SamlTokenType tokenType = token.getSamlTokenType();
-            if ((tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11)
-                && WSConstants.SAML_NS.equals(namespace) && "Assertion".equals(localname))
{
-                return new SamlAssertionWrapper(tokenElement);
-            } else if (tokenType == SamlTokenType.WssSamlV20Token11
-                && WSConstants.SAML2_NS.equals(namespace) && "Assertion".equals(localname))
{
-                return new SamlAssertionWrapper(tokenElement);
+        if (o == null) {
+            SecurityToken securityToken = getSecurityToken();
+            if (securityToken != null) {
+                Element tokenElement = (Element)securityToken.getToken();
+                String namespace = tokenElement.getNamespaceURI();
+                String localname = tokenElement.getLocalName();
+                SamlTokenType tokenType = token.getSamlTokenType();
+                if ((tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11)
+                    && WSConstants.SAML_NS.equals(namespace) && "Assertion".equals(localname))
{
+                    return new SamlAssertionWrapper(tokenElement);
+                } else if (tokenType == SamlTokenType.WssSamlV20Token11
+                    && WSConstants.SAML2_NS.equals(namespace) && "Assertion".equals(localname))
{
+                    return new SamlAssertionWrapper(tokenElement);
+                }
             }
         }
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/3889d046/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
index c60b3a5..a8cf858 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
@@ -498,11 +498,7 @@ public abstract class AbstractCommonBindingHandler {
                 st = WSS4JUtils.getTokenStore(message).getToken(id);
             }
         }
-        if (st != null) {
-            WSS4JUtils.getTokenStore(message).add(st);
-            return st;
-        }
-        return null;
+        return st;
     }
     
     protected Collection<Assertion> findAndAssertPolicy(QName n) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/3889d046/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 2aadbb3..3b275cf 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -819,7 +819,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
                     }
                     
                     getTokenStore().add(tempTok);
-                    message.setContextualProperty(SecurityConstants.TOKEN, tempTok);
+                    message.setContextualProperty(SecurityConstants.TOKEN_ID, tempTok.getId());
                     
                     return id;
                 }


Mime
View raw message