cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Fallback to issue if renew fails for SecureConversation
Date Tue, 08 Jul 2014 10:38:29 GMT
Repository: cxf
Updated Branches:
  refs/heads/master f4ce90b50 -> f5684767d


Fallback to issue if renew fails for SecureConversation


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f5684767
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f5684767
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f5684767

Branch: refs/heads/master
Commit: f5684767d04676304063edecacf8d72896f1524c
Parents: f4ce90b
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Jul 8 11:38:01 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Jul 8 11:38:01 2014 +0100

----------------------------------------------------------------------
 .../SecureConversationOutInterceptor.java       | 36 +++++++++++++++++---
 1 file changed, 32 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/f5684767/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
index 4f1f0bb..2b377e6 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
@@ -21,11 +21,15 @@ package org.apache.cxf.ws.security.policy.interceptors;
 
 import java.util.Collection;
 import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
 
 import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
 import org.apache.cxf.ws.addressing.AddressingProperties;
@@ -42,9 +46,13 @@ import org.apache.wss4j.policy.model.Trust10;
 import org.apache.wss4j.policy.model.Trust13;
 
 class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMessage>
{
+    
+    private static final Logger LOG = LogUtils.getL7dLogger(SecureConversationOutInterceptor.class);
+    
     public SecureConversationOutInterceptor() {
         super(Phase.PREPARE_SEND);
     }
+    
     public void handleMessage(SoapMessage message) throws Fault {
         AssertionInfoMap aim = message.get(AssertionInfoMap.class);
         // extract Assertion information
@@ -133,10 +141,30 @@ class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMess
                     client.setAddressingNamespace(maps.getNamespaceURI());
                 }
                 return client.renewSecurityToken(tok);
-            } catch (RuntimeException e) {
-                throw e;
-            } catch (Exception e) {
-                throw new Fault(e);
+            } catch (RuntimeException ex) {
+                LOG.log(Level.WARNING, "Error renewing a token", ex);
+                boolean issueAfterFailedRenew = 
+                    MessageUtils.getContextualBoolean(
+                        message, SecurityConstants.STS_ISSUE_AFTER_FAILED_RENEW, true
+                    );
+                if (issueAfterFailedRenew) {
+                    // Perhaps the STS does not support renewing, so try to issue a new token
+                    return issueToken(message, aim, itok);
+                } else {
+                    throw ex;
+                }
+            } catch (Exception ex) {
+                LOG.log(Level.WARNING, "Error renewing a token", ex);
+                boolean issueAfterFailedRenew = 
+                    MessageUtils.getContextualBoolean(
+                        message, SecurityConstants.STS_ISSUE_AFTER_FAILED_RENEW, true
+                    );
+                if (issueAfterFailedRenew) {
+                    // Perhaps the STS does not support renewing, so try to issue a new token
+                    return issueToken(message, aim, itok);
+                } else {
+                    throw new Fault(ex);
+                }
             } finally {
                 client.setTrust((Trust10)null);
                 client.setTrust((Trust13)null);


Mime
View raw message