cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Provide a way of disabling caching for the STS LoginModule
Date Tue, 03 Mar 2015 16:15:54 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes b098cc6e1 -> 22f0802eb


Provide a way of disabling caching for the STS LoginModule


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/22f0802e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/22f0802e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/22f0802e

Branch: refs/heads/3.0.x-fixes
Commit: 22f0802eb1755df93e7a992fa308d3d909e830f4
Parents: b098cc6
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Mar 3 16:11:41 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Mar 3 16:14:33 2015 +0000

----------------------------------------------------------------------
 .../cxf/ws/security/trust/STSLoginModule.java   | 12 +++++++
 .../ws/security/trust/STSTokenValidator.java    | 36 +++++++++++++-------
 2 files changed, 36 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/22f0802e/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java
index d141b6b..465a4c9 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java
@@ -96,6 +96,13 @@ public class STSLoginModule implements LoginModule {
     public static final String DISABLE_ON_BEHALF_OF = "disable.on.behalf.of";
     
     /**
+     * Whether to disable caching of validated credentials or not. The default is "false",
meaning that
+     * caching is enabled. However, caching only applies when token transformation takes
place, i.e. when
+     * the "require.roles" property is set to "true".
+     */
+    public static final String DISABLE_CACHING = "disable.caching";
+    
+    /**
      * The WSDL Location of the STS
      */
     public static final String WSDL_LOCATION = "wsdl.location";
@@ -146,6 +153,7 @@ public class STSLoginModule implements LoginModule {
     private CallbackHandler callbackHandler;
     private boolean requireRoles;
     private boolean disableOnBehalfOf;
+    private boolean disableCaching;
     private String wsdlLocation;
     private String serviceName;
     private String endpointName;
@@ -167,6 +175,9 @@ public class STSLoginModule implements LoginModule {
         if (options.containsKey(DISABLE_ON_BEHALF_OF)) {
             disableOnBehalfOf = Boolean.parseBoolean((String)options.get(DISABLE_ON_BEHALF_OF));
         }
+        if (options.containsKey(DISABLE_CACHING)) {
+            disableCaching = Boolean.parseBoolean((String)options.get(DISABLE_CACHING));
+        }
         if (options.containsKey(WSDL_LOCATION)) {
             wsdlLocation = (String)options.get(WSDL_LOCATION);
         }
@@ -230,6 +241,7 @@ public class STSLoginModule implements LoginModule {
         STSTokenValidator validator = new STSTokenValidator(true);
         validator.setUseIssueBinding(requireRoles);
         validator.setUseOnBehalfOf(!disableOnBehalfOf);
+        validator.setDisableCaching(!requireRoles || disableCaching);
         
         // Authenticate token
         try {

http://git-wip-us.apache.org/repos/asf/cxf/blob/22f0802e/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
index da7f06b..2a76672 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
@@ -59,6 +59,7 @@ public class STSTokenValidator implements Validator {
     private boolean useOnBehalfOf = true;
     private STSClient stsClient;
     private TokenStore tokenStore;
+    private boolean disableCaching;
     
     public STSTokenValidator() {
     }
@@ -105,17 +106,20 @@ public class STSTokenValidator implements Validator {
             }
             token.setToken(tokenElement);
             
-            TokenStore ts = getTokenStore(message);
-            if (ts == null) {
-                ts = tokenStore;
-            }
-            if (ts != null && hash != 0) {
-                SecurityToken transformedToken = getTransformedToken(ts, hash);
-                if (transformedToken != null && !transformedToken.isExpired()) {
-                    SamlAssertionWrapper assertion = new SamlAssertionWrapper(transformedToken.getToken());
-                    credential.setPrincipal(new SAMLTokenPrincipalImpl(assertion));
-                    credential.setTransformedToken(assertion);
-                    return credential;
+            TokenStore ts = null;
+            if (!disableCaching) {
+                ts = getTokenStore(message);
+                if (ts == null) {
+                    ts = tokenStore;
+                }
+                if (ts != null && hash != 0) {
+                    SecurityToken transformedToken = getTransformedToken(ts, hash);
+                    if (transformedToken != null && !transformedToken.isExpired())
{
+                        SamlAssertionWrapper assertion = new SamlAssertionWrapper(transformedToken.getToken());
+                        credential.setPrincipal(new SAMLTokenPrincipalImpl(assertion));
+                        credential.setTransformedToken(assertion);
+                        return credential;
+                    }
                 }
             }
             token.setTokenHash(hash);
@@ -152,7 +156,7 @@ public class STSTokenValidator implements Validator {
                     SamlAssertionWrapper assertion = new SamlAssertionWrapper(returnedToken.getToken());
                     credential.setTransformedToken(assertion);
                     credential.setPrincipal(new SAMLTokenPrincipalImpl(assertion));
-                    if (hash != 0 && ts != null) {
+                    if (!disableCaching && hash != 0 && ts != null) {
                         ts.add(returnedToken);
                         token.setTransformedTokenIdentifier(returnedToken.getId());
                         ts.add(Integer.toString(hash), token);
@@ -251,6 +255,14 @@ public class STSTokenValidator implements Validator {
         this.tokenStore = tokenStore;
     }
 
+    public boolean isDisableCaching() {
+        return disableCaching;
+    }
+
+    public void setDisableCaching(boolean disableCaching) {
+        this.disableCaching = disableCaching;
+    }
+
     private static class ElementCallbackHandler implements CallbackHandler {
         
         private final Element tokenElement;


Mime
View raw message