cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbernha...@apache.org
Subject [2/5] cxf-fediz git commit: Websphere Plugin improving Token Expires handling
Date Thu, 23 Apr 2015 11:26:53 GMT
Websphere Plugin improving Token Expires handling


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/3ae95b5b
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/3ae95b5b
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/3ae95b5b

Branch: refs/heads/master
Commit: 3ae95b5b02ac82cb0a8fc8dff56d123af3573be7
Parents: 608b6e9
Author: Jan Bernhardt <jbernhardt@talend.com>
Authored: Tue Apr 21 21:08:41 2015 +0200
Committer: Jan Bernhardt <jbernhardt@talend.com>
Committed: Thu Apr 23 12:11:00 2015 +0200

----------------------------------------------------------------------
 plugins/websphere/pom.xml                       |  1 -
 .../cxf/fediz/was/tai/FedizInterceptor.java     | 25 ++++++++++++++------
 2 files changed, 18 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3ae95b5b/plugins/websphere/pom.xml
----------------------------------------------------------------------
diff --git a/plugins/websphere/pom.xml b/plugins/websphere/pom.xml
index 18e1d80..ed24799 100644
--- a/plugins/websphere/pom.xml
+++ b/plugins/websphere/pom.xml
@@ -141,7 +141,6 @@
 			<plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-assembly-plugin</artifactId>
-                <version>2.2.1</version>
                 <executions>
                     <execution>
                         <id>zip-file</id>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3ae95b5b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
----------------------------------------------------------------------
diff --git a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
index 1858369..b7e4292 100644
--- a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
+++ b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
@@ -22,6 +22,7 @@ import java.io.File;
 import java.io.IOException;
 import java.rmi.RemoteException;
 import java.util.ArrayList;
+import java.util.Date;
 import java.util.Hashtable;
 import java.util.List;
 import java.util.Map;
@@ -260,8 +261,6 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
                 return isTargetInterceptor;
             }
 
-            // TODO enable/disable SAML lifetime checks
-
             // User not authenticated
             LOG.debug("User is not yet authenticated. Fediz TAI Interceptor will be invoked");
             isTargetInterceptor = true;
@@ -355,7 +354,7 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
                 return taiResult;
             }
 
-            LOG.info("No Subject found in existing session. Redirecting to IDP");
+            LOG.info("No valid principal found in existing session. Redirecting to IDP");
             redirectToIdp(req, resp, fedCtx);
             return TAIResult.create(HttpServletResponse.SC_FOUND);
 
@@ -427,12 +426,24 @@ public class FedizInterceptor implements TrustAssociationInterceptor
{
         }
     }
 
-    protected boolean checkSecurityToken(FedizResponse response) {
-        if (response == null) {
+    protected boolean checkSecurityToken(FedizResponse wfRes) {
+        if (wfRes == null) {
             return false;
         }
-        long currentTime = System.currentTimeMillis();
-        return response.getTokenExpires().getTime() > currentTime;
+
+        Date tokenExpires = wfRes.getTokenExpires();
+        if (tokenExpires == null) {
+            LOG.debug("Token doesn't expire");
+            return true;
+        }
+
+        Date currentTime = new Date();
+        if (!currentTime.after(tokenExpires)) {
+            return true;
+        } else {
+            LOG.warn("Token already expired since {}", tokenExpires);
+        }
+        return false;
     }
 
     protected List<String> groupIdsFromTokenRoles(FedizResponse federationResponse)
{


Mime
View raw message