Return-Path: 
 <dev-return-13297-apmail-cxf-dev-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-dev-archive@www.apache.org
Delivered-To: apmail-cxf-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 5D71797D5
	for <apmail-cxf-dev-archive@www.apache.org>;
 Thu, 14 Mar 2013 13:25:42 +0000 (UTC)
Received: (qmail 11041 invoked by uid 500); 14 Mar 2013 13:25:42 -0000
Delivered-To: apmail-cxf-dev-archive@cxf.apache.org
Received: (qmail 10707 invoked by uid 500); 14 Mar 2013 13:25:37 -0000
Mailing-List: contact dev-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@cxf.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@cxf.apache.org>
List-Post: <mailto:dev@cxf.apache.org>
List-Id: <dev.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list dev@cxf.apache.org
Received: (qmail 10675 invoked by uid 99); 14 Mar 2013 13:25:36 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 14 Mar 2013 13:25:36 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of elakito@gmail.com designates
 209.85.160.53 as permitted sender)
Received: from [209.85.160.53] (HELO mail-pb0-f53.google.com) (209.85.160.53)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 14 Mar 2013 13:25:31 +0000
Received: by mail-pb0-f53.google.com with SMTP id un1so2211699pbc.12
        for <dev@cxf.apache.org>; Thu, 14 Mar 2013 06:25:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:x-received:in-reply-to:references:date:message-id
         :subject:from:to:cc:content-type;
        bh=jku4sGsxJj4WdplO0i6wi0u+d7nGnM2an2SflMsR3zk=;
        b=OTsHSc529HB21WDimyZ95X5Owx3gxNwg9sltTDC91p+IoTCAg1+dmJe0hAddikQhYr
         o7VbFCg/HmlyPk2/Rs4aPZWaRm4qkC64KvJNXZapHf/8j3QsV+J8v5W/M/yLwX/vlcxI
         d6d/V4ZoAgyLgrZu8QzI6fxAbc8c66RQEwPXdzHcMtY1jcgi/115b2ktLe58PYvzab1c
         6h1FKZkZn7huQ0mvZ1WT//ML3V/wmAN/TGC+ZIvYt/exg985Mf41vMW5q3H5OErbpJaq
         xb45uESB6br9jUwB+UBJK7eAO4reoQ+0Ya4sZC0BHc6zqUd3MZ5xDIzFRmNk6A0B58i6
         +F8g==
MIME-Version: 1.0
X-Received: by 10.68.224.196 with SMTP id re4mr5026757pbc.0.1363267509936;
 Thu, 14 Mar 2013 06:25:09 -0700 (PDT)
Received: by 10.68.239.36 with HTTP; Thu, 14 Mar 2013 06:25:09 -0700 (PDT)
In-Reply-To: <20130313100933.1513B2388993@eris.apache.org>
References: <20130313100933.1513B2388993@eris.apache.org>
Date: Thu, 14 Mar 2013 14:25:09 +0100
Message-ID: 
 <CAF8t5Xt+ZUzfTR9cFt+3HbLaq7W5AZ9OsvqDAgQ9Xp2X1T2OgA@mail.gmail.com>
Subject: Re: svn commit: r1455859 -
 /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
From: Aki Yoshida <elakito@gmail.com>
To: dev@cxf.apache.org
Cc: Colm O hEigeartaigh <coheigea@apache.org>
Content-Type: text/plain; charset=ISO-8859-1
X-Virus-Checked: Checked by ClamAV on apache.org

Hi Colm,

I think the old expired token needs to be removed from the cache.

so instead of
-                if (tok == null) {
+                if (tok == null || !tok.isExpired()) {

shouldn't we have something like?

                 if (tokId != null) {
                     tok =
NegotiationUtils.getTokenStore(message).getToken(tokId);
+                    if (tok != null && tok.isExpired()) {
+
message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
+
message.getExchange().remove(SecurityConstants.TOKEN_ID);
+
NegotiationUtils.getTokenStore(message).remove(tok.getId());
+                        tok = null;
+                    }
                 }
                 if (tok == null) {
                     tok = issueToken(message, aim);

regards, aki



2013/3/13  <coheigea@apache.org>:
> Author: coheigea
> Date: Wed Mar 13 10:09:32 2013
> New Revision: 1455859
>
> URL: http://svn.apache.org/r1455859
> Log:
> Get a new SPNEGO token on expiry
>
> Modified:
>     cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
>
> Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
> URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java?rev=1455859&r1=1455858&r2=1455859&view=diff
> ==============================================================================
> --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java (original)
> +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java Wed Mar 13 10:09:32 2013
> @@ -61,7 +61,7 @@ class SpnegoContextTokenOutInterceptor e
>                  if (tokId != null) {
>                      tok = NegotiationUtils.getTokenStore(message).getToken(tokId);
>                  }
> -                if (tok == null) {
> +                if (tok == null || !tok.isExpired()) {
>                      tok = issueToken(message, aim);
>                  }
>                  if (tok != null) {
>
>