Author: coheigea
Date: Thu Mar 15 15:20:32 2012
New Revision: 1301040
URL: http://svn.apache.org/viewvc?rev=1301040&view=rev
Log:
Some updates relating to caching security tokens in the STS
Conflicts:
services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SCTRenewer.java
services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
Modified:
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java
cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
Modified:
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java?rev=1301040&r1=1301039&r2=1301040&view=diff
==============================================================================
---
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
(original)
+++
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
Thu Mar 15 15:20:32 2012
@@ -369,6 +369,23 @@ public class SecurityToken implements Se
public Date getExpires() {
return expires;
}
+
+ /**
+ * Return whether this SecurityToken is expired or not
+ */
+ public boolean isExpired() {
+ if (state == State.EXPIRED) {
+ return true;
+ }
+ if (expires != null) {
+ Date rightNow = new Date();
+ if (expires.before(rightNow)) {
+ state = State.EXPIRED;
+ return true;
+ }
+ }
+ return false;
+ }
/**
* @param expires The expires to set.
Modified:
cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java?rev=1301040&r1=1301039&r2=1301040&view=diff
==============================================================================
---
cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
(original)
+++
cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
Thu Mar 15 15:20:32 2012
@@ -21,6 +21,7 @@ package org.apache.cxf.sts.token.provide
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -125,7 +126,11 @@ public class SAMLTokenProvider implement
// set the token in cache
if (tokenParameters.getTokenStore() != null) {
- SecurityToken securityToken = new
SecurityToken(assertion.getId());
+ Date expires = new Date();
+ long currentTime = expires.getTime();
+ expires.setTime(currentTime +
(conditionsProvider.getLifetime() * 1000L));
+
+ SecurityToken securityToken = new
SecurityToken(assertion.getId(), null, expires);
securityToken.setToken(token);
securityToken.setPrincipal(tokenParameters.getPrincipal());
int hash = 0;
@@ -142,8 +147,8 @@ public class SAMLTokenProvider implement
props.setProperty(STSConstants.TOKEN_REALM,
tokenParameters.getRealm());
securityToken.setProperties(props);
}
- Integer timeToLive = (int)(conditionsProvider.getLifetime() *
1000);
- tokenParameters.getTokenStore().add(securityToken, timeToLive);
+ int ttl = (int)conditionsProvider.getLifetime();
+ tokenParameters.getTokenStore().add(securityToken, ttl);
}
TokenProviderResponse response = new TokenProviderResponse();
Modified:
cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java?rev=1301040&r1=1301039&r2=1301040&view=diff
==============================================================================
---
cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java
(original)
+++
cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java
Thu Mar 15 15:20:32 2012
@@ -19,6 +19,7 @@
package org.apache.cxf.sts.token.provider;
+import java.util.Date;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -130,7 +131,14 @@ public class SCTProvider implements Toke
response.setComputedKey(keyHandler.isComputedKey());
// putting the secret key into the cache
- SecurityToken token = new SecurityToken(sct.getIdentifier());
+ Date expires = null;
+ if (lifetime > 0) {
+ expires = new Date();
+ long currentTime = expires.getTime();
+ expires.setTime(currentTime + (lifetime * 1000L));
+ }
+
+ SecurityToken token = new SecurityToken(sct.getIdentifier(), null,
expires);
token.setSecret(keyHandler.getSecret());
token.setPrincipal(tokenParameters.getPrincipal());
if (tokenParameters.getRealm() != null) {
@@ -147,7 +155,7 @@ public class SCTProvider implements Toke
} else {
tokenParameters.getTokenStore().add(token);
}
-
+
// Create the references
TokenReference attachedReference = new TokenReference();
attachedReference.setIdentifier(sct.getID());
Modified:
cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java?rev=1301040&r1=1301039&r2=1301040&view=diff
==============================================================================
---
cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
(original)
+++
cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
Thu Mar 15 15:20:32 2012
@@ -151,6 +151,11 @@ public class SAMLTokenValidator implemen
secToken =
tokenParameters.getTokenStore().getTokenByAssociatedHash(hash);
}
}
+ if (secToken != null && secToken.isExpired()) {
+ LOG.fine("Token: " + secToken.getId() + " is in the cache but
expired - revalidating");
+ secToken = null;
+ }
+
if (secToken == null) {
if (!assertion.isSigned()) {
LOG.log(Level.WARNING, "The received assertion is not
signed, and therefore not trusted");
Modified:
cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java?rev=1301040&r1=1301039&r2=1301040&view=diff
==============================================================================
---
cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
(original)
+++
cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
Thu Mar 15 15:20:32 2012
@@ -107,7 +107,11 @@ public class SCTValidator implements Tok
LOG.fine("Identifier: " + identifier + " is not found in
the cache");
return response;
}
- byte[] secret = (byte[])token.getSecret();
+ if (token.isExpired()) {
+ LOG.fine("Token: " + identifier + " is in the cache but
expired");
+ return response;
+ }
+ byte[] secret = token.getSecret();
Map<String, Object> properties = new HashMap<String, Object>();
properties.put(SCT_VALIDATOR_SECRET, secret);
response.setAdditionalProperties(properties);
