Author: coheigea
Date: Tue Jan 22 11:15:18 2013
New Revision: 1436836
URL: http://svn.apache.org/viewvc?rev=1436836&view=rev
Log:
[FEDIZ-47] - OnBehalfOf Token does not expire in the IdP
Modified:
cxf/fediz/trunk/pom.xml
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java
Modified: cxf/fediz/trunk/pom.xml
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/pom.xml?rev=1436836&r1=1436835&r2=1436836&view=diff
==============================================================================
--- cxf/fediz/trunk/pom.xml (original)
+++ cxf/fediz/trunk/pom.xml Tue Jan 22 11:15:18 2013
@@ -34,7 +34,7 @@
<properties>
<commons.lang.version>3.0.1</commons.lang.version>
<commons.logging.version>1.1.1</commons.logging.version>
- <cxf.version>2.7.2</cxf.version>
+ <cxf.version>2.7.3-SNAPSHOT</cxf.version>
<cxf.build-utils.version>2.5.0</cxf.build-utils.version>
<ehcache.version>2.5.1</ehcache.version>
<httpclient.version>4.2.2</httpclient.version>
Modified:
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java?rev=1436836&r1=1436835&r2=1436836&view=diff
==============================================================================
---
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
(original)
+++
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
Tue Jan 22 11:15:18 2013
@@ -19,28 +19,16 @@
package org.apache.cxf.fediz.service.idp;
import java.io.StringWriter;
-import java.security.cert.X509Certificate;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
-import org.w3c.dom.Element;
-
import org.apache.cxf.Bus;
-import org.apache.cxf.binding.soap.SoapBindingConstants;
-import org.apache.cxf.helpers.DOMUtils;
-import org.apache.cxf.service.model.BindingOperationInfo;
-import org.apache.cxf.staxutils.StaxUtils;
-import org.apache.cxf.staxutils.W3CDOMStreamWriter;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.trust.STSClient;
-import org.apache.cxf.ws.security.trust.STSUtils;
-import org.apache.ws.security.components.crypto.Crypto;
-
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -66,123 +54,13 @@ public class IdpSTSClient extends STSCli
public String requestSecurityTokenResponse(String appliesTo, String action,
String requestType, SecurityToken target) throws Exception {
- createClient();
- BindingOperationInfo boi = findOperation("/RST/Issue");
-
- client.getRequestContext().putAll(ctx);
- if (action != null) {
- client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION,
- action);
- } else {
- client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION,
- namespace + "/RST/Issue");
- }
-
- W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
- writer.writeStartElement("wst", "RequestSecurityToken", namespace);
- writer.writeNamespace("wst", namespace);
- if (context != null) {
- writer.writeAttribute(null, "Context", context);
- }
-
- boolean wroteKeySize = false;
- String keyTypeTemplate = null;
- String sptt = null;
-
- if (template != null) {
- if (this.useSecondaryParameters()) {
- writer.writeStartElement("wst", "SecondaryParameters",
- namespace);
- }
-
- Element tl = DOMUtils.getFirstElement(template);
- while (tl != null) {
- StaxUtils.copy(tl, writer);
- if ("KeyType".equals(tl.getLocalName())) {
- keyTypeTemplate = DOMUtils.getContent(tl);
- } else if ("KeySize".equals(tl.getLocalName())) {
- wroteKeySize = true;
- keySize = Integer.parseInt(DOMUtils.getContent(tl));
- } else if ("TokenType".equals(tl.getLocalName())) {
- sptt = DOMUtils.getContent(tl);
- }
- tl = DOMUtils.getNextElement(tl);
- }
-
- if (this.useSecondaryParameters()) {
- writer.writeEndElement();
- }
- }
-
- addRequestType(requestType, writer);
- if (enableAppliesTo) {
- addAppliesTo(writer, appliesTo);
- }
-
- addClaims(writer);
-
- Element onBehalfOfToken = getOnBehalfOfToken();
- if (onBehalfOfToken != null) {
- writer.writeStartElement("wst", "OnBehalfOf", namespace);
- StaxUtils.copy(onBehalfOfToken, writer);
- writer.writeEndElement();
- }
- if (sptt == null) {
- addTokenType(writer);
- }
- if (isSecureConv || enableLifetime) {
- addLifetime(writer);
- }
- if (keyTypeTemplate == null) {
- keyTypeTemplate = writeKeyType(writer, keyType);
- }
-
- byte[] requestorEntropy = null;
- X509Certificate cert = null;
- Crypto crypto = null;
-
- if (keySize <= 0) {
- keySize = 256;
- }
- if (keyTypeTemplate != null &&
keyTypeTemplate.endsWith("SymmetricKey")) {
- requestorEntropy = writeElementsForRSTSymmetricKey(writer,
- wroteKeySize);
- } else if (keyTypeTemplate != null
- && keyTypeTemplate.endsWith("PublicKey")) {
- crypto = createCrypto(false);
- cert = getCert(crypto);
- writeElementsForRSTPublicKey(writer, cert);
- }
-
- if (target != null) {
- writer.writeStartElement("wst", "RenewTarget", namespace);
- Element el = target.getUnattachedReference();
- if (el == null) {
- el = target.getAttachedReference();
- }
- StaxUtils.copy(el, writer);
- writer.writeEndElement();
- }
-
- Element actAsSecurityToken = getActAsToken();
- if (actAsSecurityToken != null) {
- writer.writeStartElement(STSUtils.WST_NS_08_02, "ActAs");
- StaxUtils.copy(actAsSecurityToken, writer);
- writer.writeEndElement();
- }
-
- writer.writeEndElement();
-
- Object obj[] = client.invoke(boi, new DOMSource(writer.getDocument()
- .getDocumentElement()));
-
- DOMSource rstr = (DOMSource) obj[0];
+ STSResponse response = issue(appliesTo, null, "/Issue", null);
StringWriter sw = new StringWriter();
try {
Transformer t = TransformerFactory.newInstance().newTransformer();
t.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
- t.transform(rstr, new StreamResult(sw));
+ t.transform(response.getResponse(), new StreamResult(sw));
} catch (TransformerException te) {
LOG.warn("nodeToString Transformer Exception");
}
Modified:
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java?rev=1436836&r1=1436835&r2=1436836&view=diff
==============================================================================
---
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java
(original)
+++
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java
Tue Jan 22 11:15:18 2013
@@ -201,7 +201,14 @@ public class STSClientFilter extends Abs
if (context.get(tokenStoreName) != null) {
LOG.info("Security token '" + tokenStoreName + "' already
created.");
- return;
+ Object token = context.get(tokenStoreName);
+ if ((token instanceof SecurityToken)
+ && ((SecurityToken)token).isExpired()) {
+ LOG.info("Security token '" + tokenStoreName + "' has
expired.");
+ context.remove(tokenStoreName);
+ } else {
+ return;
+ }
}
Bus cxfBus = getBus();
