Author: coheigea
Date: Wed Feb 27 22:18:52 2013
New Revision: 1451001
URL: http://svn.apache.org/r1451001
Log:
Merged revisions 1450977 via git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1450977 | coheigea | 2013-02-27 13:36:06 -0800 (Wed, 27 Feb 2013) | 2 lines
Adding ability to configure UsernameToken TTL
........
Modified:
cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
Modified:
cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1451001&r1=1451000&r2=1451001&view=diff
==============================================================================
---
cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
(original)
+++
cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Wed Feb 27 22:18:52 2013
@@ -200,6 +200,19 @@ public final class SecurityConstants {
public static final String TIMESTAMP_FUTURE_TTL =
"ws-security.timestamp.futureTimeToLive";
/**
+ * The time in seconds to append to the Creation value of an incoming
UsernameToken to determine
+ * whether to accept the UsernameToken as valid or not. The default value
is 300 seconds (5 minutes).
+ */
+ public static final String USERNAMETOKEN_TTL =
"ws-security.usernametoken.timeToLive";
+
+ /**
+ * The time in seconds in the future within which the Created time of an
incoming
+ * UsernameToken is valid. The default value is "60", to avoid problems
where clocks are
+ * slightly askew. To reject all future-created UsernameTokens, set this
value to "0".
+ */
+ public static final String USERNAMETOKEN_FUTURE_TTL =
"ws-security.usernametoken.futureTimeToLive";
+
+ /**
* The attribute URI of the SAML AttributeStatement where the role
information is stored.
* The default is
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";.
*/
Modified:
cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=1451001&r1=1451000&r2=1451001&view=diff
==============================================================================
---
cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
(original)
+++
cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
Wed Feb 27 22:18:52 2013
@@ -173,6 +173,18 @@ public abstract class AbstractWSS4JInter
if (ttl != null) {
msg.setContextualProperty(WSHandlerConstants.TTL_TIMESTAMP, ttl);
}
+
+ String utFutureTTL =
+
(String)msg.getContextualProperty(SecurityConstants.USERNAMETOKEN_FUTURE_TTL);
+ if (utFutureTTL != null) {
+
msg.setContextualProperty(WSHandlerConstants.TTL_FUTURE_USERNAMETOKEN,
utFutureTTL);
+ }
+ String utTTL =
+
(String)msg.getContextualProperty(SecurityConstants.USERNAMETOKEN_TTL);
+ if (utTTL != null) {
+ msg.setContextualProperty(WSHandlerConstants.TTL_USERNAMETOKEN,
utTTL);
+ }
+
String certConstraints =
(String)msg.getContextualProperty(SecurityConstants.SUBJECT_CERT_CONSTRAINTS);
if (certConstraints != null) {
