cxf git commit: Supporting a case where the token introspection response does not contain the issuedAt property, patch from fjollberg applied, This closes #130

Tue, 19 Apr 2016 02:59:37 -0700 

Repository: cxf
Updated Branches:
  refs/heads/master 27824e144 -> 66606fed2


Supporting a case where the token introspection response does not contain the 
issuedAt property, patch from fjollberg applied, This closes #130


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/66606fed
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/66606fed
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/66606fed

Branch: refs/heads/master
Commit: 66606fed2b8566799b23c85943357f7d68a45062
Parents: 27824e1
Author: Sergey Beryozkin <[email protected]>
Authored: Tue Apr 19 10:56:58 2016 +0100
Committer: Sergey Beryozkin <[email protected]>
Committed: Tue Apr 19 10:58:22 2016 +0100

----------------------------------------------------------------------
 .../security/oauth2/filters/AccessTokenIntrospectionClient.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/66606fed/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
index 679aafa..39ddcfe 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
@@ -19,6 +19,7 @@
 package org.apache.cxf.rs.security.oauth2.filters;
 
 import java.util.Collections;
+import java.util.Date;
 import java.util.LinkedList;
 import java.util.List;
 
@@ -68,9 +69,11 @@ public class AccessTokenIntrospectionClient implements 
AccessTokenValidator {
         }
         if (response.getIat() != null) {
             atv.setTokenIssuedAt(response.getIat());
+        } else {
+            atv.setTokenIssuedAt(new Date().getTime());
         }
         if (response.getExp() != null) {
-            atv.setTokenLifetime(response.getExp() - response.getIat());
+            atv.setTokenLifetime(response.getExp() - atv.getTokenIssuedAt());
         }
         if (!StringUtils.isEmpty(response.getAud())) {
             atv.setAudiences(response.getAud());

Reply via email to