Hi Colm,
I think the old expired token needs to be removed from the cache.
so instead of
- if (tok == null) {
+ if (tok == null || !tok.isExpired()) {
shouldn't we have something like?
if (tokId != null) {
tok =
NegotiationUtils.getTokenStore(message).getToken(tokId);
+ if (tok != null && tok.isExpired()) {
+
message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
+
message.getExchange().remove(SecurityConstants.TOKEN_ID);
+
NegotiationUtils.getTokenStore(message).remove(tok.getId());
+ tok = null;
+ }
}
if (tok == null) {
tok = issueToken(message, aim);
regards, aki
2013/3/13 <[email protected]>:
> Author: coheigea
> Date: Wed Mar 13 10:09:32 2013
> New Revision: 1455859
>
> URL: http://svn.apache.org/r1455859
> Log:
> Get a new SPNEGO token on expiry
>
> Modified:
>
> cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
>
> Modified:
> cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
> URL:
> http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java?rev=1455859&r1=1455858&r2=1455859&view=diff
> ==============================================================================
> ---
> cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
> (original)
> +++
> cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
> Wed Mar 13 10:09:32 2013
> @@ -61,7 +61,7 @@ class SpnegoContextTokenOutInterceptor e
> if (tokId != null) {
> tok =
> NegotiationUtils.getTokenStore(message).getToken(tokId);
> }
> - if (tok == null) {
> + if (tok == null || !tok.isExpired()) {
> tok = issueToken(message, aim);
> }
> if (tok != null) {
>
>
