Author: coheigea
Date: Thu Mar 29 12:43:48 2012
New Revision: 1306812
URL: http://svn.apache.org/viewvc?rev=1306812&view=rev
Log:
Checking token expiry for UsernameTokens
Modified:
cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
Modified:
cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java?rev=1306812&r1=1306811&r2=1306812&view=diff
==============================================================================
---
cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
(original)
+++
cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
Thu Mar 29 12:43:48 2012
@@ -169,7 +169,8 @@ public class UsernameTokenValidator impl
if (ut.getPassword() == null) {
return response;
}
- if (secToken == null || (secToken.getAssociatedHash() !=
ut.hashCode())) {
+ if (secToken == null || secToken.isExpired()
+ || (secToken.getAssociatedHash() != ut.hashCode())) {
Credential credential = new Credential();
credential.setUsernametoken(ut);
validator.validate(credential, requestData);
