Author: coheigea Date: Thu Mar 29 12:43:48 2012 New Revision: 1306812 URL: http://svn.apache.org/viewvc?rev=1306812&view=rev Log: Checking token expiry for UsernameTokens
Modified: cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java Modified: cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java?rev=1306812&r1=1306811&r2=1306812&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java (original) +++ cxf/branches/2.5.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java Thu Mar 29 12:43:48 2012 @@ -169,7 +169,8 @@ public class UsernameTokenValidator impl if (ut.getPassword() == null) { return response; } - if (secToken == null || (secToken.getAssociatedHash() != ut.hashCode())) { + if (secToken == null || secToken.isExpired() + || (secToken.getAssociatedHash() != ut.hashCode())) { Credential credential = new Credential(); credential.setUsernametoken(ut); validator.validate(credential, requestData);