You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by jb...@apache.org on 2015/04/23 13:26:53 UTC
[2/5] cxf-fediz git commit: Websphere Plugin improving Token Expires
handling
Websphere Plugin improving Token Expires handling
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/3ae95b5b
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/3ae95b5b
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/3ae95b5b
Branch: refs/heads/master
Commit: 3ae95b5b02ac82cb0a8fc8dff56d123af3573be7
Parents: 608b6e9
Author: Jan Bernhardt <jb...@talend.com>
Authored: Tue Apr 21 21:08:41 2015 +0200
Committer: Jan Bernhardt <jb...@talend.com>
Committed: Thu Apr 23 12:11:00 2015 +0200
----------------------------------------------------------------------
plugins/websphere/pom.xml | 1 -
.../cxf/fediz/was/tai/FedizInterceptor.java | 25 ++++++++++++++------
2 files changed, 18 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3ae95b5b/plugins/websphere/pom.xml
----------------------------------------------------------------------
diff --git a/plugins/websphere/pom.xml b/plugins/websphere/pom.xml
index 18e1d80..ed24799 100644
--- a/plugins/websphere/pom.xml
+++ b/plugins/websphere/pom.xml
@@ -141,7 +141,6 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
- <version>2.2.1</version>
<executions>
<execution>
<id>zip-file</id>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3ae95b5b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
----------------------------------------------------------------------
diff --git a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
index 1858369..b7e4292 100644
--- a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
+++ b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
@@ -22,6 +22,7 @@ import java.io.File;
import java.io.IOException;
import java.rmi.RemoteException;
import java.util.ArrayList;
+import java.util.Date;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
@@ -260,8 +261,6 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
return isTargetInterceptor;
}
- // TODO enable/disable SAML lifetime checks
-
// User not authenticated
LOG.debug("User is not yet authenticated. Fediz TAI Interceptor will be invoked");
isTargetInterceptor = true;
@@ -355,7 +354,7 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
return taiResult;
}
- LOG.info("No Subject found in existing session. Redirecting to IDP");
+ LOG.info("No valid principal found in existing session. Redirecting to IDP");
redirectToIdp(req, resp, fedCtx);
return TAIResult.create(HttpServletResponse.SC_FOUND);
@@ -427,12 +426,24 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
}
}
- protected boolean checkSecurityToken(FedizResponse response) {
- if (response == null) {
+ protected boolean checkSecurityToken(FedizResponse wfRes) {
+ if (wfRes == null) {
return false;
}
- long currentTime = System.currentTimeMillis();
- return response.getTokenExpires().getTime() > currentTime;
+
+ Date tokenExpires = wfRes.getTokenExpires();
+ if (tokenExpires == null) {
+ LOG.debug("Token doesn't expire");
+ return true;
+ }
+
+ Date currentTime = new Date();
+ if (!currentTime.after(tokenExpires)) {
+ return true;
+ } else {
+ LOG.warn("Token already expired since {}", tokenExpires);
+ }
+ return false;
}
protected List<String> groupIdsFromTokenRoles(FedizResponse federationResponse) {