You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2014/02/27 13:22:14 UTC
git commit: Don't cache issued tokens on the service side
Repository: cxf
Updated Branches:
refs/heads/master 30fb5ca09 -> 3889d046a
Don't cache issued tokens on the service side
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3889d046
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3889d046
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3889d046
Branch: refs/heads/master
Commit: 3889d046ace523adf2e22a0020cc95adbaac560c
Parents: 30fb5ca
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Feb 27 12:21:42 2014 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Feb 27 12:22:06 2014 +0000
----------------------------------------------------------------------
.../IssuedTokenInterceptorProvider.java | 9 +++----
.../policy/interceptors/STSInvoker.java | 2 +-
.../policyhandlers/AbstractBindingBuilder.java | 26 +++++++++++---------
.../AbstractCommonBindingHandler.java | 6 +----
.../AsymmetricBindingHandler.java | 2 +-
5 files changed, 20 insertions(+), 25 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/3889d046/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
index a72c72a..42746ba 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
@@ -540,6 +540,7 @@ public class IssuedTokenInterceptorProvider extends AbstractPolicyInterceptorPro
assertIssuedToken(itok, aim);
if (!isRequestor(message)) {
+ message.getExchange().remove(SecurityConstants.TOKEN);
List<WSHandlerResult> results =
CastUtils.cast((List<?>)message.get(WSHandlerConstants.RECV_RESULTS));
if (results != null && results.size() > 0) {
@@ -566,9 +567,7 @@ public class IssuedTokenInterceptorProvider extends AbstractPolicyInterceptorPro
boolean valid = issuedValidator.validatePolicy(issuedAis, assertionWrapper);
if (valid) {
SecurityToken token = createSecurityToken(assertionWrapper);
- WSS4JUtils.getTokenStore(message).add(token);
- message.getExchange().remove(SecurityConstants.TOKEN);
- message.getExchange().put(SecurityConstants.TOKEN_ID, token.getId());
+ message.getExchange().put(SecurityConstants.TOKEN, token);
return;
}
}
@@ -576,9 +575,7 @@ public class IssuedTokenInterceptorProvider extends AbstractPolicyInterceptorPro
boolean valid = issuedValidator.validatePolicy(issuedAis, binarySecurityToken);
if (valid) {
SecurityToken token = createSecurityToken(binarySecurityToken);
- WSS4JUtils.getTokenStore(message).add(token);
- message.getExchange().remove(SecurityConstants.TOKEN);
- message.getExchange().put(SecurityConstants.TOKEN_ID, token.getId());
+ message.getExchange().put(SecurityConstants.TOKEN, token);
return;
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/3889d046/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
index c443b67..f5f2c77 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
@@ -162,7 +162,7 @@ abstract class STSInvoker implements Invoker {
.getProperty(TokenStore.class.getName());
store.remove(cancelToken.getId());
// Put the token on the out message so that we can sign the response
- exchange.getEndpoint().put(SecurityConstants.TOKEN, cancelToken);
+ exchange.put(SecurityConstants.TOKEN, cancelToken);
writer.writeEmptyElement(prefix, "RequestedTokenCancelled", namespace);
writer.writeEndElement();
http://git-wip-us.apache.org/repos/asf/cxf/blob/3889d046/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 12e4732..e1a1061 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -796,18 +796,20 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
//
Object o = message.getContextualProperty(SecurityConstants.SAML_CALLBACK_HANDLER);
- if (o == null && message.getContextualProperty(SecurityConstants.TOKEN) != null) {
- SecurityToken securityToken = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
- Element tokenElement = (Element)securityToken.getToken();
- String namespace = tokenElement.getNamespaceURI();
- String localname = tokenElement.getLocalName();
- SamlTokenType tokenType = token.getSamlTokenType();
- if ((tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11)
- && WSConstants.SAML_NS.equals(namespace) && "Assertion".equals(localname)) {
- return new SamlAssertionWrapper(tokenElement);
- } else if (tokenType == SamlTokenType.WssSamlV20Token11
- && WSConstants.SAML2_NS.equals(namespace) && "Assertion".equals(localname)) {
- return new SamlAssertionWrapper(tokenElement);
+ if (o == null) {
+ SecurityToken securityToken = getSecurityToken();
+ if (securityToken != null) {
+ Element tokenElement = (Element)securityToken.getToken();
+ String namespace = tokenElement.getNamespaceURI();
+ String localname = tokenElement.getLocalName();
+ SamlTokenType tokenType = token.getSamlTokenType();
+ if ((tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11)
+ && WSConstants.SAML_NS.equals(namespace) && "Assertion".equals(localname)) {
+ return new SamlAssertionWrapper(tokenElement);
+ } else if (tokenType == SamlTokenType.WssSamlV20Token11
+ && WSConstants.SAML2_NS.equals(namespace) && "Assertion".equals(localname)) {
+ return new SamlAssertionWrapper(tokenElement);
+ }
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/3889d046/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
index c60b3a5..a8cf858 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
@@ -498,11 +498,7 @@ public abstract class AbstractCommonBindingHandler {
st = WSS4JUtils.getTokenStore(message).getToken(id);
}
}
- if (st != null) {
- WSS4JUtils.getTokenStore(message).add(st);
- return st;
- }
- return null;
+ return st;
}
protected Collection<Assertion> findAndAssertPolicy(QName n) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/3889d046/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 2aadbb3..3b275cf 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -819,7 +819,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
}
getTokenStore().add(tempTok);
- message.setContextualProperty(SecurityConstants.TOKEN, tempTok);
+ message.setContextualProperty(SecurityConstants.TOKEN_ID, tempTok.getId());
return id;
}