You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2012/04/10 18:21:14 UTC
svn commit: r1311834 - in
/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security:
policy/interceptors/ wss4j/policyhandlers/
Author: coheigea
Date: Tue Apr 10 16:21:13 2012
New Revision: 1311834
URL: http://svn.apache.org/viewvc?rev=1311834&view=rev
Log:
Tidied up how security tokens are stored on the request context
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=1311834&r1=1311833&r2=1311834&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java Tue Apr 10 16:21:13 2012
@@ -252,20 +252,14 @@ public class IssuedTokenInterceptorProvi
);
SecurityToken tok = null;
if (cacheIssuedToken) {
- tok = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
- if (tok == null) {
- String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
- if (tokId != null) {
- tok = getTokenStore(message).getToken(tokId);
- }
+ String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
+ if (tokId != null) {
+ tok = getTokenStore(message).getToken(tokId);
}
} else {
- tok = (SecurityToken)message.get(SecurityConstants.TOKEN);
- if (tok == null) {
- String tokId = (String)message.get(SecurityConstants.TOKEN_ID);
- if (tokId != null) {
- tok = getTokenStore(message).getToken(tokId);
- }
+ String tokId = (String)message.get(SecurityConstants.TOKEN_ID);
+ if (tokId != null) {
+ tok = getTokenStore(message).getToken(tokId);
}
}
return tok;
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java?rev=1311834&r1=1311833&r2=1311834&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java Tue Apr 10 16:21:13 2012
@@ -108,12 +108,10 @@ public class KerberosTokenInterceptorPro
return;
}
if (isRequestor(message)) {
- SecurityToken tok = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
- if (tok == null) {
- String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
- if (tokId != null) {
- tok = getTokenStore(message).getToken(tokId);
- }
+ SecurityToken tok = null;
+ String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
+ if (tokId != null) {
+ tok = getTokenStore(message).getToken(tokId);
}
if (tok == null) {
try {
@@ -193,7 +191,8 @@ public class KerberosTokenInterceptorPro
if (valid) {
SecurityToken token = createSecurityToken(kerberosToken);
token.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_SECRET));
- message.getExchange().put(SecurityConstants.TOKEN, token);
+ getTokenStore(message).add(token);
+ message.getExchange().put(SecurityConstants.TOKEN_ID, token.getId());
return;
}
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=1311834&r1=1311833&r2=1311834&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java Tue Apr 10 16:21:13 2012
@@ -373,6 +373,7 @@ class SecureConversationInInterceptor ex
client.cancelSecurityToken(tok);
NegotiationUtils.getTokenStore(m2).remove(tok.getId());
+ m2.setContextualProperty(SecurityConstants.TOKEN, null);
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java?rev=1311834&r1=1311833&r2=1311834&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java Tue Apr 10 16:21:13 2012
@@ -56,12 +56,10 @@ class SpnegoContextTokenOutInterceptor e
return;
}
if (isRequestor(message)) {
- SecurityToken tok = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
- if (tok == null) {
- String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
- if (tokId != null) {
- tok = NegotiationUtils.getTokenStore(message).getToken(tokId);
- }
+ String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
+ SecurityToken tok = null;
+ if (tokId != null) {
+ tok = NegotiationUtils.getTokenStore(message).getToken(tokId);
}
if (tok == null) {
tok = issueToken(message, aim);
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1311834&r1=1311833&r2=1311834&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Tue Apr 10 16:21:13 2012
@@ -630,14 +630,17 @@ public abstract class AbstractBindingBui
protected SecurityToken getSecurityToken() {
SecurityToken st = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
- if (st == null) {
+ if (st == null || st.isExpired()) {
String id = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
if (id != null) {
st = getTokenStore().getToken(id);
}
}
- getTokenStore().add(st);
- return st;
+ if (st != null && !st.isExpired()) {
+ getTokenStore().add(st);
+ return st;
+ }
+ return null;
}
protected void addSignatureParts(Map<Token, Object> tokenMap,
@@ -966,7 +969,7 @@ public abstract class AbstractBindingBui
}
secToken.setToken(assertion.getElement());
getTokenStore().add(secToken);
- message.setContextualProperty(SecurityConstants.TOKEN, secToken);
+ message.setContextualProperty(SecurityConstants.TOKEN_ID, secToken.getId());
}
protected String findIDFromSamlToken(Element samlToken) {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1311834&r1=1311833&r2=1311834&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java Tue Apr 10 16:21:13 2012
@@ -311,7 +311,7 @@ public class TransportBindingHandler ext
new SecurityToken(id, usernameToken.getUsernameTokenElement(), created, expires);
tempTok.setSecret(secret);
getTokenStore().add(tempTok);
- message.setContextualProperty(SecurityConstants.TOKEN, tempTok);
+ message.setContextualProperty(SecurityConstants.TOKEN_ID, tempTok.getId());
addSig(
signatureValues,