You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2014/02/05 11:12:44 UTC
svn commit: r1564697 - in /cxf/fediz/trunk/plugins/core/src:
main/java/org/apache/cxf/fediz/core/
main/java/org/apache/cxf/fediz/core/config/
test/java/org/apache/cxf/fediz/core/config/
Author: coheigea
Date: Wed Feb 5 10:12:44 2014
New Revision: 1564697
URL: http://svn.apache.org/r1564697
Log:
Using WSS4J's ReplayCache interface instead
Removed:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/EHCacheTokenReplayCache.java
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/EHCacheUtil.java
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/InMemoryTokenReplayCache.java
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java?rev=1564697&r1=1564696&r2=1564697&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java (original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java Wed Feb 5 10:12:44 2014
@@ -220,7 +220,7 @@ public class FederationProcessorImpl imp
&& config.isDetectReplayedTokens()) {
// Check whether token has already been processed once, prevent
// replay attack
- if (config.getTokenReplayCache().getId(validatorResponse.getUniqueTokenId()) == null) {
+ if (!config.getTokenReplayCache().contains(validatorResponse.getUniqueTokenId())) {
// not cached
Date expires = null;
if (lifeTime != null && lifeTime.getExpires() != null) {
@@ -231,9 +231,9 @@ public class FederationProcessorImpl imp
if (expires != null) {
Date currentTime = new Date();
long ttl = expires.getTime() - currentTime.getTime();
- config.getTokenReplayCache().putId(validatorResponse.getUniqueTokenId(), ttl / 1000L);
+ config.getTokenReplayCache().add(validatorResponse.getUniqueTokenId(), ttl / 1000L);
} else {
- config.getTokenReplayCache().putId(validatorResponse.getUniqueTokenId());
+ config.getTokenReplayCache().add(validatorResponse.getUniqueTokenId());
}
} else {
LOG.error("Replay attack with token id: " + validatorResponse.getUniqueTokenId());
Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java?rev=1564697&r1=1564696&r2=1564697&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java (original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java Wed Feb 5 10:12:44 2014
@@ -32,8 +32,6 @@ import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
-import org.apache.cxf.fediz.core.EHCacheTokenReplayCache;
-import org.apache.cxf.fediz.core.TokenReplayCache;
import org.apache.cxf.fediz.core.config.jaxb.CertificateStores;
import org.apache.cxf.fediz.core.config.jaxb.ContextConfig;
import org.apache.cxf.fediz.core.config.jaxb.FederationProtocolType;
@@ -44,6 +42,8 @@ import org.apache.cxf.fediz.core.config.
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType;
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuers;
import org.apache.cxf.fediz.core.exception.IllegalConfigurationException;
+import org.apache.wss4j.common.cache.ReplayCache;
+import org.apache.wss4j.common.cache.ReplayCacheFactory;
import org.apache.wss4j.common.crypto.CertificateStore;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
@@ -64,7 +64,7 @@ public class FederationContext implement
private boolean detectExpiredTokens = true;
private boolean detectReplayedTokens = true;
private String relativePath;
- private TokenReplayCache<String> replayCache;
+ private ReplayCache replayCache;
private FederationProtocol protocol;
private List<TrustManager> certificateStores;
private KeyManager keyManager;
@@ -198,25 +198,25 @@ public class FederationContext implement
}
- @SuppressWarnings("unchecked")
- public TokenReplayCache<String> getTokenReplayCache() {
+ public ReplayCache getTokenReplayCache() {
if (replayCache != null) {
return replayCache;
}
String replayCacheString = config.getTokenReplayCache();
String cacheKey = CACHE_KEY_PREFIX + "-" + config.getName();
+ ReplayCacheFactory replayCacheFactory = ReplayCacheFactory.newInstance();
if (replayCacheString == null || "".equals(replayCacheString)) {
- replayCache = new EHCacheTokenReplayCache(cacheKey);
+ replayCache = replayCacheFactory.newReplayCache(cacheKey, "fediz-ehcache.xml");
} else {
try {
Class<?> replayCacheClass = Loader.loadClass(replayCacheString);
- replayCache = (TokenReplayCache<String>) replayCacheClass.newInstance();
+ replayCache = (ReplayCache) replayCacheClass.newInstance();
} catch (ClassNotFoundException e) {
- replayCache = new EHCacheTokenReplayCache(cacheKey);
+ replayCache = replayCacheFactory.newReplayCache(cacheKey, "fediz-ehcache.xml");
} catch (InstantiationException e) {
- replayCache = new EHCacheTokenReplayCache(cacheKey);
+ replayCache = replayCacheFactory.newReplayCache(cacheKey, "fediz-ehcache.xml");
} catch (IllegalAccessException e) {
- replayCache = new EHCacheTokenReplayCache(cacheKey);
+ replayCache = replayCacheFactory.newReplayCache(cacheKey, "fediz-ehcache.xml");
}
}
return replayCache;
Modified: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java?rev=1564697&r1=1564696&r2=1564697&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java (original)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java Wed Feb 5 10:12:44 2014
@@ -29,9 +29,6 @@ import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import org.apache.cxf.fediz.common.SecurityTestUtil;
-import org.apache.cxf.fediz.core.EHCacheTokenReplayCache;
-import org.apache.cxf.fediz.core.InMemoryTokenReplayCache;
-import org.apache.cxf.fediz.core.TokenReplayCache;
import org.apache.cxf.fediz.core.config.jaxb.ArgumentType;
import org.apache.cxf.fediz.core.config.jaxb.AudienceUris;
import org.apache.cxf.fediz.core.config.jaxb.CallbackType;
@@ -46,6 +43,9 @@ import org.apache.cxf.fediz.core.config.
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType;
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuers;
import org.apache.cxf.fediz.core.config.jaxb.ValidationType;
+import org.apache.wss4j.common.cache.EHCacheReplayCache;
+import org.apache.wss4j.common.cache.MemoryReplayCache;
+import org.apache.wss4j.common.cache.ReplayCache;
import org.junit.AfterClass;
import org.junit.Assert;
@@ -275,27 +275,27 @@ public class FedizConfigurationTest {
FedizConfig config = createConfiguration();
// Test the default TokenReplayCache
- TokenReplayCache<String> defaultReplayCache = parseConfigAndReturnTokenReplayCache(config);
+ ReplayCache defaultReplayCache = parseConfigAndReturnTokenReplayCache(config);
Assert.assertNotNull(defaultReplayCache);
- Assert.assertTrue(defaultReplayCache instanceof EHCacheTokenReplayCache);
+ Assert.assertTrue(defaultReplayCache instanceof EHCacheReplayCache);
// Now test setting another TokenReplayCache
ContextConfig contextConfig = config.getContextConfig().get(0);
- contextConfig.setTokenReplayCache("org.apache.cxf.fediz.core.InMemoryTokenReplayCache");
+ contextConfig.setTokenReplayCache("org.apache.wss4j.common.cache.MemoryReplayCache");
- TokenReplayCache<String> newReplayCache = parseConfigAndReturnTokenReplayCache(config);
+ ReplayCache newReplayCache = parseConfigAndReturnTokenReplayCache(config);
Assert.assertNotNull(newReplayCache);
- Assert.assertTrue(newReplayCache instanceof InMemoryTokenReplayCache);
+ Assert.assertTrue(newReplayCache instanceof MemoryReplayCache);
// Now test setting another TokenReplayCache
- contextConfig.setTokenReplayCache("org.apache.cxf.fediz.core.EHCacheTokenReplayCache");
+ contextConfig.setTokenReplayCache("org.apache.wss4j.common.cache.EHCacheReplayCache");
newReplayCache = parseConfigAndReturnTokenReplayCache(config);
Assert.assertNotNull(newReplayCache);
- Assert.assertTrue(newReplayCache instanceof EHCacheTokenReplayCache);
+ Assert.assertTrue(newReplayCache instanceof EHCacheReplayCache);
}
- private TokenReplayCache<String> parseConfigAndReturnTokenReplayCache(FedizConfig config)
+ private ReplayCache parseConfigAndReturnTokenReplayCache(FedizConfig config)
throws JAXBException {
final JAXBContext jaxbContext = JAXBContext.newInstance(FedizConfig.class);