You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ws.apache.org by co...@apache.org on 2012/03/12 15:32:31 UTC

svn commit: r1299687 - /webservices/wss4j/trunk/src/main/java/org/apache/ws/security/cache/MemoryReplayCache.java

Author: coheigea
Date: Mon Mar 12 14:32:31 2012
New Revision: 1299687

URL: http://svn.apache.org/viewvc?rev=1299687&view=rev
Log:
Setting a maximum TTL for the MemoryReplayCache

Modified:
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/cache/MemoryReplayCache.java

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/cache/MemoryReplayCache.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/cache/MemoryReplayCache.java?rev=1299687&r1=1299686&r2=1299687&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/cache/MemoryReplayCache.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/cache/MemoryReplayCache.java Mon Mar 12 14:32:31 2012
@@ -25,11 +25,13 @@ import java.util.HashSet;
 import java.util.Set;
 
 /**
- * A simple in-memory HashSet based cache to prevent against replay attacks.
+ * A simple in-memory HashSet based cache to prevent against replay attacks. The default TTL is 5 minutes
+ * and the max TTL is 60 minutes.
  */
 public class MemoryReplayCache implements ReplayCache {
     
     public static final long DEFAULT_TTL = 60L * 5L;
+    public static final long MAX_TTL = DEFAULT_TTL * 12L;
     private Set<ReplayCacheIdentifier> cache = 
         Collections.synchronizedSet(new HashSet<ReplayCacheIdentifier>());
     
@@ -53,9 +55,14 @@ public class MemoryReplayCache implement
         ReplayCacheIdentifier cacheIdentifier = new ReplayCacheIdentifier();
         cacheIdentifier.setIdentifier(identifier);
         
+        long ttl = timeToLive;
+        if (ttl < 0 || ttl > MAX_TTL) {
+            ttl = DEFAULT_TTL;
+        }
+        
         Date expires = new Date();
         long currentTime = expires.getTime();
-        expires.setTime(currentTime + (timeToLive * 1000L));
+        expires.setTime(currentTime + (ttl * 1000L));
         cacheIdentifier.setExpiry(expires);
         
         cache.add(cacheIdentifier);