You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2011/06/03 17:42:59 UTC
svn commit: r1131078 - in
/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security:
tokenstore/MemoryTokenStore.java tokenstore/SecurityToken.java
tokenstore/TokenStore.java trust/STSTokenValidator.java
Author: coheigea
Date: Fri Jun 3 15:42:59 2011
New Revision: 1131078
URL: http://svn.apache.org/viewvc?rev=1131078&view=rev
Log:
[CXF-3568] - Add the ability to cache returned tokens in the STSTokenValidator
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java?rev=1131078&r1=1131077&r2=1131078&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java Fri Jun 3 15:42:59 2011
@@ -95,6 +95,18 @@ public class MemoryTokenStore implements
}
return token;
}
+
+ public SecurityToken getTokenByAssociatedHash(int hashCode) {
+ processTokenExpiry();
+
+ for (String id : tokens.keySet()) {
+ SecurityToken securityToken = tokens.get(id);
+ if (hashCode == securityToken.getAssociatedHash()) {
+ return securityToken;
+ }
+ }
+ return null;
+ }
protected Collection<SecurityToken> getTokens(SecurityToken.State state) {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java?rev=1131078&r1=1131077&r2=1131078&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java Fri Jun 3 15:42:59 2011
@@ -123,6 +123,12 @@ public class SecurityToken {
*/
private String encrKeySha1Value;
+ /**
+ * A hash code associated with this token. Note that it is not the hashcode of this
+ * token, but a hash corresponding to an association with this token. It could refer
+ * to the hash of another SecurityToken which maps to this token.
+ */
+ private int associatedHash;
/**
* The tokenType
@@ -422,5 +428,22 @@ public class SecurityToken {
public Crypto getCrypto() {
return crypto;
}
+
+ /**
+ * Set a hash code associated with this token. Note that it is not the hashcode of this
+ * token, but a hash corresponding to an association with this token.
+ * @param hash a hash code associated with this token
+ */
+ public void setAssociatedHash(int hash) {
+ associatedHash = hash;
+ }
+
+ /**
+ * Get a hash code associated with this token.
+ * @return a hash code associated with this token.
+ */
+ public int getAssociatedHash() {
+ return associatedHash;
+ }
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java?rev=1131078&r1=1131077&r2=1131078&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java Fri Jun 3 15:42:59 2011
@@ -82,7 +82,12 @@ public interface TokenStore {
*/
SecurityToken getToken(String id);
-
+ /**
+ * Returns the <code>Token</code> by the associated hash.
+ * @param hashCode
+ * @return the <code>Token</code> by the associated hash.
+ */
+ SecurityToken getTokenByAssociatedHash(int hashCode);
/**
* Removes all expired tokens.
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java?rev=1131078&r1=1131077&r2=1131078&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java Fri Jun 3 15:42:59 2011
@@ -19,12 +19,15 @@
package org.apache.cxf.ws.security.trust;
-
import java.util.List;
+import org.w3c.dom.Element;
import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.message.Message;
+import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.saml.ext.AssertionWrapper;
@@ -60,15 +63,30 @@ public class STSTokenValidator implement
public Credential validateWithSTS(Credential credential, Message message) throws WSSecurityException {
- SecurityToken token = new SecurityToken();
-
try {
+ SecurityToken token = new SecurityToken();
+ Element tokenElement = null;
+ int hash = 0;
if (credential.getAssertion() != null) {
- token.setToken(credential.getAssertion().getElement());
+ tokenElement = credential.getAssertion().getElement();
+ hash = credential.getAssertion().hashCode();
} else if (credential.getUsernametoken() != null) {
- token.setToken(credential.getUsernametoken().getElement());
+ tokenElement = credential.getUsernametoken().getElement();
+ hash = credential.getUsernametoken().hashCode();
} else if (credential.getBinarySecurityToken() != null) {
- token.setToken(credential.getBinarySecurityToken().getElement());
+ tokenElement = credential.getBinarySecurityToken().getElement();
+ hash = credential.getBinarySecurityToken().hashCode();
+ }
+ token.setToken(tokenElement);
+
+ TokenStore tokenStore = getTokenStore(message);
+ if (tokenStore != null && hash != 0) {
+ SecurityToken recoveredToken = tokenStore.getTokenByAssociatedHash(hash);
+ if (recoveredToken != null) {
+ AssertionWrapper assertion = new AssertionWrapper(recoveredToken.getToken());
+ credential.setTransformedToken(assertion);
+ return credential;
+ }
}
STSClient c = STSUtils.getClient(message, "sts");
@@ -79,6 +97,10 @@ public class STSTokenValidator implement
if (returnedToken != token) {
AssertionWrapper assertion = new AssertionWrapper(returnedToken.getToken());
credential.setTransformedToken(assertion);
+ if (hash != 0) {
+ returnedToken.setAssociatedHash(hash);
+ tokenStore.add(returnedToken);
+ }
}
return credential;
}
@@ -89,6 +111,16 @@ public class STSTokenValidator implement
}
}
+ static final TokenStore getTokenStore(Message message) {
+ TokenStore tokenStore = (TokenStore)message.getContextualProperty(TokenStore.class.getName());
+ if (tokenStore == null) {
+ tokenStore = new MemoryTokenStore();
+ message.getExchange().get(Endpoint.class).getEndpointInfo()
+ .setProperty(TokenStore.class.getName(), tokenStore);
+ }
+ return tokenStore;
+ }
+
protected boolean isValidatedLocally(Credential credential, RequestData data)
throws WSSecurityException {