You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/04/19 11:57:27 UTC
cxf git commit: Supporting a case where the token introspection
response does not contain the issuedAt property, patch from fjollberg applied,
This closes #130
Repository: cxf
Updated Branches:
refs/heads/3.1.x-fixes 2f8817860 -> 7e5efb29a
Supporting a case where the token introspection response does not contain the issuedAt property, patch from fjollberg applied, This closes #130
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7e5efb29
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7e5efb29
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7e5efb29
Branch: refs/heads/3.1.x-fixes
Commit: 7e5efb29ad3e00eb42eb46836d7c3f00d3071d7b
Parents: 2f88178
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Tue Apr 19 10:56:58 2016 +0100
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Tue Apr 19 10:56:58 2016 +0100
----------------------------------------------------------------------
.../security/oauth2/filters/AccessTokenIntrospectionClient.java | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/7e5efb29/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
index 679aafa..39ddcfe 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
@@ -19,6 +19,7 @@
package org.apache.cxf.rs.security.oauth2.filters;
import java.util.Collections;
+import java.util.Date;
import java.util.LinkedList;
import java.util.List;
@@ -68,9 +69,11 @@ public class AccessTokenIntrospectionClient implements AccessTokenValidator {
}
if (response.getIat() != null) {
atv.setTokenIssuedAt(response.getIat());
+ } else {
+ atv.setTokenIssuedAt(new Date().getTime());
}
if (response.getExp() != null) {
- atv.setTokenLifetime(response.getExp() - response.getIat());
+ atv.setTokenLifetime(response.getExp() - atv.getTokenIssuedAt());
}
if (!StringUtils.isEmpty(response.getAud())) {
atv.setAudiences(response.getAud());