You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cxf.apache.org by se...@apache.org on 2016/04/19 11:57:27 UTC

cxf git commit: Supporting a case where the token introspection response does not contain the issuedAt property, patch from fjollberg applied, This closes #130

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 2f8817860 -> 7e5efb29a


Supporting a case where the token introspection response does not contain the issuedAt property, patch from fjollberg applied, This closes #130


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7e5efb29
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7e5efb29
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7e5efb29

Branch: refs/heads/3.1.x-fixes
Commit: 7e5efb29ad3e00eb42eb46836d7c3f00d3071d7b
Parents: 2f88178
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Tue Apr 19 10:56:58 2016 +0100
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Tue Apr 19 10:56:58 2016 +0100

----------------------------------------------------------------------
 .../security/oauth2/filters/AccessTokenIntrospectionClient.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/7e5efb29/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
index 679aafa..39ddcfe 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
@@ -19,6 +19,7 @@
 package org.apache.cxf.rs.security.oauth2.filters;
 
 import java.util.Collections;
+import java.util.Date;
 import java.util.LinkedList;
 import java.util.List;
 
@@ -68,9 +69,11 @@ public class AccessTokenIntrospectionClient implements AccessTokenValidator {
         }
         if (response.getIat() != null) {
             atv.setTokenIssuedAt(response.getIat());
+        } else {
+            atv.setTokenIssuedAt(new Date().getTime());
         }
         if (response.getExp() != null) {
-            atv.setTokenLifetime(response.getExp() - response.getIat());
+            atv.setTokenLifetime(response.getExp() - atv.getTokenIssuedAt());
         }
         if (!StringUtils.isEmpty(response.getAud())) {
             atv.setAudiences(response.getAud());