You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2009/03/10 21:16:23 UTC
svn commit: r752238 - in
/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security:
policy/interceptors/SecureConversationInInterceptor.java
tokenstore/MemoryTokenStore.java tokenstore/TokenStore.java
Author: dkulp
Date: Tue Mar 10 20:16:22 2009
New Revision: 752238
URL: http://svn.apache.org/viewvc?rev=752238&view=rev
Log:
Make sure expired and cancelled tokens get cleaned up.
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=752238&r1=752237&r2=752238&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java Tue Mar 10 20:16:22 2009
@@ -124,9 +124,7 @@
Object s = message.getContextualProperty(SecurityConstants.STS_TOKEN_DO_CANCEL);
if (s != null && (Boolean.TRUE.equals(s) || "true".equalsIgnoreCase(s.toString()))) {
- SecureConversationToken tok = (SecureConversationToken)ais.iterator()
- .next().getAssertion();
- doCancel(message, aim, tok);
+ message.getInterceptorChain().add(SecureConversationCancelInterceptor.INSTANCE);
}
return;
}
@@ -210,50 +208,6 @@
}
}
}
- private void doCancel(SoapMessage message, AssertionInfoMap aim, SecureConversationToken itok) {
- Message m2 = message.getExchange().getOutMessage();
-
- SecurityToken tok = (SecurityToken)m2.getContextualProperty(SecurityConstants.TOKEN);
- if (tok == null) {
- String tokId = (String)m2.getContextualProperty(SecurityConstants.TOKEN_ID);
- if (tokId != null) {
- tok = SecureConversationTokenInterceptorProvider
- .getTokenStore(m2).getToken(tokId);
- }
- }
-
- STSClient client = SecureConversationTokenInterceptorProvider.getClient(m2);
- AddressingProperties maps =
- (AddressingProperties)message
- .get("javax.xml.ws.addressing.context.inbound");
- if (maps == null) {
- maps = (AddressingProperties)m2
- .get("javax.xml.ws.addressing.context");
- }
-
- synchronized (client) {
- try {
- SecureConversationTokenInterceptorProvider
- .setupClient(client, message, aim, itok, true);
-
- if (maps != null) {
- client.setAddressingNamespace(maps.getNamespaceURI());
- }
- client.cancelSecurityToken(tok);
- } catch (RuntimeException e) {
- throw e;
- } catch (Exception e) {
- throw new Fault(e);
- } finally {
- client.setTrust((Trust10)null);
- client.setTrust((Trust13)null);
- client.setTemplate(null);
- client.setLocation(null);
- client.setAddressingNamespace(null);
- }
- }
-
- }
private void recalcEffectivePolicy(SoapMessage message,
String namespace,
Policy policy) {
@@ -530,6 +484,83 @@
}
}
}
+
+ static class SecureConversationCancelInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
+ static final SecureConversationCancelInterceptor INSTANCE = new SecureConversationCancelInterceptor();
+
+ public SecureConversationCancelInterceptor() {
+ super(Phase.POST_LOGICAL);
+ }
+
+ public void handleMessage(SoapMessage message) throws Fault {
+ // TODO Auto-generated method stub
+
+ AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+ // extract Assertion information
+ if (aim == null) {
+ return;
+ }
+ Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN);
+ if (ais == null || ais.isEmpty()) {
+ return;
+ }
+
+ SecureConversationToken tok = (SecureConversationToken)ais.iterator()
+ .next().getAssertion();
+ doCancel(message, aim, tok);
+
+ }
+ private void doCancel(SoapMessage message, AssertionInfoMap aim, SecureConversationToken itok) {
+ Message m2 = message.getExchange().getOutMessage();
+
+ SecurityToken tok = (SecurityToken)m2.getContextualProperty(SecurityConstants.TOKEN);
+ if (tok == null) {
+ String tokId = (String)m2.getContextualProperty(SecurityConstants.TOKEN_ID);
+ if (tokId != null) {
+ tok = SecureConversationTokenInterceptorProvider
+ .getTokenStore(m2).getToken(tokId);
+ }
+ }
+
+ STSClient client = SecureConversationTokenInterceptorProvider.getClient(m2);
+ AddressingProperties maps =
+ (AddressingProperties)message
+ .get("javax.xml.ws.addressing.context.inbound");
+ if (maps == null) {
+ maps = (AddressingProperties)m2
+ .get("javax.xml.ws.addressing.context");
+ }
+
+ synchronized (client) {
+ try {
+ SecureConversationTokenInterceptorProvider
+ .setupClient(client, message, aim, itok, true);
+
+ if (maps != null) {
+ client.setAddressingNamespace(maps.getNamespaceURI());
+ }
+
+ client.cancelSecurityToken(tok);
+ SecureConversationTokenInterceptorProvider
+ .getTokenStore(m2).remove(tok);
+ } catch (RuntimeException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new Fault(e);
+ } finally {
+ client.setTrust((Trust10)null);
+ client.setTrust((Trust13)null);
+ client.setTemplate(null);
+ client.setLocation(null);
+ client.setAddressingNamespace(null);
+ }
+ }
+
+ }
+
+
+ }
+
}
\ No newline at end of file
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java?rev=752238&r1=752237&r2=752238&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java Tue Mar 10 20:16:22 2009
@@ -27,12 +27,14 @@
import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken.State;
/**
*
*/
public class MemoryTokenStore implements TokenStore {
-
+ boolean autoRemove = true;
+
Map<String, SecurityToken> tokens = new ConcurrentHashMap<String, SecurityToken>();
/** {@inheritDoc}*/
@@ -44,7 +46,18 @@
/** {@inheritDoc}*/
public void update(SecurityToken token) {
- add(token);
+ if (autoRemove
+ && (token.getState() == State.EXPIRED
+ || token.getState() == State.CANCELLED)) {
+ remove(token);
+ } else {
+ add(token);
+ }
+ }
+ public void remove(SecurityToken token) {
+ if (token != null && !StringUtils.isEmpty(token.getId())) {
+ tokens.remove(token.getId());
+ }
}
public Collection<SecurityToken> getCancelledTokens() {
@@ -57,6 +70,7 @@
return getTokens(SecurityToken.State.RENEWED);
}
public Collection<String> getTokenIdentifiers() {
+ processTokenExpiry();
return tokens.keySet();
}
@@ -94,14 +108,43 @@
}
protected void processTokenExpiry() {
+ long time = System.currentTimeMillis();
for (SecurityToken token : tokens.values()) {
- if (token.getExpires() != null
- && token.getExpires().getTimeInMillis() < System.currentTimeMillis()) {
+ if (token.getState() == State.EXPIRED
+ || token.getState() == State.CANCELLED) {
+ if (autoRemove) {
+ remove(token);
+ }
+ } else if (token.getExpires() != null
+ && token.getExpires().getTimeInMillis() < time) {
token.setState(SecurityToken.State.EXPIRED);
+ if (autoRemove) {
+ remove(token);
+ }
}
}
}
-
+
+ public void removeCancelledTokens() {
+ for (SecurityToken token : tokens.values()) {
+ if (token.getState() == State.CANCELLED) {
+ remove(token);
+ }
+ }
+ }
+
+ public void removeExpiredTokens() {
+ processTokenExpiry();
+ for (SecurityToken token : tokens.values()) {
+ if (token.getState() == State.EXPIRED) {
+ remove(token);
+ }
+ }
+ }
+
+ public void setAutoRemoveTokens(boolean auto) {
+ autoRemove = auto;
+ }
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java?rev=752238&r1=752237&r2=752238&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java Tue Mar 10 20:16:22 2009
@@ -39,6 +39,11 @@
void update(SecurityToken token);
/**
+ * Remove an existing token.
+ */
+ void remove(SecurityToken token);
+
+ /**
* Return the list of all token identifiers.
* @return As array of token identifiers
*/
@@ -76,4 +81,25 @@
* @return The requested <code>Token</code> identified by the give id
*/
SecurityToken getToken(String id);
+
+
+
+ /**
+ * Removes all expired tokens.
+ */
+ void removeExpiredTokens();
+
+ /**
+ * Removes all cancelled tokens.
+ */
+ void removeCancelledTokens();
+
+ /**
+ * Controls whether the store will automatically remove cancelled and expired
+ * tokens. If true, calls to getCancelledTokens() and getExpiredTokens()
+ * will never return value;
+ * @param auto
+ */
+ void setAutoRemoveTokens(boolean auto);
+
}