You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2012/04/03 15:46:00 UTC
svn commit: r1308908 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/ servic...
Author: coheigea
Date: Tue Apr 3 13:45:59 2012
New Revision: 1308908
URL: http://svn.apache.org/viewvc?rev=1308908&view=rev
Log:
[CXF-4219] - Another refactor of TokenStore. Removed AssociatedHash functionality.
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStore.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/canceller/SCTCanceller.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SCTRenewer.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/DefaultInMemoryTokenStoreTest.java
cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/HazelCastTokenStoreTest.java
cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateSCTUnitTest.java
cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SCTValidatorTest.java
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/CustomUsernameTokenProvider.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java Tue Apr 3 13:45:59 2012
@@ -160,7 +160,7 @@ abstract class STSInvoker implements Inv
TokenStore store = (TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
.getProperty(TokenStore.class.getName());
- store.remove(cancelToken);
+ store.remove(cancelToken.getId());
writer.writeEmptyElement(prefix, "RequestedTokenCancelled", namespace);
exchange.put(SecurityConstants.TOKEN, cancelToken);
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java Tue Apr 3 13:45:59 2012
@@ -372,7 +372,7 @@ class SecureConversationInInterceptor ex
}
client.cancelSecurityToken(tok);
- NegotiationUtils.getTokenStore(m2).remove(tok);
+ NegotiationUtils.getTokenStore(m2).remove(tok.getId());
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStore.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStore.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStore.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStore.java Tue Apr 3 13:45:59 2012
@@ -82,38 +82,21 @@ public class EHCacheTokenStore implement
public void add(SecurityToken token) {
if (token != null && !StringUtils.isEmpty(token.getId())) {
-
- int parsedTTL = 0;
- if (token.getExpires() != null) {
- Date expires = token.getExpires();
- Date current = new Date();
- long expiryTime = (expires.getTime() - current.getTime()) / 1000L;
-
- parsedTTL = (int)expiryTime;
- if (expiryTime != (long)parsedTTL || parsedTTL < 0 || parsedTTL > MAX_TTL) {
- // Default to configured value
- parsedTTL = (int)ttl;
- if (ttl != (long)parsedTTL) {
- // Fall back to 60 minutes if the default TTL is set incorrectly
- parsedTTL = 3600;
- }
- }
- } else {
- // Default to configured value
- parsedTTL = (int)ttl;
- if (ttl != (long)parsedTTL) {
- // Fall back to 60 minutes if the default TTL is set incorrectly
- parsedTTL = 3600;
- }
- }
-
+ int parsedTTL = getTTL(token);
cache.put(new Element(token.getId(), token, false, parsedTTL, parsedTTL));
}
}
- public void remove(SecurityToken token) {
- if (token != null && !StringUtils.isEmpty(token.getId())) {
- cache.remove(token.getId());
+ public void add(String identifier, SecurityToken token) {
+ if (token != null && !StringUtils.isEmpty(identifier)) {
+ int parsedTTL = getTTL(token);
+ cache.put(new Element(identifier, token, false, parsedTTL, parsedTTL));
+ }
+ }
+
+ public void remove(String identifier) {
+ if (!StringUtils.isEmpty(identifier) && cache.isKeyInCache(identifier)) {
+ cache.remove(identifier);
}
}
@@ -135,25 +118,39 @@ public class EHCacheTokenStore implement
return expiredTokens;
}
- public SecurityToken getToken(String id) {
- Element element = cache.get(id);
+ public SecurityToken getToken(String identifier) {
+ Element element = cache.get(identifier);
if (element != null && !cache.isExpired(element)) {
return (SecurityToken)element.getObjectValue();
}
return null;
}
-
- public SecurityToken getTokenByAssociatedHash(int hashCode) {
- @SuppressWarnings("unchecked")
- Iterator<String> ids = cache.getKeysWithExpiryCheck().iterator();
- while (ids.hasNext()) {
- Element element = cache.get(ids.next());
- SecurityToken securityToken = (SecurityToken)element.getObjectValue();
- if (hashCode == securityToken.getAssociatedHash()) {
- return securityToken;
+
+ private int getTTL(SecurityToken token) {
+ int parsedTTL = 0;
+ if (token.getExpires() != null) {
+ Date expires = token.getExpires();
+ Date current = new Date();
+ long expiryTime = (expires.getTime() - current.getTime()) / 1000L;
+
+ parsedTTL = (int)expiryTime;
+ if (expiryTime != (long)parsedTTL || parsedTTL < 0 || parsedTTL > MAX_TTL) {
+ // Default to configured value
+ parsedTTL = (int)ttl;
+ if (ttl != (long)parsedTTL) {
+ // Fall back to 60 minutes if the default TTL is set incorrectly
+ parsedTTL = 3600;
+ }
+ }
+ } else {
+ // Default to configured value
+ parsedTTL = (int)ttl;
+ if (ttl != (long)parsedTTL) {
+ // Fall back to 60 minutes if the default TTL is set incorrectly
+ parsedTTL = 3600;
}
}
- return null;
+ return parsedTTL;
}
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java Tue Apr 3 13:45:59 2012
@@ -39,29 +39,21 @@ public class MemoryTokenStore implements
public void add(SecurityToken token) {
if (token != null && !StringUtils.isEmpty(token.getId())) {
- CacheEntry cacheEntry = null;
- if (token.getExpires() == null) {
- Date expires = new Date();
- long currentTime = expires.getTime();
- expires.setTime(currentTime + (DEFAULT_TTL * 1000L));
- cacheEntry = new CacheEntry(token, expires);
- } else {
- Date expires = token.getExpires();
- Date current = new Date();
- long expiryTime = expires.getTime() - current.getTime();
- if (expiryTime < 0 || expiryTime > (MAX_TTL * 1000L)) {
- expires.setTime(current.getTime() + (DEFAULT_TTL * 1000L));
- }
- cacheEntry = new CacheEntry(token, expires);
- }
-
+ CacheEntry cacheEntry = createCacheEntry(token);
tokens.put(token.getId(), cacheEntry);
}
}
- public void remove(SecurityToken token) {
- if (token != null && !StringUtils.isEmpty(token.getId())) {
- tokens.remove(token.getId());
+ public void add(String identifier, SecurityToken token) {
+ if (token != null && !StringUtils.isEmpty(identifier)) {
+ CacheEntry cacheEntry = createCacheEntry(token);
+ tokens.put(identifier, cacheEntry);
+ }
+ }
+
+ public void remove(String identifier) {
+ if (!StringUtils.isEmpty(identifier) && tokens.containsKey(identifier)) {
+ tokens.remove(identifier);
}
}
@@ -94,21 +86,6 @@ public class MemoryTokenStore implements
return null;
}
- public SecurityToken getTokenByAssociatedHash(int hashCode) {
- processTokenExpiry();
-
- synchronized (tokens) {
- for (String id : tokens.keySet()) {
- CacheEntry cacheEntry = tokens.get(id);
- SecurityToken securityToken = cacheEntry.getSecurityToken();
- if (hashCode == securityToken.getAssociatedHash()) {
- return securityToken;
- }
- }
- }
- return null;
- }
-
protected void processTokenExpiry() {
Date current = new Date();
synchronized (tokens) {
@@ -121,6 +98,25 @@ public class MemoryTokenStore implements
}
}
+ private CacheEntry createCacheEntry(SecurityToken token) {
+ CacheEntry cacheEntry = null;
+ if (token.getExpires() == null) {
+ Date expires = new Date();
+ long currentTime = expires.getTime();
+ expires.setTime(currentTime + (DEFAULT_TTL * 1000L));
+ cacheEntry = new CacheEntry(token, expires);
+ } else {
+ Date expires = token.getExpires();
+ Date current = new Date();
+ long expiryTime = expires.getTime() - current.getTime();
+ if (expiryTime < 0 || expiryTime > (MAX_TTL * 1000L)) {
+ expires.setTime(current.getTime() + (DEFAULT_TTL * 1000L));
+ }
+ cacheEntry = new CacheEntry(token, expires);
+ }
+ return cacheEntry;
+ }
+
private static class CacheEntry {
private final SecurityToken securityToken;
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java Tue Apr 3 13:45:59 2012
@@ -61,11 +61,6 @@ public class SecurityToken implements Se
private Element token;
/**
- * The token in its previous state
- */
- private Element previousToken;
-
- /**
* The RequestedAttachedReference element
* NOTE : The oasis-200401-wss-soap-message-security-1.0 spec allows
* an extensibility mechanism for wsse:SecurityTokenReference and
@@ -116,11 +111,15 @@ public class SecurityToken implements Se
private String encrKeySha1Value;
/**
- * A hash code associated with this token. Note that it is not the hashcode of this
- * token, but a hash corresponding to an association with this token. It could refer
- * to the hash of another SecurityToken which maps to this token.
+ * A hash code associated with this token.
*/
- private int associatedHash;
+ private int tokenHash;
+
+ /**
+ * This holds the identifier of another SecurityToken which represents a transformed
+ * version of this token.
+ */
+ private String transformedTokenIdentifier;
/**
* The tokenType
@@ -234,24 +233,24 @@ public class SecurityToken implements Se
}
/**
- * @return Returns the id.
+ * Get the identifier corresponding to a transformed version of this token
*/
- public String getId() {
- return id;
+ public String getTransformedTokenIdentifier() {
+ return transformedTokenIdentifier;
}
/**
- * @return Returns the presivousToken.
+ * Set the identifier corresponding to a transformed version of this token
*/
- public Element getPreviousToken() {
- return previousToken;
+ public void setTransformedTokenIdentifier(String transformedTokenIdentifier) {
+ this.transformedTokenIdentifier = transformedTokenIdentifier;
}
-
+
/**
- * @param presivousToken The presivousToken to set.
+ * @return Returns the id.
*/
- public void setPreviousToken(Element previousToken) {
- this.previousToken = cloneElement(previousToken);
+ public String getId() {
+ return id;
}
/**
@@ -419,20 +418,19 @@ public class SecurityToken implements Se
}
/**
- * Set a hash code associated with this token. Note that it is not the hashcode of this
- * token, but a hash corresponding to an association with this token.
+ * Set a hash code associated with this token.
* @param hash a hash code associated with this token
*/
- public void setAssociatedHash(int hash) {
- associatedHash = hash;
+ public void setTokenHash(int hash) {
+ tokenHash = hash;
}
/**
* Get a hash code associated with this token.
* @return a hash code associated with this token.
*/
- public int getAssociatedHash() {
- return associatedHash;
+ public int getTokenHash() {
+ return tokenHash;
}
/**
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java Tue Apr 3 13:45:59 2012
@@ -28,15 +28,23 @@ import java.util.Collection;
public interface TokenStore {
/**
- * Add the given token to the cache.
+ * Add the given token to the cache. The SecurityTokens getId() identifier will be used to
+ * key it in the cache.
* @param token The token to be added
*/
void add(SecurityToken token);
/**
- * Remove an existing token.
+ * Add the given token to the cache under the given identifier
+ * @param identifier The identifier to use to key the SecurityToken in the cache
+ * @param token The token to be added
+ */
+ void add(String identifier, SecurityToken token);
+
+ /**
+ * Remove an existing token by its identifier
*/
- void remove(SecurityToken token);
+ void remove(String identifier);
/**
* Return the list of all valid token identifiers.
@@ -51,17 +59,10 @@ public interface TokenStore {
Collection<SecurityToken> getExpiredTokens();
/**
- * Returns the <code>Token</code> of the given id
- * @param id
- * @return The requested <code>Token</code> identified by the given id
- */
- SecurityToken getToken(String id);
-
- /**
- * Returns the <code>Token</code> by the associated hash.
- * @param hashCode
- * @return the <code>Token</code> by the associated hash.
+ * Returns the <code>Token</code> of the given identifier
+ * @param identifier
+ * @return The requested <code>Token</code> identified by the given identifier
*/
- SecurityToken getTokenByAssociatedHash(int hashCode);
+ SecurityToken getToken(String identifier);
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java Tue Apr 3 13:45:59 2012
@@ -91,13 +91,14 @@ public class STSTokenValidator implement
TokenStore tokenStore = getTokenStore(message);
if (tokenStore != null && hash != 0) {
- SecurityToken recoveredToken = tokenStore.getTokenByAssociatedHash(hash);
- if (recoveredToken != null) {
- AssertionWrapper assertion = new AssertionWrapper(recoveredToken.getToken());
+ SecurityToken transformedToken = getTransformedToken(tokenStore, hash);
+ if (transformedToken != null) {
+ AssertionWrapper assertion = new AssertionWrapper(transformedToken.getToken());
credential.setTransformedToken(assertion);
return credential;
}
}
+ token.setTokenHash(hash);
STSClient c = STSUtils.getClient(message, "sts");
synchronized (c) {
@@ -108,8 +109,9 @@ public class STSTokenValidator implement
AssertionWrapper assertion = new AssertionWrapper(returnedToken.getToken());
credential.setTransformedToken(assertion);
if (hash != 0) {
- returnedToken.setAssociatedHash(hash);
tokenStore.add(returnedToken);
+ token.setTransformedTokenIdentifier(returnedToken.getId());
+ tokenStore.add(Integer.toString(hash), token);
}
}
return credential;
@@ -157,4 +159,14 @@ public class STSTokenValidator implement
return false;
}
+ private SecurityToken getTransformedToken(TokenStore tokenStore, int hash) {
+ SecurityToken recoveredToken = tokenStore.getToken(Integer.toString(hash));
+ if (recoveredToken != null && recoveredToken.getTokenHash() == hash) {
+ String transformedTokenId = recoveredToken.getTransformedTokenIdentifier();
+ if (transformedTokenId != null) {
+ return tokenStore.getToken(transformedTokenId);
+ }
+ }
+ return null;
+ }
}
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java Tue Apr 3 13:45:59 2012
@@ -21,7 +21,6 @@ package org.apache.cxf.sts.cache;
import java.util.Collection;
import java.util.Date;
-import java.util.Iterator;
import java.util.concurrent.TimeUnit;
import com.hazelcast.core.Hazelcast;
@@ -62,37 +61,21 @@ public class HazelCastTokenStore impleme
public void add(SecurityToken token) {
if (token != null && !StringUtils.isEmpty(token.getId())) {
- int parsedTTL = 0;
- if (token.getExpires() != null) {
- Date expires = token.getExpires();
- Date current = new Date();
- long expiryTime = (expires.getTime() - current.getTime()) / 1000L;
-
- parsedTTL = (int)expiryTime;
- if (expiryTime != (long)parsedTTL || parsedTTL < 0 || parsedTTL > MAX_TTL) {
- // Default to configured value
- parsedTTL = (int)ttl;
- if (ttl != (long)parsedTTL) {
- // Fall back to 60 minutes if the default TTL is set incorrectly
- parsedTTL = 3600;
- }
- }
- } else {
- // Default to configured value
- parsedTTL = (int)ttl;
- if (ttl != (long)parsedTTL) {
- // Fall back to 60 minutes if the default TTL is set incorrectly
- parsedTTL = 3600;
- }
- }
-
+ int parsedTTL = getTTL(token);
cacheMap.put(token.getId(), token, parsedTTL, TimeUnit.SECONDS);
}
}
- public void remove(SecurityToken token) {
- if (token != null && !StringUtils.isEmpty(token.getId())) {
- cacheMap.remove(token.getId());
+ public void add(String identifier, SecurityToken token) {
+ if (token != null && !StringUtils.isEmpty(identifier)) {
+ int parsedTTL = getTTL(token);
+ cacheMap.put(identifier, token, parsedTTL, TimeUnit.SECONDS);
+ }
+ }
+
+ public void remove(String identifier) {
+ if (!StringUtils.isEmpty(identifier) && cacheMap.containsKey(identifier)) {
+ cacheMap.remove(identifier);
}
}
@@ -105,20 +88,35 @@ public class HazelCastTokenStore impleme
return null;
}
- public SecurityToken getToken(String id) {
- return (SecurityToken)cacheMap.get(id);
+ public SecurityToken getToken(String identifier) {
+ return (SecurityToken)cacheMap.get(identifier);
}
- public SecurityToken getTokenByAssociatedHash(int hashCode) {
- Iterator<Object> ids = cacheMap.keySet().iterator();
- while (ids.hasNext()) {
- SecurityToken securityToken = getToken((String)ids.next());
- if (hashCode == securityToken.getAssociatedHash()) {
- return securityToken;
+ private int getTTL(SecurityToken token) {
+ int parsedTTL = 0;
+ if (token.getExpires() != null) {
+ Date expires = token.getExpires();
+ Date current = new Date();
+ long expiryTime = (expires.getTime() - current.getTime()) / 1000L;
+
+ parsedTTL = (int)expiryTime;
+ if (expiryTime != (long)parsedTTL || parsedTTL < 0 || parsedTTL > MAX_TTL) {
+ // Default to configured value
+ parsedTTL = (int)ttl;
+ if (ttl != (long)parsedTTL) {
+ // Fall back to 60 minutes if the default TTL is set incorrectly
+ parsedTTL = 3600;
+ }
+ }
+ } else {
+ // Default to configured value
+ parsedTTL = (int)ttl;
+ if (ttl != (long)parsedTTL) {
+ // Fall back to 60 minutes if the default TTL is set incorrectly
+ parsedTTL = 3600;
}
}
- return null;
+ return parsedTTL;
}
-
}
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/canceller/SCTCanceller.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/canceller/SCTCanceller.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/canceller/SCTCanceller.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/canceller/SCTCanceller.java Tue Apr 3 13:45:59 2012
@@ -103,7 +103,7 @@ public class SCTCanceller implements Tok
STSException.INVALID_REQUEST
);
}
- tokenParameters.getTokenStore().remove(token);
+ tokenParameters.getTokenStore().remove(token.getId());
cancelTarget.setState(STATE.CANCELLED);
} catch (WSSecurityException ex) {
LOG.log(Level.WARNING, "", ex);
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java Tue Apr 3 13:45:59 2012
@@ -124,8 +124,10 @@ public class SAMLTokenProvider implement
AssertionWrapper assertion = createSamlToken(tokenParameters, secret, doc);
Element token = assertion.toDOM(doc);
- // set the token in cache
- if (tokenParameters.getTokenStore() != null) {
+ // set the token in cache (only if the token is signed)
+ byte[] signatureValue = assertion.getSignatureValue();
+ if (tokenParameters.getTokenStore() != null && signatureValue != null
+ && signatureValue.length > 0) {
Date expires = new Date();
long currentTime = expires.getTime();
expires.setTime(currentTime + (conditionsProvider.getLifetime() * 1000L));
@@ -133,12 +135,6 @@ public class SAMLTokenProvider implement
SecurityToken securityToken = new SecurityToken(assertion.getId(), null, expires);
securityToken.setToken(token);
securityToken.setPrincipal(tokenParameters.getPrincipal());
- int hash = 0;
- byte[] signatureValue = assertion.getSignatureValue();
- if (signatureValue != null && signatureValue.length > 0) {
- hash = Arrays.hashCode(signatureValue);
- securityToken.setAssociatedHash(hash);
- }
if (tokenParameters.getRealm() != null) {
Properties props = securityToken.getProperties();
if (props == null) {
@@ -147,7 +143,10 @@ public class SAMLTokenProvider implement
props.setProperty(STSConstants.TOKEN_REALM, tokenParameters.getRealm());
securityToken.setProperties(props);
}
- tokenParameters.getTokenStore().add(securityToken);
+ int hash = Arrays.hashCode(signatureValue);
+ securityToken.setTokenHash(hash);
+ String identifier = Integer.toString(hash);
+ tokenParameters.getTokenStore().add(identifier, securityToken);
}
TokenProviderResponse response = new TokenProviderResponse();
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SCTRenewer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SCTRenewer.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SCTRenewer.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SCTRenewer.java Tue Apr 3 13:45:59 2012
@@ -124,7 +124,7 @@ public class SCTRenewer implements Token
);
}
// Remove old token from the cache
- tokenParameters.getTokenStore().remove(token);
+ tokenParameters.getTokenStore().remove(token.getId());
// Create a new token corresponding to the old token
Date expires = new Date();
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java Tue Apr 3 13:45:59 2012
@@ -146,14 +146,15 @@ public class SAMLTokenValidator implemen
response.setPrincipal(samlPrincipal);
SecurityToken secToken = null;
- if (tokenParameters.getTokenStore() != null) {
- int hash = 0;
- byte[] signatureValue = assertion.getSignatureValue();
- if (signatureValue != null && signatureValue.length > 0) {
- hash = Arrays.hashCode(signatureValue);
- secToken = tokenParameters.getTokenStore().getTokenByAssociatedHash(hash);
- response.setSecurityToken(secToken);
+ byte[] signatureValue = assertion.getSignatureValue();
+ if (tokenParameters.getTokenStore() != null && signatureValue != null
+ && signatureValue.length > 0) {
+ int hash = Arrays.hashCode(signatureValue);
+ secToken = tokenParameters.getTokenStore().getToken(Integer.toString(hash));
+ if (secToken != null && secToken.getTokenHash() != hash) {
+ secToken = null;
}
+ response.setSecurityToken(secToken);
}
if (secToken != null && secToken.isExpired()) {
LOG.fine("Token: " + secToken.getId() + " is in the cache but expired - revalidating");
@@ -282,13 +283,13 @@ public class SAMLTokenValidator implemen
if (validFrom.isAfterNow()) {
LOG.log(Level.WARNING, "SAML Token condition not met");
if (secToken != null) {
- tokenStore.remove(secToken);
+ tokenStore.remove(secToken.getId());
}
return false;
} else if (validTill.isBeforeNow()) {
LOG.log(Level.WARNING, "SAML Token condition not met");
if (secToken != null) {
- tokenStore.remove(secToken);
+ tokenStore.remove(secToken.getId());
}
validateTarget.setState(STATE.EXPIRED);
return false;
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java Tue Apr 3 13:45:59 2012
@@ -131,12 +131,6 @@ public class UsernameTokenValidator impl
//
UsernameTokenType usernameTokenType = (UsernameTokenType)validateTarget.getToken();
- SecurityToken secToken = null;
- if (tokenParameters.getTokenStore() != null) {
- secToken = tokenParameters.getTokenStore().getToken(usernameTokenType.getId());
- response.setSecurityToken(secToken);
- }
-
// Marshall the received JAXB object into a DOM Element
Element usernameTokenElement = null;
try {
@@ -170,12 +164,23 @@ public class UsernameTokenValidator impl
if (ut.getPassword() == null) {
return response;
}
- if (secToken == null || secToken.isExpired()
- || (secToken.getAssociatedHash() != ut.hashCode())) {
+
+ // See if the UsernameToken is stored in the cache
+ int hash = ut.hashCode();
+ SecurityToken secToken = null;
+ if (tokenParameters.getTokenStore() != null) {
+ secToken = tokenParameters.getTokenStore().getToken(Integer.toString(hash));
+ if (secToken != null && secToken.getTokenHash() != hash) {
+ secToken = null;
+ }
+ }
+
+ if (secToken == null) {
Credential credential = new Credential();
credential.setUsernametoken(ut);
validator.validate(credential, requestData);
}
+
Principal principal =
createPrincipal(
ut.getName(), ut.getPassword(), ut.getPasswordType(), ut.getNonce(), ut.getCreated()
Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/DefaultInMemoryTokenStoreTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/DefaultInMemoryTokenStoreTest.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/DefaultInMemoryTokenStoreTest.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/DefaultInMemoryTokenStoreTest.java Tue Apr 3 13:45:59 2012
@@ -38,7 +38,7 @@ public class DefaultInMemoryTokenStoreTe
SecurityToken token = new SecurityToken(key);
store.add(token);
assertEquals(token, store.getToken(key));
- store.remove(token);
+ store.remove(token.getId());
assertNull(store.getToken(key));
}
@@ -52,10 +52,10 @@ public class DefaultInMemoryTokenStoreTe
store.add(token2);
store.add(token3);
assertTrue(store.getTokenIdentifiers().size() == 3);
- store.remove(token3);
+ store.remove(token3.getId());
assertNull(store.getToken("test3"));
- store.remove(token1);
- store.remove(token2);
+ store.remove(token1.getId());
+ store.remove(token2.getId());
assertTrue(store.getTokenIdentifiers().size() == 0);
}
}
Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/HazelCastTokenStoreTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/HazelCastTokenStoreTest.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/HazelCastTokenStoreTest.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/HazelCastTokenStoreTest.java Tue Apr 3 13:45:59 2012
@@ -39,7 +39,7 @@ public class HazelCastTokenStoreTest ext
store.add(token);
SecurityToken cachedToken = store.getToken(key);
assertEquals(token.getId(), cachedToken.getId());
- store.remove(token);
+ store.remove(token.getId());
assertNull(store.getToken(key));
}
@@ -53,10 +53,10 @@ public class HazelCastTokenStoreTest ext
store.add(token2);
store.add(token3);
assertTrue(store.getTokenIdentifiers().size() == 3);
- store.remove(token3);
+ store.remove(token3.getId());
assertNull(store.getToken("test3"));
- store.remove(token1);
- store.remove(token2);
+ store.remove(token1.getId());
+ store.remove(token2.getId());
assertTrue(store.getTokenIdentifiers().size() == 0);
}
}
Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateSCTUnitTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateSCTUnitTest.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateSCTUnitTest.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateSCTUnitTest.java Tue Apr 3 13:45:59 2012
@@ -132,7 +132,7 @@ public class ValidateSCTUnitTest extends
assertTrue(validateResponse(response));
// Now remove the token from the cache before validating again
- tokenStore.remove(tokenStore.getToken(providerResponse.getTokenId()));
+ tokenStore.remove(tokenStore.getToken(providerResponse.getTokenId()).getId());
assertNull(tokenStore.getToken(providerResponse.getTokenId()));
response = validateOperation.validate(request, webServiceContext);
assertFalse(validateResponse(response));
Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SCTValidatorTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SCTValidatorTest.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SCTValidatorTest.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SCTValidatorTest.java Tue Apr 3 13:45:59 2012
@@ -83,7 +83,7 @@ public class SCTValidatorTest extends or
assertTrue(validatorResponse.getPrincipal().getName().equals("alice"));
// Now remove the SCT from the cache
- tokenStore.remove(tokenStore.getToken(providerResponse.getTokenId()));
+ tokenStore.remove(tokenStore.getToken(providerResponse.getTokenId()).getId());
assertNull(tokenStore.getToken(providerResponse.getTokenId()));
validatorResponse = sctValidator.validateToken(validatorParameters);
assertTrue(validatorResponse != null);
Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/CustomUsernameTokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/CustomUsernameTokenProvider.java?rev=1308908&r1=1308907&r2=1308908&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/CustomUsernameTokenProvider.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/CustomUsernameTokenProvider.java Tue Apr 3 13:45:59 2012
@@ -68,10 +68,12 @@ public class CustomUsernameTokenProvider
// Store the token in the cache
if (tokenParameters.getTokenStore() != null) {
- SecurityToken secrutiyToken = new SecurityToken(usernameToken.getID());
- secrutiyToken.setToken(usernameToken.getElement());
- secrutiyToken.setAssociatedHash(usernameToken.hashCode());
- tokenParameters.getTokenStore().add(secrutiyToken);
+ SecurityToken securityToken = new SecurityToken(usernameToken.getID());
+ securityToken.setToken(usernameToken.getElement());
+ int hashCode = usernameToken.hashCode();
+ String identifier = Integer.toString(hashCode);
+ securityToken.setTokenHash(hashCode);
+ tokenParameters.getTokenStore().add(identifier, securityToken);
}
return response;