You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/02/27 23:58:31 UTC

svn commit: r1451017 - in /cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security: SecurityConstants.java wss4j/AbstractWSS4JInterceptor.java

Author: coheigea
Date: Wed Feb 27 22:58:31 2013
New Revision: 1451017

URL: http://svn.apache.org/r1451017
Log:
Merged revisions 1451006 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/branches/2.6.x-fixes

........
  r1451006 | coheigea | 2013-02-27 14:30:25 -0800 (Wed, 27 Feb 2013) | 18 lines

  Merged revisions 1451001 via  git cherry-pick from
  https://svn.apache.org/repos/asf/cxf/branches/2.7.x-fixes

  ........
    r1451001 | coheigea | 2013-02-27 14:18:52 -0800 (Wed, 27 Feb 2013) | 10 lines

    Merged revisions 1450977 via  git cherry-pick from
    https://svn.apache.org/repos/asf/cxf/trunk

    ........
      r1450977 | coheigea | 2013-02-27 13:36:06 -0800 (Wed, 27 Feb 2013) | 2 lines

      Adding ability to configure UsernameToken TTL

    ........

  ........

........

Modified:
    cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java

Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1451017&r1=1451016&r2=1451017&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Wed Feb 27 22:58:31 2013
@@ -201,6 +201,19 @@ public final class SecurityConstants {
     public static final String TIMESTAMP_FUTURE_TTL = "ws-security.timestamp.futureTimeToLive";
     
     /**
+     * The time in seconds to append to the Creation value of an incoming UsernameToken to determine
+     * whether to accept the UsernameToken as valid or not. The default value is 300 seconds (5 minutes).
+     */
+    public static final String USERNAMETOKEN_TTL = "ws-security.usernametoken.timeToLive";
+    
+    /**
+     * The time in seconds in the future within which the Created time of an incoming 
+     * UsernameToken is valid. The default value is "60", to avoid problems where clocks are 
+     * slightly askew. To reject all future-created UsernameTokens, set this value to "0". 
+     */
+    public static final String USERNAMETOKEN_FUTURE_TTL = "ws-security.usernametoken.futureTimeToLive";
+    
+    /**
      * The attribute URI of the SAML AttributeStatement where the role information is stored.
      * The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role".
      */

Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=1451017&r1=1451016&r2=1451017&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java (original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java Wed Feb 27 22:58:31 2013
@@ -173,6 +173,18 @@ public abstract class AbstractWSS4JInter
         if (ttl != null) {
             msg.setContextualProperty(WSHandlerConstants.TTL_TIMESTAMP, ttl);
         }
+        
+        String utFutureTTL = 
+            (String)msg.getContextualProperty(SecurityConstants.USERNAMETOKEN_FUTURE_TTL);
+        if (utFutureTTL != null) {
+            msg.setContextualProperty(WSHandlerConstants.TTL_FUTURE_USERNAMETOKEN, utFutureTTL);
+        }
+        String utTTL = 
+            (String)msg.getContextualProperty(SecurityConstants.USERNAMETOKEN_TTL);
+        if (utTTL != null) {
+            msg.setContextualProperty(WSHandlerConstants.TTL_USERNAMETOKEN, utTTL);
+        }
+        
         String certConstraints = 
             (String)msg.getContextualProperty(SecurityConstants.SUBJECT_CERT_CONSTRAINTS);
         if (certConstraints != null) {