You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/02/27 23:58:31 UTC
svn commit: r1451017 - in
/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security:
SecurityConstants.java wss4j/AbstractWSS4JInterceptor.java
Author: coheigea
Date: Wed Feb 27 22:58:31 2013
New Revision: 1451017
URL: http://svn.apache.org/r1451017
Log:
Merged revisions 1451006 via git cherry-pick from
https://svn.apache.org/repos/asf/cxf/branches/2.6.x-fixes
........
r1451006 | coheigea | 2013-02-27 14:30:25 -0800 (Wed, 27 Feb 2013) | 18 lines
Merged revisions 1451001 via git cherry-pick from
https://svn.apache.org/repos/asf/cxf/branches/2.7.x-fixes
........
r1451001 | coheigea | 2013-02-27 14:18:52 -0800 (Wed, 27 Feb 2013) | 10 lines
Merged revisions 1450977 via git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1450977 | coheigea | 2013-02-27 13:36:06 -0800 (Wed, 27 Feb 2013) | 2 lines
Adding ability to configure UsernameToken TTL
........
........
........
Modified:
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1451017&r1=1451016&r2=1451017&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Wed Feb 27 22:58:31 2013
@@ -201,6 +201,19 @@ public final class SecurityConstants {
public static final String TIMESTAMP_FUTURE_TTL = "ws-security.timestamp.futureTimeToLive";
/**
+ * The time in seconds to append to the Creation value of an incoming UsernameToken to determine
+ * whether to accept the UsernameToken as valid or not. The default value is 300 seconds (5 minutes).
+ */
+ public static final String USERNAMETOKEN_TTL = "ws-security.usernametoken.timeToLive";
+
+ /**
+ * The time in seconds in the future within which the Created time of an incoming
+ * UsernameToken is valid. The default value is "60", to avoid problems where clocks are
+ * slightly askew. To reject all future-created UsernameTokens, set this value to "0".
+ */
+ public static final String USERNAMETOKEN_FUTURE_TTL = "ws-security.usernametoken.futureTimeToLive";
+
+ /**
* The attribute URI of the SAML AttributeStatement where the role information is stored.
* The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role".
*/
Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=1451017&r1=1451016&r2=1451017&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java (original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java Wed Feb 27 22:58:31 2013
@@ -173,6 +173,18 @@ public abstract class AbstractWSS4JInter
if (ttl != null) {
msg.setContextualProperty(WSHandlerConstants.TTL_TIMESTAMP, ttl);
}
+
+ String utFutureTTL =
+ (String)msg.getContextualProperty(SecurityConstants.USERNAMETOKEN_FUTURE_TTL);
+ if (utFutureTTL != null) {
+ msg.setContextualProperty(WSHandlerConstants.TTL_FUTURE_USERNAMETOKEN, utFutureTTL);
+ }
+ String utTTL =
+ (String)msg.getContextualProperty(SecurityConstants.USERNAMETOKEN_TTL);
+ if (utTTL != null) {
+ msg.setContextualProperty(WSHandlerConstants.TTL_USERNAMETOKEN, utTTL);
+ }
+
String certConstraints =
(String)msg.getContextualProperty(SecurityConstants.SUBJECT_CERT_CONSTRAINTS);
if (certConstraints != null) {