You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/02/01 16:54:16 UTC
svn commit: r1441496 - in
/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp:
FederationFilter.java STSClientFilter.java
Author: coheigea
Date: Fri Feb 1 15:54:15 2013
New Revision: 1441496
URL: http://svn.apache.org/viewvc?rev=1441496&view=rev
Log:
[FEDIZ-48] - Support wfresh properly in the IdP
Modified:
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationFilter.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java
Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationFilter.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationFilter.java?rev=1441496&r1=1441495&r2=1441496&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationFilter.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationFilter.java Fri Feb 1 15:54:15 2013
@@ -19,6 +19,7 @@
package org.apache.cxf.fediz.service.idp;
import java.io.IOException;
+import java.util.Date;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
@@ -128,11 +129,12 @@ public class FederationFilter extends Ab
} else {
if (idpToken.isExpired()) {
LOG.info("IDP token of '" + user + "' expired. Require authentication.");
- authenticationRequired = idpToken.isExpired();
- } else if (wfresh != null && wfresh.equals("0")) {
- LOG.info("IDP token of '" + user + "' valid but relying party requested new authentication");
authenticationRequired = true;
- } else {
+ } else if (wfresh != null) {
+ authenticationRequired = parseWfresh(wfresh, user, idpToken);
+ }
+
+ if (!authenticationRequired) {
LOG.debug("Session found for '" + user + "'.");
//Add it to the request context
context.put(sessionToken, idpToken);
@@ -149,6 +151,30 @@ public class FederationFilter extends Ab
}
}
+ /*
+ * Return true if authentication is required after parsing wfresh
+ */
+ private boolean parseWfresh(String wfresh, String user, SecurityToken idpToken) {
+ if ("0".equals(wfresh)) {
+ LOG.info("IDP token of '" + user + "' valid but relying party requested new authentication");
+ return true;
+ } else {
+ long ttl = Long.parseLong(wfresh);
+ if (ttl > 0) {
+ Date createdDate = idpToken.getCreated();
+ Date expiryDate = new Date();
+ expiryDate.setTime(createdDate.getTime() + (ttl * 60L * 1000L));
+ if (expiryDate.before(new Date())) {
+ LOG.info("IDP token of '" + user
+ + "' valid but relying party requested new authentication via wfresh: " + wfresh);
+ return true;
+ }
+ } else {
+ LOG.info("wfresh value of " + wfresh + " is invalid");
+ }
+ }
+ return false;
+ }
}
Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java?rev=1441496&r1=1441495&r2=1441496&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java Fri Feb 1 15:54:15 2013
@@ -248,9 +248,14 @@ public class STSClientFilter extends Abs
sts.getProperties().put(SecurityConstants.USERNAME, username);
sts.getProperties().put(SecurityConstants.PASSWORD, password);
}
-
- // Set TTL on the request if wfresh is configured
- configureTTL(sts, context);
+
+ /*
+ if (getInitParameter(S_PARAM_TOKEN_INTERNAL_LIFETIME) != null) {
+ sts.setEnableLifetime(true);
+ int ttl = Integer.parseInt(getInitParameter(S_PARAM_TOKEN_INTERNAL_LIFETIME));
+ sts.setTtl(ttl);
+ }
+ */
if (appliesTo.startsWith("$")) {
resolvedAppliesTo = (String)context.get(appliesTo.substring(1));
@@ -370,21 +375,6 @@ public class STSClientFilter extends Abs
return writer.getDocument().getDocumentElement();
}
- private void configureTTL(IdpSTSClient sts, AuthContext context) {
- String wfresh = (String)context.get(FederationFilter.PARAM_WFRESH);
- if (wfresh != null) {
- try {
- int ttl = Integer.parseInt(wfresh);
- if (ttl > 0) {
- sts.setTtl(ttl * 60);
- sts.setEnableLifetime(true);
- }
- } catch (NumberFormatException ex) {
- LOG.error("Invalid wfresh value '" + wfresh + "': " + ex.getMessage());
- }
- }
- }
-
private synchronized void setSTSWsdlUrl(String wsdlUrl) {
this.stsWsdlUrl = wsdlUrl;
this.isPortSet = true;