You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cxf.apache.org by re...@apache.org on 2016/04/22 04:13:10 UTC

[02/21] cxf git commit: Supporting a case where the token introspection response does not contain the issuedAt property, patch from fjollberg applied, This closes #130

Supporting a case where the token introspection response does not contain the issuedAt property, patch from fjollberg applied, This closes #130


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/66606fed
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/66606fed
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/66606fed

Branch: refs/heads/master-jaxrs-2.1
Commit: 66606fed2b8566799b23c85943357f7d68a45062
Parents: 27824e1
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Tue Apr 19 10:56:58 2016 +0100
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Tue Apr 19 10:58:22 2016 +0100

----------------------------------------------------------------------
 .../security/oauth2/filters/AccessTokenIntrospectionClient.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/66606fed/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
index 679aafa..39ddcfe 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
@@ -19,6 +19,7 @@
 package org.apache.cxf.rs.security.oauth2.filters;
 
 import java.util.Collections;
+import java.util.Date;
 import java.util.LinkedList;
 import java.util.List;
 
@@ -68,9 +69,11 @@ public class AccessTokenIntrospectionClient implements AccessTokenValidator {
         }
         if (response.getIat() != null) {
             atv.setTokenIssuedAt(response.getIat());
+        } else {
+            atv.setTokenIssuedAt(new Date().getTime());
         }
         if (response.getExp() != null) {
-            atv.setTokenLifetime(response.getExp() - response.getIat());
+            atv.setTokenLifetime(response.getExp() - atv.getTokenIssuedAt());
         }
         if (!StringUtils.isEmpty(response.getAud())) {
             atv.setAudiences(response.getAud());