You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/07/17 15:21:37 UTC
svn commit: r1504117 - in /cxf/trunk/services/sts/sts-core/src:
main/java/org/apache/cxf/sts/token/provider/
main/java/org/apache/cxf/sts/token/renewer/
main/java/org/apache/cxf/sts/token/validator/
test/java/org/apache/cxf/sts/token/renewer/
Author: coheigea
Date: Wed Jul 17 13:21:37 2013
New Revision: 1504117
URL: http://svn.apache.org/r1504117
Log:
[CXF-5133] - CXF STS renewed token not itself renewable.
Modified:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerTest.java
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java?rev=1504117&r1=1504116&r2=1504117&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java Wed Jul 17 13:21:37 2013
@@ -138,10 +138,7 @@ public class SAMLTokenProvider implement
securityToken.setToken(token);
securityToken.setPrincipal(tokenParameters.getPrincipal());
- Properties props = securityToken.getProperties();
- if (props == null) {
- props = new Properties();
- }
+ Properties props = new Properties();
securityToken.setProperties(props);
if (tokenParameters.getRealm() != null) {
props.setProperty(STSConstants.TOKEN_REALM, tokenParameters.getRealm());
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java?rev=1504117&r1=1504116&r2=1504117&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java Wed Jul 17 13:21:37 2013
@@ -35,7 +35,6 @@ import javax.xml.ws.handler.MessageConte
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.DOMUtils;
@@ -45,6 +44,7 @@ import org.apache.cxf.sts.STSPropertiesM
import org.apache.cxf.sts.SignatureProperties;
import org.apache.cxf.sts.request.ReceivedToken;
import org.apache.cxf.sts.request.ReceivedToken.STATE;
+import org.apache.cxf.sts.request.Renewing;
import org.apache.cxf.sts.token.provider.ConditionsProvider;
import org.apache.cxf.sts.token.provider.DefaultConditionsProvider;
import org.apache.cxf.sts.token.realm.SAMLRealm;
@@ -212,7 +212,7 @@ public class SAMLTokenRenewer implements
// Cache the token
storeTokenInCache(
- tokenStore, renewedAssertion, tokenParameters.getPrincipal(), tokenParameters.getRealm()
+ tokenStore, renewedAssertion, tokenParameters.getPrincipal(), tokenParameters
);
response.setToken(token);
@@ -556,7 +556,7 @@ public class SAMLTokenRenewer implements
TokenStore tokenStore,
SamlAssertionWrapper assertion,
Principal principal,
- String tokenRealm
+ TokenRenewerParameters tokenParameters
) throws WSSecurityException {
// Store the successfully renewed token in the cache
byte[] signatureValue = assertion.getSignatureValue();
@@ -572,11 +572,29 @@ public class SAMLTokenRenewer implements
securityToken.setToken(assertion.getElement());
securityToken.setPrincipal(principal);
+ Properties props = new Properties();
+ String tokenRealm = tokenParameters.getRealm();
if (tokenRealm != null) {
- Properties props = new Properties();
props.setProperty(STSConstants.TOKEN_REALM, tokenRealm);
- securityToken.setProperties(props);
}
+
+ // Handle Renewing logic
+ Renewing renewing = tokenParameters.getTokenRequirements().getRenewing();
+ if (renewing != null) {
+ props.put(
+ STSConstants.TOKEN_RENEWING_ALLOW,
+ String.valueOf(renewing.isAllowRenewing())
+ );
+ props.put(
+ STSConstants.TOKEN_RENEWING_ALLOW_AFTER_EXPIRY,
+ String.valueOf(renewing.isAllowRenewingAfterExpiry())
+ );
+ } else {
+ props.setProperty(STSConstants.TOKEN_RENEWING_ALLOW, "true");
+ props.setProperty(STSConstants.TOKEN_RENEWING_ALLOW_AFTER_EXPIRY, "false");
+ }
+
+ securityToken.setProperties(props);
int hash = Arrays.hashCode(signatureValue);
securityToken.setTokenHash(hash);
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java?rev=1504117&r1=1504116&r2=1504117&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java Wed Jul 17 13:21:37 2013
@@ -215,7 +215,7 @@ public class SAMLTokenValidator implemen
Properties props = secToken.getProperties();
if (props != null) {
String cachedRealm = props.getProperty(STSConstants.TOKEN_REALM);
- if (!tokenRealm.equals(cachedRealm)) {
+ if (cachedRealm != null && !tokenRealm.equals(cachedRealm)) {
return response;
}
}
Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerTest.java?rev=1504117&r1=1504116&r2=1504117&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerTest.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerTest.java Wed Jul 17 13:21:37 2013
@@ -135,6 +135,17 @@ public class SAMLTokenRenewerTest extend
assertTrue(validatorResponse != null);
assertTrue(validatorResponse.getToken() != null);
assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
+
+ // Now try to renew it again!
+ renewerParameters.setToken(validatorResponse.getToken());
+
+ samlTokenRenewer = new SAMLTokenRenewer();
+ samlTokenRenewer.setVerifyProofOfPossession(false);
+ assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken()));
+
+ renewerResponse = samlTokenRenewer.renewToken(renewerParameters);
+ assertTrue(renewerResponse != null);
+ assertTrue(renewerResponse.getToken() != null);
}
/**