[jira] [Commented] (CXF-4742) Not possible to disable token renewal in STS client

Fri, 11 Jan 2013 03:02:15 -0800 

    [ 
https://issues.apache.org/jira/browse/CXF-4742?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13551046#comment-13551046
 ] 

Igors Sakels commented on CXF-4742:
-----------------------------------

I don't know the STS stuff very well, so I will describe what is happening:

CASE 1: sendRenewing is true
1. some request is done using CXF with STS(before the request, SecurityToken is 
retrieved via STSClient.requestSecurityToken()). Expiration time for token is 
10 min.
2. After 11 min. another request is done(before the request, SecurityToken is 
renewed via STSClient.renewSecurityToken())

CASE 2: sendRenewing is false - exactly the same result!

CASE 2: sendRenewing is false - expected result:
1. the same stuff
2. After 11 min. another request is done(before the request, SecurityToken is 
RETRIEVED again instead of renewal)

The following patch is done in order to get expected result:
    public SecurityToken renewSecurityToken(SecurityToken tok) throws Exception 
{
        if (!sendRenewing) {
            String appliesTo = 
message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
            SecurityToken newToken = requestSecurityToken(appliesTo);

            return newToken;
        }


STSClient is created like this:
        STSClient stsClient = new STSClient(BusFactory.getDefaultBus(false));
        stsClient.setWsdlLocation(wsdlLocation);
        
stsClient.setServiceName("{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}SecurityTokenService";);
        
stsClient.setEndpointName("{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}WS2007HttpBinding_IWSTrust13Sync2";);
        stsClient.setSecureConv(false);
        stsClient.setRequiresEntropy(true);
        stsClient.setSendRenewing(false);
        stsClient.setAllowRenewing(false);

                
> Not possible to disable token renewal in STS client
> ---------------------------------------------------
>
>                 Key: CXF-4742
>                 URL: https://issues.apache.org/jira/browse/CXF-4742
>             Project: CXF
>          Issue Type: Bug
>            Reporter: Igors Sakels
>            Assignee: Colm O hEigeartaigh
>
> There're properties in org.apache.cxf.ws.security.trust.STSClient:
> sendRenewing, allowRenewing
> Unfortunately they don't prevent the renewal from being issued.
> p.s. We have a real usecase where thirdparty use STS service but don't 
> support the renewal
> Affected version: 2.7.1

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to