Created
November 10, 2017 08:11
-
-
Save laszlocsontos/c0b1beac76e02cbaa0514a19f7db923c to your computer and use it in GitHub Desktop.
This is a workaround for https://issues.apache.org/jira/browse/WSS-584
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * This is a workaround for https://issues.apache.org/jira/browse/WSS-584 | |
| * | |
| * Implemented based on the following conversation with a core developer of wss4j | |
| * https://www.mail-archive.com/[email protected]/msg00404.html | |
| * | |
| * Created by lcsontos on 11/28/16. | |
| */ | |
| public class CachingWss4jSecurityInterceptor extends Wss4jSecurityInterceptor implements DisposableBean { | |
| private boolean replayCacheDisabled = false; | |
| private ReplayCache timestampReplayCache; | |
| private ReplayCache nonceReplayCache; | |
| private ReplayCache samlOneTimeUseReplayCache; | |
| @Override | |
| public void afterPropertiesSet() throws Exception { | |
| super.afterPropertiesSet(); | |
| if (replayCacheDisabled) { | |
| return; | |
| } | |
| timestampReplayCache = createCache("timestampReplayCache"); | |
| nonceReplayCache = createCache("nonceReplayCache"); | |
| samlOneTimeUseReplayCache = createCache("samlOneTimeUseReplayCache"); | |
| } | |
| @Override | |
| public void destroy() throws Exception { | |
| if (replayCacheDisabled) { | |
| return; | |
| } | |
| timestampReplayCache.close(); | |
| nonceReplayCache.close(); | |
| samlOneTimeUseReplayCache.close(); | |
| } | |
| public boolean isReplayCacheDisabled() { | |
| return replayCacheDisabled; | |
| } | |
| public void setReplayCacheDisabled(boolean replayCacheDisabled) { | |
| this.replayCacheDisabled = replayCacheDisabled; | |
| } | |
| @Override | |
| protected RequestData initializeRequestData(MessageContext messageContext) { | |
| RequestData requestData = super.initializeRequestData(messageContext); | |
| setReplayCaches(requestData); | |
| return requestData; | |
| } | |
| @Override | |
| protected RequestData initializeValidationRequestData(MessageContext messageContext) { | |
| RequestData requestData = super.initializeValidationRequestData(messageContext); | |
| setReplayCaches(requestData); | |
| return requestData; | |
| } | |
| private ReplayCache createCache(String key) throws WSSecurityException { | |
| ReplayCacheFactory replayCacheFactory = ReplayCacheFactory.newInstance(); | |
| StringBuilder cacheKey = new StringBuilder(CachingWss4jSecurityInterceptor.class.getName()); | |
| cacheKey.append("-").append(key); | |
| return replayCacheFactory.newReplayCache(cacheKey.toString(), null); | |
| } | |
| private void setReplayCaches(RequestData requestData) { | |
| if (replayCacheDisabled) { | |
| requestData.setEnableTimestampReplayCache(false); | |
| requestData.setEnableNonceReplayCache(false); | |
| requestData.setEnableSamlOneTimeUseReplayCache(false); | |
| return; | |
| } | |
| requestData.setTimestampReplayCache(timestampReplayCache); | |
| requestData.setNonceReplayCache(nonceReplayCache); | |
| requestData.setSamlOneTimeUseReplayCache(samlOneTimeUseReplayCache); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment