UPVS - How to reuse the same STS client object after token expires?

pzbell · March 22, 2017, 4:38pm

UPVS STS:

po 120 minutach STS token strati platnost
STS token renew nefunguje

Ako znovupouzit STS klient objekt po expiracii tokenu?

miso · March 22, 2017, 10:10pm

co si mam pod tym predstavit?

pzbell · March 22, 2017, 10:34pm

@miso ide o instanciu Wss11X509ServiceSoap12, po vyprsani platnosti STS tokenu sa podla definicie:

<bean id="stsClient" abstract="true" class="org.apache.cxf.ws.security.trust.STSClient">
    <constructor-arg ref="cxf" />
    <property name="location" value="${upvs.sts.address}" />
    <property name="wsdlLocation" value="services/sts/wss11x509.wsdl" />
    <property name="serviceName" value="{http://xmlns.oracle.com/sts/schema/sts-11g.xsd}wss11x509-serviceSoap12" />
    <property name="endpointName" value="{http://xmlns.oracle.com/sts/schema/sts-11g.xsd}wss11x509-port" />
    <property name="properties">
      <map>
        <entry key="org.apache.cxf.message.Message.ENDPOINT_ADDRESS" value="${upvs.sts.address}" />
        <entry key="security.signature.crypto" value-ref="upvsSignatureCrypto" />
        <entry key="security.callback-handler" value-ref="upvsCallbackHandler" />
      </map>
    </property>
  </bean>

pokusa o renew a to zlyha (cxf 3.1.10 a spring 4.3.7), riesime to zatial vytvorenim novej instancie a opatovnym autentifikovanim.

Planujem vyskusat ako sa to zachova po pridani:

<property name="sendRenewing" value="false" />
<property name="allowRenewing" value="false" />

do definicie STS klienta.

miso · March 22, 2017, 10:36pm

Ano, riesenie je prave pridanie spominanych property, nakolko UPVS nepodporuje renewing.

<bean id="stsClient" class="org.apache.cxf.ws.security.trust.STSClient">
		<property name="wsdlLocation" value="wsdl/upvs/sts/wss11x509.wsdl"/>
		<property name="serviceName" value="{http://xmlns.oracle.com/sts/schema/sts-11g.xsd}wss11x509-serviceSoap12"/>
		<property name="endpointName" value="{http://xmlns.oracle.com/sts/schema/sts-11g.xsd}wss11x509-port"/>
		<property name="location" value="${upvs.sts}"/>
		<property name="sendRenewing" value="false" />
		<property name="allowRenewing" value="false" />

pzbell · March 23, 2017, 11:59am

@miso allowRenewing a sendRenewing pomohli, no vyziadanie noveho tokenu zlyhalo, podobne ako v UPVS - STS Issue Token without wsp:AppliesTo element

miso · March 23, 2017, 12:26pm

Riesenie tam spomenute vsak funguje.