[STS] removing Lifetime from response

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[STS] removing Lifetime from response

NicholaiX
I am returning an issued token from STS and I need to clean up the response of unnecessary fields that may confuse some primitive clients. One of the node I'd like to get rid of is the Lifetime node from the response body.

<ns2:RequestSecurityTokenResponse>
...
<ns2:Lifetime>
   <ns3:Created>1970-01-01T00:00:00.000Z</ns3:Created>
   <ns3:Expires>1970-01-01T00:00:00.000Z</ns3:Expires>
</ns2:Lifetime>
...
</ns2:RequestSecurityTokenResponse>

I can probably do it through an SoapMessage inteceptor, but it's not exactly a lightweight process (get message, deserialize it,  edit it, serialize it back to XML, write it to output).

Is there a way to just prevent this node from being created, or some other more lightweight way of removing it? My poking in the code didn't turn out anything I can use yet.


 
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [STS] removing Lifetime from response

coheigea
Administrator
It's not possible without overriding some code in TokenIssueOperation. If
you want to create a patch for this I will review it.

Colm.

On Sat, Aug 5, 2017 at 5:16 AM, NicholaiX <[hidden email]>
wrote:

> I am returning an issued token from STS and I need to clean up the response
> of unnecessary fields that may confuse some primitive clients. One of the
> node I'd like to get rid of is the Lifetime node from the response body.
>
> <ns2:RequestSecurityTokenResponse>
> ...
> <ns2:Lifetime>
>    <ns3:Created>1970-01-01T00:00:00.000Z</ns3:Created>
>    <ns3:Expires>1970-01-01T00:00:00.000Z</ns3:Expires>
> </ns2:Lifetime>
> ...
> </ns2:RequestSecurityTokenResponse>
>
> I can probably do it through an SoapMessage inteceptor, but it's not
> exactly
> a lightweight process (get message, deserialize it,  edit it, serialize it
> back to XML, write it to output).
>
> Is there a way to just prevent this node from being created, or some other
> more lightweight way of removing it? My poking in the code didn't turn out
> anything I can use yet.
>
>
>
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.
> com/STS-removing-Lifetime-from-response-tp5782461.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [STS] removing Lifetime from response

NicholaiX
I looked at the code, and it's potentially an easy change I can make. There are two options:

1. Use a condition which will result in Lifetime being skipped. For example, if both the Created and the Expires are set to Instant.EPOCH, don't create Lifetime. Would there ever be a reason where someone would want both Created and Expires set to epoch?

2. Use a more flexible configuration which will allow control over the fields via a property bag. (e.g. something like sts.filter.issueresponse.lifetime=true or a better version of that). However this option I'm unclear, since I don't have a good understanding of the entire framework and what I can reuse and what I need to write from scratch. Any property bags already in place that would be available in the *Operation implementation(s)?

I have not yet been able to fully build and test CXF 3.2 (unit tests fail), and I am not adventurous enough to make substantial changes without being able to run the unit tests.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [STS] removing Lifetime from response

coheigea
Administrator
I would just add a boolean in AbstractOperation whether to include the
Lifetime or not, defaulting to true. What errors are you trying to see when
the unit tests are run?

Colm.

On Fri, Aug 11, 2017 at 5:23 PM, NicholaiX <[hidden email]>
wrote:

> I looked at the code, and it's potentially an easy change I can make. There
> are two options:
>
> 1. Use a condition which will result in Lifetime being skipped. For
> example,
> if both the Created and the Expires are set to Instant.EPOCH, don't create
> Lifetime. Would there ever be a reason where someone would want both
> Created
> and Expires set to epoch?
>
> 2. Use a more flexible configuration which will allow control over the
> fields via a property bag. (e.g. something like
> sts.filter.issueresponse.lifetime=true or a better version of that).
> However
> this option I'm unclear, since I don't have a good understanding of the
> entire framework and what I can reuse and what I need to write from
> scratch.
> Any property bags already in place that would be available in the
> *Operation
> implementation(s)?
>
> I have not yet been able to fully build and test CXF 3.2 (unit tests fail),
> and I am not adventurous enough to make substantial changes without being
> able to run the unit tests.
>
>
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.
> com/STS-removing-Lifetime-from-response-tp5782461p5782632.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [STS] removing Lifetime from response

NicholaiX
If I recall correctly, they first I encountered were around JMS, but they may not be the only ones, since I had to turn off unit testing to get myself a working build of 3.2-snapshot.

Maybe the build environment needs to be set up in some way that I missed. I'm running on Ubuntu 17.04, inside a VM to which I allocated 8GB of ram, so maybe I also have some resource constraints.







Loading...