// Validate the token
//
try {
boolean allowNamespaceQualifiedPasswordTypes =
wssConfig.getAllowNamespaceQualifiedPasswordTypes();
UsernameToken ut =
new UsernameToken(usernameTokenElement, allowNamespaceQualifiedPasswordTypes,
new BSPEnforcer());
// The parsed principal is set independent whether validation is successful or not
response.setPrincipal(new CustomTokenPrincipal(ut.getName()));
if (ut.getPassword() == null) {
return response;
}
// See if the UsernameToken is stored in the cache
int hash = ut.hashCode();
SecurityToken secToken = null;
if (tokenParameters.getTokenStore() != null) {
secToken = tokenParameters.getTokenStore().getToken(Integer.toString(hash));
if (secToken != null && secToken.getTokenHash() != hash) {
secToken = null;
}
}
if (secToken == null) {
Credential credential = new Credential();
credential.setUsernametoken(ut);
validator.validate(credential, requestData);
}
Principal principal =
createPrincipal(
ut.getName(), ut.getPassword(), ut.getPasswordType(), ut.getNonce(), ut.getCreated()
);
// Get the realm of the UsernameToken
String tokenRealm = null;
if (usernameTokenRealmCodec != null) {
tokenRealm = usernameTokenRealmCodec.getRealmFromToken(ut);
// verify the realm against the cached token
if (secToken != null) {
Properties props = secToken.getProperties();
if (props != null) {
String cachedRealm = props.getProperty(STSConstants.TOKEN_REALM);
if (!tokenRealm.equals(cachedRealm)) {
return response;
}
}
}
}
// Store the successfully validated token in the cache
if (tokenParameters.getTokenStore() != null && secToken == null) {
secToken = new SecurityToken(ut.getID());
secToken.setToken(ut.getElement());
int hashCode = ut.hashCode();
String identifier = Integer.toString(hashCode);
secToken.setTokenHash(hashCode);
tokenParameters.getTokenStore().add(identifier, secToken);
}