Skip to main content

CXF WS-Security runtime token caching

CXF caches tokens in the security runtime in the following circumstances:

  • When the IssuedTokenInterceptorProvider is invoked to obtain an Issued token from an STS.
  • When the STSTokenValidator is used to validate a received UsernameToken, BinarySecurityToken or SAML Assertion to an STS.
  • When the SecureConversation protocol is used.
  • When the WS-Trust SPNEGO protocol is used.
  • When tokens are obtained from a Kerberos KDC.

In each of these use-cases, the retrieved token is cached to prevent repeated remote calls to obtain the desired security token. There is no built-in support as yet to cache tokens in the WS-Security layer to prevent repeat validation. Of course this could be easily done by wrapping the existing validators with a custom caching solution.

In this section

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here