CXF WS-Security runtime token caching - 7.1

Talend ESB STS User Guide

author
Talend Documentation Team
EnrichVersion
7.1
EnrichProdName
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
task
Design and Development
Installation and Upgrade
EnrichPlatform
Talend ESB
Talend Runtime

CXF caches tokens in the security runtime in the following circumstances:

  • When the IssuedTokenInterceptorProvider is invoked to obtain an Issued token from an STS.
  • When the STSTokenValidator is used to validate a received UsernameToken, BinarySecurityToken or SAML Assertion to an STS.
  • When the SecureConversation protocol is used.
  • When the WS-Trust SPNEGO protocol is used.
  • When tokens are obtained from a Kerberos KDC.

In each of these use-cases, the retrieved token is cached to prevent repeated remote calls to obtain the desired security token. There is no built-in support as yet to cache tokens in the WS-Security layer to prevent repeat validation. Of course this could be easily done by wrapping the existing validators with a custom caching solution.