Token Caching and Sharing, Single Sign On Among Services II: token life time
1. The client can request for the life time of an issued token through configuration with a subelement LifeTime of PreConfiguredSTS:
<t:PreConfiguredSTS xmlns:t="http://schemas.sun.com/ws/2006/05/trust/client"
shareToken="true">
<t:LifeTime>3600</LifeTime>
</t:PreConfiguredSTS>
or programmatically with STSIssuedTokenConfiguration:
config.getOtherOptions().put(STSIssuedTokenConfiguration.LIFE_TIME, Integer.valueOf(3600));
The value is used to construct the Lifetime element in the RST to the STS:
<trust:Lifetime>
<wsu:Created xmlns:wsu="...">2007-10-31T18:39:23.548Z</wsu:Created>
<wsu:Expires xmlns:wsu="...">2007-11-01T02:39:23.548Z</wsu:Expires>
</trust:Lifetime>
2. By default, an exception is thrown if the token cached to be used on the client side is expired.
3. You can enable to automatically request for a new token for an expired token by configuration
with attribute renewExpiredToken in PreConfiguredSTS:
<t:PreConfiguredSTS xmlns:t="http://schemas.sun.com/ws/2006/05/trust/client"
shareToken="true"
renewExpiredToken="true">
<t:LifeTime>3600</LifeTime>
</t:PreConfiguredSTS>
or programmatically with STSIssuedTokenConfiguration:
config.getOtherOptions().put(STSIssuedTokenConfiguration.RENEW_EXPIRED_TOKEN, "true");
Posted at 08:32PM Aug 17, 2009 by jiandongg in Sun | Comments[0]