[WSS-584] Don't create ReplayCache instances internally - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.8, 2.1.6
Fix Version/s: 2.2.0, 2.0.9, 2.1.7
Component/s: None
Labels:
None

Description

We support creating ReplayCache instances to detect replay attacks for signed Timestamps, SAML (one-time-use) + UsernameToken nonces. The ReplayCache instances should be created externally and set on the RequestData Object for verification.

However, if the caches are enabled (by boolean methods on RequestData), and no caches are actually specified, we end up creating new instances internally. However, as these are not stored for the next request, we end up with a load of open cache instances (on each request).

The fix is not to create the ReplayCache instances internally. It's up to the calling code to manage them.

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Colm O hEigeartaigh

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 18/Jul/16 15:54

Updated:: 25/Jul/16 16:21

Resolved:: 18/Jul/16 16:00