Index: juddi-core-openjpa/src/test/resources/juddiv3.properties
===================================================================
--- juddi-core-openjpa/src/test/resources/juddiv3.properties	(revision 1451436)
+++ juddi-core-openjpa/src/test/resources/juddiv3.properties	(working copy)
@@ -77,3 +77,6 @@
 juddi.notification.start.buffer=0
 
 
+
+# Duration of time for tokens to expire
+juddi.authenticate.Expiration=15
\ No newline at end of file
Index: juddi-core/src/main/java/org/apache/juddi/api/impl/AuthenticatedService.java
===================================================================
--- juddi-core/src/main/java/org/apache/juddi/api/impl/AuthenticatedService.java	(revision 1451436)
+++ juddi-core/src/main/java/org/apache/juddi/api/impl/AuthenticatedService.java	(working copy)
@@ -17,10 +17,20 @@
 
 package org.apache.juddi.api.impl;
 
+import java.util.Calendar;
 import java.util.Date;
+import java.util.GregorianCalendar;
 
 import javax.persistence.EntityManager;
+import javax.persistence.EntityTransaction;
 
+import org.apache.commons.configuration.ConfigurationException;
+import org.apache.juddi.api.util.QueryStatus;
+import org.apache.juddi.api.util.SecurityQuery;
+import org.apache.juddi.config.AppConfig;
+import org.apache.juddi.config.PersistenceManager;
+import org.apache.juddi.config.Property;
+import org.apache.juddi.config.ResourceConfig;
 import org.apache.juddi.model.UddiEntityPublisher;
 import org.apache.juddi.v3.auth.Authenticator;
 import org.apache.juddi.v3.auth.AuthenticatorFactory;
@@ -28,8 +38,10 @@
 import org.apache.juddi.v3.error.ErrorMessage;
 import org.uddi.v3_service.DispositionReportFaultMessage;
 
-/**
+/**Although this class is abstract, it provides token validation
  * @author <a href="mailto:jfaath@apache.org">Jeff Faath</a>
+ * 
+ * @author Alex O'Ree - modified to include token expiration validation
  */
 public abstract class AuthenticatedService {
 	public static final int AUTHTOKEN_ACTIVE = 1;
@@ -43,7 +55,36 @@
 		org.apache.juddi.model.AuthToken modelAuthToken = em.find(org.apache.juddi.model.AuthToken.class, authInfo);
 		if (modelAuthToken == null)
 			throw new AuthTokenRequiredException(new ErrorMessage("errors.auth.AuthInvalid"));
+	
 		
+		int minutes = 15;
+		try{
+			minutes=AppConfig.getConfiguration().getInt(Property.JUDDI_AUTH_TOKEN_EXPIRATION);
+			if (minutes <=0)
+				throw new ConfigurationException("invalid token expiration range");
+			
+		}
+		catch (Exception ex){
+		
+		}
+		
+		
+		Date issued = modelAuthToken.getCreated();
+		Date expiration = (Date) issued.clone();
+		GregorianCalendar gcal = new GregorianCalendar();
+		gcal.setTime(issued);
+		gcal.add(Calendar.MINUTE, minutes);
+		expiration  = gcal.getTime();
+		
+		Date now = new Date();
+		if (!now.equals(expiration))
+		{
+			if (now.after(expiration))
+			{
+				modelAuthToken.setTokenState(AUTHTOKEN_RETIRED);
+				throw new AuthTokenRequiredException(new ErrorMessage("errors.auth.AuthTokenExpired"));
+			}
+		}
 		if (modelAuthToken.getTokenState() == AUTHTOKEN_RETIRED)
 			throw new AuthTokenRequiredException(new ErrorMessage("errors.auth.AuthInvalid"));
 		
Index: juddi-core/src/main/java/org/apache/juddi/api/impl/UDDISecurityImpl.java
===================================================================
--- juddi-core/src/main/java/org/apache/juddi/api/impl/UDDISecurityImpl.java	(revision 1451436)
+++ juddi-core/src/main/java/org/apache/juddi/api/impl/UDDISecurityImpl.java	(working copy)
@@ -19,6 +19,9 @@
 
 import java.util.Date;
 import java.util.UUID;
+import java.util.Calendar;
+import java.util.GregorianCalendar;
+import java.util.logging.Level;
 
 import javax.jws.WebService;
 import javax.persistence.EntityManager;
@@ -30,11 +33,17 @@
 import org.uddi.v3_service.DispositionReportFaultMessage;
 import org.uddi.v3_service.UDDISecurityPortType;
 
+import org.apache.commons.configuration.ConfigurationException;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.apache.juddi.api.util.PublicationQuery;
 import org.apache.juddi.api.util.QueryStatus;
 import org.apache.juddi.api.util.ReplicationQuery;
 import org.apache.juddi.api.util.SecurityQuery;
+import org.apache.juddi.config.AppConfig;
 import org.apache.juddi.config.PersistenceManager;
+import org.apache.juddi.config.Property;
+import org.apache.juddi.config.ResourceConfig;
 import org.apache.juddi.mapping.MappingModelToApi;
 import org.apache.juddi.model.Publisher;
 import org.apache.juddi.v3.auth.Authenticator;
@@ -49,7 +58,7 @@
 			endpointInterface="org.uddi.v3_service.UDDISecurityPortType",
 			targetNamespace = "urn:uddi-org:v3_service")
 public class UDDISecurityImpl extends AuthenticatedService implements UDDISecurityPortType {
-
+	private Log log = LogFactory.getLog(AppConfig.class);
 	public static final String AUTH_TOKEN_PREFIX = "authtoken:";
         private UDDIServiceCounter serviceCounter;
 
Index: juddi-core/src/main/java/org/apache/juddi/config/Property.java
===================================================================
--- juddi-core/src/main/java/org/apache/juddi/config/Property.java	(revision 1451436)
+++ juddi-core/src/main/java/org/apache/juddi/config/Property.java	(working copy)
@@ -26,6 +26,7 @@
 	public final static String JUDDI_NODE_ID                     ="juddi.nodeId";
 	public final static String JUDDI_TRANSFER_EXPIRATION_DAYS    ="juddi.transfer.expiration.days";
 	public final static String JUDDI_AUTHENTICATE_INQUIRY        ="juddi.authenticate.Inquiry";
+	public final static String JUDDI_AUTH_TOKEN_EXPIRATION		 ="juddi.authenticate.Expiration";
 	public final static String JUDDI_SUBSCRIPTION_EXPIRATION_DAYS="juddi.subscription.expiration.days";
 	public final static String JUDDI_NOTIFICATION_START_BUFFER       ="juddi.notification.start.buffer";
 	public final static String JUDDI_NOTIFICATION_INTERVAL           ="juddi.notification.interval";
Index: juddi-core/src/main/java/org/apache/juddi/model/AuthToken.java
===================================================================
--- juddi-core/src/main/java/org/apache/juddi/model/AuthToken.java	(revision 1451436)
+++ juddi-core/src/main/java/org/apache/juddi/model/AuthToken.java	(working copy)
@@ -23,7 +23,7 @@
 import javax.persistence.Table;
 import javax.persistence.Temporal;
 import javax.persistence.TemporalType;
-
+import java.util.GregorianCalendar;
 /**
  * @author <a href="mailto:kurt@apache.org">Kurt T Stam</a>
  */
@@ -38,6 +38,7 @@
 	private Date lastUsed;
 	private int numberOfUses;
 	private int tokenState;
+	
 
 	public AuthToken() {
 	}
@@ -78,7 +79,7 @@
 	public void setCreated(Date created) {
 		this.created = created;
 	}
-
+	
 	@Temporal(TemporalType.TIMESTAMP)
 	@Column(name = "last_used", nullable = false, length = 29)
 	public Date getLastUsed() {
Index: juddiv3-samples/src/main/webapp/WEB-INF/classes/juddiv3.properties
===================================================================
--- juddiv3-samples/src/main/webapp/WEB-INF/classes/juddiv3.properties	(revision 1451436)
+++ juddiv3-samples/src/main/webapp/WEB-INF/classes/juddiv3.properties	(working copy)
@@ -86,3 +86,6 @@
 #juddi.proxy.factory.url.pkg     =org.jboss.naming
 
 
+
+# Duration of time for tokens to expire
+juddi.authenticate.Expiration=15
\ No newline at end of file
Index: juddiv3-war/src/main/webapp/WEB-INF/classes/juddiv3.properties
===================================================================
--- juddiv3-war/src/main/webapp/WEB-INF/classes/juddiv3.properties	(revision 1451436)
+++ juddiv3-war/src/main/webapp/WEB-INF/classes/juddiv3.properties	(working copy)
@@ -85,3 +85,6 @@
 juddi.rmi.port=0
 
 
+
+# Duration of time for tokens to expire
+juddi.authenticate.Expiration=15
\ No newline at end of file