Java Code Examples for org.apache.cxf.ws.security.tokenstore.SecurityToken#setSecret()
The following examples show how to use
org.apache.cxf.ws.security.tokenstore.SecurityToken#setSecret() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: PassThroughKerberosClient.java From cxf-fediz with Apache License 2.0 | 6 votes |
@Override public SecurityToken requestSecurityToken() throws Exception { KerberosSecurity bst = new KerberosSecurity(DOMUtils.createDocument()); bst.setValueType(WSConstants.WSS_GSS_KRB_V5_AP_REQ); bst.setToken(token); bst.addWSUNamespace(); bst.setID(WSSConfig.getNewInstance().getIdAllocator().createSecureId("BST-", bst)); SecurityToken securityToken = new SecurityToken(bst.getID()); securityToken.setToken(bst.getElement()); securityToken.setWsuId(bst.getID()); securityToken.setSecret(bst.getToken()); String sha1 = Base64.getEncoder().encodeToString(KeyUtils.generateDigest(bst.getToken())); securityToken.setSHA1(sha1); securityToken.setTokenType(bst.getValueType()); return securityToken; }
Example 2
Source File: SymmetricBindingHandler.java From steady with Apache License 2.0 | 6 votes |
private String setupUTDerivedKey(UsernameToken sigToken) throws WSSecurityException { boolean useMac = hasSignedPartsOrElements(); WSSecUsernameToken usernameToken = addDKUsernameToken(sigToken, useMac); String id = usernameToken.getId(); byte[] secret = usernameToken.getDerivedKey(); Date created = new Date(); Date expires = new Date(); expires.setTime(created.getTime() + 300000); SecurityToken tempTok = new SecurityToken(id, usernameToken.getUsernameTokenElement(), created, expires); tempTok.setSecret(secret); tokenStore.add(tempTok); return id; }
Example 3
Source File: IssuedTokenInterceptorProvider.java From steady with Apache License 2.0 | 6 votes |
private SecurityToken createSecurityToken( AssertionWrapper assertionWrapper ) { SecurityToken token = new SecurityToken(assertionWrapper.getId()); SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo(); if (subjectKeyInfo != null) { token.setSecret(subjectKeyInfo.getSecret()); X509Certificate[] certs = subjectKeyInfo.getCerts(); if (certs != null && certs.length > 0) { token.setX509Certificate(certs[0], null); } } if (assertionWrapper.getSaml1() != null) { token.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE); } else if (assertionWrapper.getSaml2() != null) { token.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE); } token.setToken(assertionWrapper.getElement()); return token; }
Example 4
Source File: KerberosClient.java From steady with Apache License 2.0 | 6 votes |
public SecurityToken requestSecurityToken() throws Exception { if (LOG.isLoggable(Level.FINE)) { LOG.fine("Requesting Kerberos ticket for " + serviceName + " using JAAS Login Module: " + getContextName()); } KerberosSecurity bst = new KerberosSecurity(DOMUtils.createDocument()); bst.retrieveServiceTicket(getContextName(), callbackHandler, serviceName); bst.addWSUNamespace(); bst.setID(wssConfig.getIdAllocator().createSecureId("BST-", bst)); SecurityToken token = new SecurityToken(bst.getID()); token.setToken(bst.getElement()); token.setWsuId(bst.getID()); SecretKey secretKey = bst.getSecretKey(); if (secretKey != null) { token.setSecret(secretKey.getEncoded()); } String sha1 = Base64.encode(WSSecurityUtil.generateDigest(bst.getToken())); token.setSHA1(sha1); token.setTokenType(bst.getValueType()); return token; }
Example 5
Source File: IssuedTokenInterceptorProvider.java From steady with Apache License 2.0 | 6 votes |
private SecurityToken createSecurityToken( AssertionWrapper assertionWrapper ) { SecurityToken token = new SecurityToken(assertionWrapper.getId()); SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo(); if (subjectKeyInfo != null) { token.setSecret(subjectKeyInfo.getSecret()); X509Certificate[] certs = subjectKeyInfo.getCerts(); if (certs != null && certs.length > 0) { token.setX509Certificate(certs[0], null); } } if (assertionWrapper.getSaml1() != null) { token.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE); } else if (assertionWrapper.getSaml2() != null) { token.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE); } token.setToken(assertionWrapper.getElement()); return token; }
Example 6
Source File: SymmetricBindingHandler.java From cxf with Apache License 2.0 | 6 votes |
private String setupUTDerivedKey(UsernameToken sigToken) throws WSSecurityException { assertToken(sigToken); if (isTokenRequired(sigToken.getIncludeTokenType())) { boolean useMac = hasSignedPartsOrElements(); byte[] salt = UsernameTokenUtil.generateSalt(useMac); WSSecUsernameToken usernameToken = addDKUsernameToken(sigToken, salt, useMac); String id = usernameToken.getId(); byte[] secret = usernameToken.getDerivedKey(salt); Arrays.fill(salt, (byte)0); Instant created = Instant.now(); Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); SecurityToken tempTok = new SecurityToken(id, usernameToken.getUsernameTokenElement(), created, expires); tempTok.setSecret(secret); tokenStore.add(tempTok); return id; } return null; }
Example 7
Source File: KerberosClient.java From steady with Apache License 2.0 | 6 votes |
public SecurityToken requestSecurityToken() throws Exception { if (LOG.isLoggable(Level.FINE)) { LOG.fine("Requesting Kerberos ticket for " + serviceName + " using JAAS Login Module: " + getContextName()); } KerberosSecurity bst = new KerberosSecurity(DOMUtils.createDocument()); bst.retrieveServiceTicket(getContextName(), callbackHandler, serviceName); bst.addWSUNamespace(); bst.setID(wssConfig.getIdAllocator().createSecureId("BST-", bst)); SecurityToken token = new SecurityToken(bst.getID()); token.setToken(bst.getElement()); token.setWsuId(bst.getID()); SecretKey secretKey = bst.getSecretKey(); if (secretKey != null) { token.setSecret(secretKey.getEncoded()); } String sha1 = Base64.encode(WSSecurityUtil.generateDigest(bst.getToken())); token.setSHA1(sha1); token.setTokenType(bst.getValueType()); return token; }
Example 8
Source File: KerberosTokenInterceptorProvider.java From cxf with Apache License 2.0 | 6 votes |
private void storeKerberosToken(Message message, KerberosServiceSecurityToken kerberosToken) throws TokenStoreException { SecurityToken token = new SecurityToken(kerberosToken.getId()); token.setTokenType(kerberosToken.getKerberosTokenValueType()); SecretKey secretKey = getSecretKeyFromToken(kerberosToken); token.setKey(secretKey); if (secretKey != null) { token.setSecret(secretKey.getEncoded()); } byte[] ticket = kerberosToken.getBinaryContent(); try { token.setSHA1(XMLUtils.encodeToString(KeyUtils.generateDigest(ticket))); } catch (WSSecurityException e) { // Just consume this for now as it isn't critical... } TokenStoreUtils.getTokenStore(message).add(token); message.getExchange().put(SecurityConstants.TOKEN_ID, token.getId()); }
Example 9
Source File: KerberosTokenInterceptorProvider.java From steady with Apache License 2.0 | 6 votes |
private void parseHandlerResults( WSHandlerResult rResult, Message message, AssertionInfoMap aim ) { List<WSSecurityEngineResult> kerberosResults = findKerberosResults(rResult.getResults()); for (WSSecurityEngineResult wser : kerberosResults) { KerberosSecurity kerberosToken = (KerberosSecurity)wser.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN); KerberosTokenPolicyValidator kerberosValidator = new KerberosTokenPolicyValidator(message); boolean valid = kerberosValidator.validatePolicy(aim, kerberosToken); if (valid) { SecurityToken token = createSecurityToken(kerberosToken); token.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_SECRET)); getTokenStore(message).add(token); message.getExchange().put(SecurityConstants.TOKEN_ID, token.getId()); return; } } }
Example 10
Source File: SymmetricBindingHandler.java From cxf with Apache License 2.0 | 6 votes |
private SecurityToken getEncryptedKey() { WSSecurityEngineResult encryptedKeyResult = getEncryptedKeyResult(); if (encryptedKeyResult != null) { // Store it in the cache Instant created = Instant.now(); Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); String encryptedKeyID = (String)encryptedKeyResult.get(WSSecurityEngineResult.TAG_ID); SecurityToken securityToken = new SecurityToken(encryptedKeyID, created, expires); securityToken.setSecret((byte[])encryptedKeyResult.get(WSSecurityEngineResult.TAG_SECRET)); securityToken.setSHA1(getSHA1((byte[])encryptedKeyResult .get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY))); return securityToken; } return null; }
Example 11
Source File: SymmetricBindingHandler.java From steady with Apache License 2.0 | 5 votes |
private String getEncryptedKey() { List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage() .get(WSHandlerConstants.RECV_RESULTS)); for (WSHandlerResult rResult : results) { List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults(); for (WSSecurityEngineResult wser : wsSecEngineResults) { Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION); String encryptedKeyID = (String)wser.get(WSSecurityEngineResult.TAG_ID); if (actInt.intValue() == WSConstants.ENCR && encryptedKeyID != null && encryptedKeyID.length() != 0) { Date created = new Date(); Date expires = new Date(); expires.setTime(created.getTime() + 300000); SecurityToken tempTok = new SecurityToken(encryptedKeyID, created, expires); tempTok.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_SECRET)); tempTok.setSHA1(getSHA1((byte[])wser .get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY))); tokenStore.add(tempTok); return encryptedKeyID; } } } return null; }
Example 12
Source File: SymmetricBindingHandler.java From steady with Apache License 2.0 | 5 votes |
private String getUTDerivedKey() throws WSSecurityException { List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage() .get(WSHandlerConstants.RECV_RESULTS)); for (WSHandlerResult rResult : results) { List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults(); for (WSSecurityEngineResult wser : wsSecEngineResults) { Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION); String utID = (String)wser.get(WSSecurityEngineResult.TAG_ID); if (actInt.intValue() == WSConstants.UT_NOPASSWORD) { if (utID == null || utID.length() == 0) { utID = wssConfig.getIdAllocator().createId("UsernameToken-", null); } Date created = new Date(); Date expires = new Date(); expires.setTime(created.getTime() + 300000); SecurityToken tempTok = new SecurityToken(utID, created, expires); byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET); tempTok.setSecret(secret); tokenStore.add(tempTok); return utID; } } } return null; }
Example 13
Source File: SymmetricBindingHandler.java From steady with Apache License 2.0 | 5 votes |
private String getUTDerivedKey() throws WSSecurityException { List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage() .get(WSHandlerConstants.RECV_RESULTS)); for (WSHandlerResult rResult : results) { List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults(); for (WSSecurityEngineResult wser : wsSecEngineResults) { Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION); String utID = (String)wser.get(WSSecurityEngineResult.TAG_ID); if (actInt.intValue() == WSConstants.UT_NOPASSWORD) { if (utID == null || utID.length() == 0) { utID = wssConfig.getIdAllocator().createId("UsernameToken-", null); } Date created = new Date(); Date expires = new Date(); expires.setTime(created.getTime() + 300000); SecurityToken tempTok = new SecurityToken(utID, created, expires); byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET); tempTok.setSecret(secret); tokenStore.add(tempTok); return utID; } } } return null; }
Example 14
Source File: SymmetricBindingHandler.java From steady with Apache License 2.0 | 5 votes |
private String setupEncryptedKey(TokenWrapper wrapper, Token sigToken) throws WSSecurityException { WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(wrapper, sigToken); String id = encrKey.getId(); byte[] secret = encrKey.getEphemeralKey(); Date created = new Date(); Date expires = new Date(); expires.setTime(created.getTime() + 300000); SecurityToken tempTok = new SecurityToken( id, encrKey.getEncryptedKeyElement(), created, expires); tempTok.setSecret(secret); // Set the SHA1 value of the encrypted key, this is used when the encrypted // key is referenced via a key identifier of type EncryptedKeySHA1 tempTok.setSHA1(getSHA1(encrKey.getEncryptedEphemeralKey())); tokenStore.add(tempTok); String bstTokenId = encrKey.getBSTTokenId(); //If direct ref is used to refer to the cert //then add the cert to the sec header now if (bstTokenId != null && bstTokenId.length() > 0) { encrKey.prependBSTElementToHeader(secHeader); } return id; }
Example 15
Source File: IssuedTokenInterceptorProvider.java From steady with Apache License 2.0 | 5 votes |
private SecurityToken createSecurityToken(BinarySecurity binarySecurityToken) { SecurityToken token = new SecurityToken(binarySecurityToken.getID()); token.setToken(binarySecurityToken.getElement()); token.setSecret(binarySecurityToken.getToken()); token.setTokenType(binarySecurityToken.getValueType()); return token; }
Example 16
Source File: NegotiationUtils.java From steady with Apache License 2.0 | 5 votes |
/** * Return true on successfully parsing a SecurityContextToken result */ static boolean parseSCTResult(SoapMessage message) { List<WSHandlerResult> results = CastUtils.cast((List<?>)message.get(WSHandlerConstants.RECV_RESULTS)); if (results == null) { return false; } for (WSHandlerResult rResult : results) { List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults(); for (WSSecurityEngineResult wser : wsSecEngineResults) { Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION); if (actInt.intValue() == WSConstants.SCT) { SecurityContextToken tok = (SecurityContextToken)wser.get(WSSecurityEngineResult.TAG_SECURITY_CONTEXT_TOKEN); message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getIdentifier()); byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET); if (secret != null) { SecurityToken token = new SecurityToken(tok.getIdentifier()); token.setToken(tok.getElement()); token.setSecret(secret); token.setTokenType(tok.getTokenType()); getTokenStore(message).add(token); } return true; } } } return false; }
Example 17
Source File: TransportBindingHandler.java From steady with Apache License 2.0 | 5 votes |
private void handleEndorsingToken( Token token, SupportingToken wrapper ) throws Exception { if (token instanceof IssuedToken || token instanceof SecureConversationToken || token instanceof SecurityContextToken || token instanceof KerberosToken || token instanceof SpnegoContextToken) { addSig(doIssuedTokenSignature(token, wrapper)); } else if (token instanceof X509Token || token instanceof KeyValueToken) { addSig(doX509TokenSignature(token, wrapper)); } else if (token instanceof SamlToken) { AssertionWrapper assertionWrapper = addSamlToken((SamlToken)token); assertionWrapper.toDOM(saaj.getSOAPPart()); storeAssertionAsSecurityToken(assertionWrapper); addSig(doIssuedTokenSignature(token, wrapper)); } else if (token instanceof UsernameToken) { // Create a UsernameToken object for derived keys and store the security token WSSecUsernameToken usernameToken = addDKUsernameToken((UsernameToken)token, true); String id = usernameToken.getId(); byte[] secret = usernameToken.getDerivedKey(); Date created = new Date(); Date expires = new Date(); expires.setTime(created.getTime() + 300000); SecurityToken tempTok = new SecurityToken(id, usernameToken.getUsernameTokenElement(), created, expires); tempTok.setSecret(secret); getTokenStore().add(tempTok); message.setContextualProperty(SecurityConstants.TOKEN_ID, tempTok.getId()); addSig(doIssuedTokenSignature(token, wrapper)); } }
Example 18
Source File: SecureConversationInInterceptor.java From steady with Apache License 2.0 | 4 votes |
void doIssue( Element requestEl, Exchange exchange, Element binaryExchange, W3CDOMStreamWriter writer, String prefix, String namespace ) throws Exception { if (STSUtils.WST_NS_05_12.equals(namespace)) { writer.writeStartElement(prefix, "RequestSecurityTokenResponseCollection", namespace); } writer.writeStartElement(prefix, "RequestSecurityTokenResponse", namespace); byte clientEntropy[] = null; int keySize = 256; long ttl = 300000L; String tokenType = null; Element el = DOMUtils.getFirstElement(requestEl); while (el != null) { String localName = el.getLocalName(); if (namespace.equals(el.getNamespaceURI())) { if ("Entropy".equals(localName)) { Element bs = DOMUtils.getFirstElement(el); if (bs != null) { clientEntropy = Base64.decode(bs.getTextContent()); } } else if ("KeySize".equals(localName)) { keySize = Integer.parseInt(el.getTextContent()); } else if ("TokenType".equals(localName)) { tokenType = el.getTextContent(); } } el = DOMUtils.getNextElement(el); } // Check received KeySize if (keySize < 128 || keySize > 512) { keySize = 256; } writer.writeStartElement(prefix, "RequestedSecurityToken", namespace); SecurityContextToken sct = new SecurityContextToken(NegotiationUtils.getWSCVersion(tokenType), writer.getDocument()); Date created = new Date(); Date expires = new Date(); expires.setTime(created.getTime() + ttl); SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires); token.setToken(sct.getElement()); token.setTokenType(sct.getTokenType()); writer.getCurrentNode().appendChild(sct.getElement()); writer.writeEndElement(); writer.writeStartElement(prefix, "RequestedAttachedReference", namespace); token.setAttachedReference( writeSecurityTokenReference(writer, "#" + sct.getID(), tokenType) ); writer.writeEndElement(); writer.writeStartElement(prefix, "RequestedUnattachedReference", namespace); token.setUnattachedReference( writeSecurityTokenReference(writer, sct.getIdentifier(), tokenType) ); writer.writeEndElement(); writeLifetime(writer, created, expires, prefix, namespace); byte[] secret = writeProofToken(prefix, namespace, writer, clientEntropy, keySize); token.setSecret(secret); ((TokenStore)exchange.get(Endpoint.class).getEndpointInfo() .getProperty(TokenStore.class.getName())).add(token); writer.writeEndElement(); if (STSUtils.WST_NS_05_12.equals(namespace)) { writer.writeEndElement(); } }
Example 19
Source File: SecureConversationInInterceptor.java From steady with Apache License 2.0 | 4 votes |
void doIssue( Element requestEl, Exchange exchange, Element binaryExchange, W3CDOMStreamWriter writer, String prefix, String namespace ) throws Exception { if (STSUtils.WST_NS_05_12.equals(namespace)) { writer.writeStartElement(prefix, "RequestSecurityTokenResponseCollection", namespace); } writer.writeStartElement(prefix, "RequestSecurityTokenResponse", namespace); byte clientEntropy[] = null; int keySize = 256; long ttl = 300000L; String tokenType = null; Element el = DOMUtils.getFirstElement(requestEl); while (el != null) { String localName = el.getLocalName(); if (namespace.equals(el.getNamespaceURI())) { if ("Entropy".equals(localName)) { Element bs = DOMUtils.getFirstElement(el); if (bs != null) { clientEntropy = Base64.decode(bs.getTextContent()); } } else if ("KeySize".equals(localName)) { keySize = Integer.parseInt(el.getTextContent()); } else if ("TokenType".equals(localName)) { tokenType = el.getTextContent(); } } el = DOMUtils.getNextElement(el); } // Check received KeySize if (keySize < 128 || keySize > 512) { keySize = 256; } writer.writeStartElement(prefix, "RequestedSecurityToken", namespace); SecurityContextToken sct = new SecurityContextToken(NegotiationUtils.getWSCVersion(tokenType), writer.getDocument()); Date created = new Date(); Date expires = new Date(); expires.setTime(created.getTime() + ttl); SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires); token.setToken(sct.getElement()); token.setTokenType(sct.getTokenType()); writer.getCurrentNode().appendChild(sct.getElement()); writer.writeEndElement(); writer.writeStartElement(prefix, "RequestedAttachedReference", namespace); token.setAttachedReference( writeSecurityTokenReference(writer, "#" + sct.getID(), tokenType) ); writer.writeEndElement(); writer.writeStartElement(prefix, "RequestedUnattachedReference", namespace); token.setUnattachedReference( writeSecurityTokenReference(writer, sct.getIdentifier(), tokenType) ); writer.writeEndElement(); writeLifetime(writer, created, expires, prefix, namespace); byte[] secret = writeProofToken(prefix, namespace, writer, clientEntropy, keySize); token.setSecret(secret); ((TokenStore)exchange.get(Endpoint.class).getEndpointInfo() .getProperty(TokenStore.class.getName())).add(token); writer.writeEndElement(); if (STSUtils.WST_NS_05_12.equals(namespace)) { writer.writeEndElement(); } }
Example 20
Source File: WSS4JUtils.java From cxf with Apache License 2.0 | 4 votes |
public static String parseAndStoreStreamingSecurityToken( org.apache.xml.security.stax.securityToken.SecurityToken securityToken, Message message ) throws XMLSecurityException, TokenStoreException { if (securityToken == null) { return null; } SecurityToken existingToken = TokenStoreUtils.getTokenStore(message).getToken(securityToken.getId()); if (existingToken == null || existingToken.isExpired()) { Instant created = Instant.now(); Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); SecurityToken cachedTok = new SecurityToken(securityToken.getId(), created, expires); cachedTok.setSHA1(securityToken.getSha1Identifier()); if (securityToken.getTokenType() != null) { if (securityToken.getTokenType() == WSSecurityTokenConstants.EncryptedKeyToken) { cachedTok.setTokenType(WSSConstants.NS_WSS_ENC_KEY_VALUE_TYPE); } else if (securityToken.getTokenType() == WSSecurityTokenConstants.KERBEROS_TOKEN) { cachedTok.setTokenType(WSSConstants.NS_GSS_KERBEROS5_AP_REQ); } else if (securityToken.getTokenType() == WSSecurityTokenConstants.SAML_11_TOKEN) { cachedTok.setTokenType(WSSConstants.NS_SAML11_TOKEN_PROFILE_TYPE); } else if (securityToken.getTokenType() == WSSecurityTokenConstants.SAML_20_TOKEN) { cachedTok.setTokenType(WSSConstants.NS_SAML20_TOKEN_PROFILE_TYPE); } else if (securityToken.getTokenType() == WSSecurityTokenConstants.SECURE_CONVERSATION_TOKEN || securityToken.getTokenType() == WSSecurityTokenConstants.SECURITY_CONTEXT_TOKEN) { cachedTok.setTokenType(WSSConstants.NS_WSC_05_02); } } for (Map.Entry<String, Key> entry : securityToken.getSecretKey().entrySet()) { if (entry.getValue() != null) { cachedTok.setKey(entry.getValue()); if (entry.getValue() instanceof SecretKey) { cachedTok.setSecret(entry.getValue().getEncoded()); } break; } } TokenStoreUtils.getTokenStore(message).add(cachedTok); return cachedTok.getId(); } return existingToken.getId(); }