get ltpatoken2 expiry time

Question

I am currently testing a web application deployed on IBM Websphere Application Server. I understand that I can set the LTPAToken timeout via the console configuration. However, is there any way I can retrieve the timeout duration or a listener in JAVA to indicate that the ltpatoken has expired?

Answer 1

You can get the token expiration time in your Java code like this (this will give you credential expiration time)

   Subject callerSubject = WSSubject.getCallerSubject();
   Set<WSCredential> credentials = callerSubject.getPublicCredentials(WSCredential.class);

   // should contain only one credential
   int credSize = credentials.size();
   if( credSize != 1)
        throw new RuntimeException("Invalid credential number: "+credSize);
    WSCredential cred = credentials.iterator().next();
    System.out.println("getExpiration: " + cred.getExpiration()+" date: " + new Date(cred.getExpiration()) + "<BR>");

if you are interested in particular in ltpatoken, you need to extend it a bit (but probably credential will be enough for you):

Set tokens = callerSubject.getPrivateCredentials();

for (Object o : tokens) {
    if(o instanceof SingleSignonToken) {
        SingleSignonToken ssoToken = (SingleSignonToken)o;
        System.out.println("getName: " + ssoToken.getName()+"<BR>");
        if("LtpaToken".equals(ssoToken.getName())){
            System.out.println("getExpiration: " + ssoToken.getExpiration()+"<BR>");
        }
    }
}

Answer 2

The SingleSignonToken's getExpiration() method returns the expiration time in milliseconds. You can do something like this,

ssoToken.getExpiration() - System.currentTimeMillis();

to find out how much time this token has left. Or, you can call the isValid() method that will do that for you.