cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1489157 - in /cxf/trunk/services/sts/sts-core/src: main/java/org/apache/cxf/sts/cache/ test/java/org/apache/cxf/sts/cache/
Date Mon, 03 Jun 2013 20:30:49 GMT
Author: owulff
Date: Mon Jun  3 20:30:48 2013
New Revision: 1489157

URL: http://svn.apache.org/r1489157
Log:
[CXF-4463] Support caching for mapped principals/identites

Added:
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/IdentityCache.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCache.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCacheStatistics.java
    cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/CacheIdentityMapper.java
    cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/MemoryIdentityCacheTest.java

Added: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/IdentityCache.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/IdentityCache.java?rev=1489157&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/IdentityCache.java
(added)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/IdentityCache.java
Mon Jun  3 20:30:48 2013
@@ -0,0 +1,36 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.cache;
+
+import java.util.Map;
+
+public interface IdentityCache {
+
+    void add(String user, String realm, Map<String, String> identities);
+    
+    Map<String, String> get(String user, String realm);
+    
+    void remove(String user, String realm);
+    
+    void clear();
+    
+    int size();
+    
+}

Added: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCache.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCache.java?rev=1489157&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCache.java
(added)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCache.java
Mon Jun  3 20:30:48 2013
@@ -0,0 +1,192 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.cache;
+
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.sts.IdentityMapper;
+import org.apache.wss4j.common.principal.CustomTokenPrincipal;
+import org.springframework.jmx.export.annotation.ManagedOperation;
+import org.springframework.jmx.export.annotation.ManagedResource;
+
+/**
+ * A simple in-memory HashMap based cache to cache identities in different realms where
+ * the relationship is of type FederateIdentity.
+ */
+@ManagedResource()
+public class MemoryIdentityCache implements IdentityCache, IdentityMapper {
+    
+    private static final Logger LOG = LogUtils.getL7dLogger(MemoryIdentityCache.class);
+    
+    private final Map<String, Map<String, String>> cache =
+            Collections.synchronizedMap(new HashMap<String, Map<String, String>>());
+    
+    private long maxCacheItems = 10000L;
+    
+    private IdentityMapper identityMapper;
+    
+    private MemoryIdentityCacheStatistics statistics;
+    
+
+    protected MemoryIdentityCache() {
+        
+    }
+    
+    public MemoryIdentityCache(IdentityMapper identityMapper) {
+        this.identityMapper = identityMapper;
+    }
+    
+    public MemoryIdentityCacheStatistics getStatistics() {
+        if (statistics == null) {
+            this.statistics = new MemoryIdentityCacheStatistics();
+        }
+        return statistics;
+    }
+
+    public void setStatistics(MemoryIdentityCacheStatistics stats) {
+        this.statistics = stats;
+    }
+
+    public long getMaxCacheItems() {
+        return maxCacheItems;
+    }
+
+    public void setMaxCacheItems(long maxCacheItems) {
+        this.maxCacheItems = maxCacheItems;
+    }
+
+    @Override
+    public void add(String user, String realm, Map<String, String> identities) {
+        if (cache.size() >= maxCacheItems) {
+            cache.clear();
+        }
+        cache.put(user + "@" + realm, identities);
+    }
+
+    @ManagedOperation()
+    @Override
+    public Map<String, String> get(String user, String realm) {
+        return cache.get(user + "@" + realm);
+    }
+
+    @Override
+    public void remove(String user, String realm) {
+        cache.remove(user + "@" + realm);       
+    }
+    
+    @ManagedOperation()
+    @Override
+    public void clear() {
+        cache.clear();  
+    }
+    
+    @ManagedOperation()
+    @Override
+    public int size() {
+        return cache.size();
+    }
+    
+    @ManagedOperation()
+    public String getContent() {
+        return this.cache.toString();
+    }
+
+    @Override
+    public Principal mapPrincipal(String sourceRealm,
+            Principal sourcePrincipal, String targetRealm) {
+        
+        Principal targetPrincipal = null;
+        Map<String, String> identities = this.get(sourcePrincipal.getName(), sourceRealm);
+        if (identities != null) {
+            if (LOG.isLoggable(Level.FINE)) {
+                LOG.fine("Identities found for '" + sourcePrincipal.getName() + "@" + sourceRealm
+ "'");
+            }
+            // Identities object found for key sourceUser@sourceRealm
+            String targetUser = identities.get(targetRealm);
+            if (targetUser == null) {
+                getStatistics().increaseCacheMiss();
+                if (LOG.isLoggable(Level.FINE)) {
+                    LOG.fine("No mapping found for realm " + targetRealm + " of user '"
+                             + sourcePrincipal.getName() + "@" + sourceRealm + "'");
+                }
+                // User identity of target realm not cached yet
+                targetPrincipal = this.identityMapper.mapPrincipal(
+                        sourceRealm, sourcePrincipal, targetRealm);
+                // Add the identity for target realm to the cached entry 
+                identities.put(targetRealm, targetPrincipal.getName());
+                
+                // Verify whether target user has cached some identities already
+                Map<String, String> cachedItem = this.get(targetPrincipal.getName(),
targetRealm);
+                if (cachedItem != null) {
+                    if (LOG.isLoggable(Level.FINE)) {
+                        LOG.fine("Merging mappings for '" + sourcePrincipal.getName() + "@"
+ sourceRealm + "'");
+                    }
+                    //Identites already cached for targetUser@targetRealm key pair
+                    //Merge into identities object
+                    this.mergeMap(identities, cachedItem);
+                }
+                this.add(targetPrincipal.getName(), targetRealm, identities);
+            } else {
+                getStatistics().increaseCacheHit();
+                if (LOG.isLoggable(Level.INFO)) {
+                    LOG.info("Mapping '" + sourcePrincipal.getName() + "@" + sourceRealm
+ "' to '"
+                             + targetUser + "@" + targetRealm + "' cached");
+                }
+                targetPrincipal = new CustomTokenPrincipal(targetUser);
+            }
+            
+        } else {
+            if (LOG.isLoggable(Level.FINE)) {
+                LOG.fine("No mapping found for realm " + targetRealm + " of user '"
+                        + sourcePrincipal.getName() + "@" + sourceRealm + "'");
+            }
+            getStatistics().increaseCacheMiss();
+            
+            // Identities object NOT found for key sourceUser@sourceRealm
+            targetPrincipal = this.identityMapper.mapPrincipal(
+                    sourceRealm, sourcePrincipal, targetRealm);
+            identities = new HashMap<String, String>();
+            identities.put(sourceRealm, sourcePrincipal.getName());
+            identities.put(targetRealm, targetPrincipal.getName());
+            this.add(targetPrincipal.getName(), targetRealm, identities);
+            this.add(sourcePrincipal.getName(), sourceRealm, identities);
+        }
+        System.out.println("Cache content: " + this.cache.toString());
+        return targetPrincipal;
+    }
+    
+    
+    
+    private void mergeMap(Map<String, String> to, Map<String, String> from) {
+        for (String key : from.keySet()) {
+            to.put(key, from.get(key));
+        }
+        for (String key : to.keySet()) {
+            from.put(key, to.get(key));
+        }
+    }
+}
+

Added: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCacheStatistics.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCacheStatistics.java?rev=1489157&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCacheStatistics.java
(added)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCacheStatistics.java
Mon Jun  3 20:30:48 2013
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.cache;
+
+import org.springframework.jmx.export.annotation.ManagedAttribute;
+import org.springframework.jmx.export.annotation.ManagedResource;
+
+@ManagedResource()
+public class MemoryIdentityCacheStatistics {
+
+    private long cacheMiss;
+    private long cacheHit;
+    
+    @ManagedAttribute()
+    public synchronized long getCacheMiss() {
+        return cacheMiss;
+    }
+    
+    @ManagedAttribute()
+    public synchronized long getCacheHit() {
+        return cacheHit;
+    }
+    
+    protected synchronized void increaseCacheHit() {
+        cacheHit++;
+    }
+    
+    protected synchronized void increaseCacheMiss() {
+        cacheMiss++;
+    }
+    
+}

Added: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/CacheIdentityMapper.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/CacheIdentityMapper.java?rev=1489157&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/CacheIdentityMapper.java
(added)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/CacheIdentityMapper.java
Mon Jun  3 20:30:48 2013
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.cache;
+
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.cxf.sts.IdentityMapper;
+import org.apache.wss4j.common.principal.CustomTokenPrincipal;
+
+public class CacheIdentityMapper implements IdentityMapper {
+
+    Map<String, Map<String, String>> mappingTable =
+            Collections.synchronizedMap(new HashMap<String, Map<String, String>>());
+        
+    
+    CacheIdentityMapper() {
+        Map<String, String> identities = new HashMap<String, String>();
+        identities.put("REALM_A", "user_aaa");
+        identities.put("REALM_B", "user_bbb");
+        identities.put("REALM_C", "user_ccc");
+        identities.put("REALM_D", "user_ddd");
+        identities.put("REALM_E", "user_eee");
+        mappingTable.put("user_aaa@REALM_A", identities);
+        mappingTable.put("user_bbb@REALM_B", identities);
+        mappingTable.put("user_ccc@REALM_C", identities);
+        mappingTable.put("user_ddd@REALM_D", identities);
+        mappingTable.put("user_eee@REALM_E", identities);
+    }
+    
+    @Override
+    public Principal mapPrincipal(String sourceRealm,
+            Principal sourcePrincipal, String targetRealm) {
+        
+        Map<String, String> identities = mappingTable.get(sourcePrincipal.getName()
+ "@" + sourceRealm);
+        if (identities == null) {
+            return null;
+        }
+        String targetUser = identities.get(targetRealm);
+        if (targetUser == null) {
+            return null;
+        }
+        return new CustomTokenPrincipal(targetUser);
+        
+    }
+
+}

Added: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/MemoryIdentityCacheTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/MemoryIdentityCacheTest.java?rev=1489157&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/MemoryIdentityCacheTest.java
(added)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/MemoryIdentityCacheTest.java
Mon Jun  3 20:30:48 2013
@@ -0,0 +1,129 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.cache;
+
+//import java.security.Principal;
+import org.apache.cxf.sts.IdentityMapper;
+import org.apache.wss4j.common.principal.CustomTokenPrincipal;
+
+import org.junit.BeforeClass;
+
+public class MemoryIdentityCacheTest extends org.junit.Assert {
+  
+    @BeforeClass
+    public static void init() throws Exception {
+        
+    }
+    
+    // tests TokenStore apis for storing in the cache.
+    @org.junit.Test
+    public void testOneMapping() throws Exception {
+        System.out.println("***************");
+        IdentityMapper mapper = new CacheIdentityMapper();
+        MemoryIdentityCache cache = new MemoryIdentityCache(mapper);
+        
+        cache.mapPrincipal("REALM_A", new CustomTokenPrincipal("user_aaa"), "REALM_B");
+        assertEquals(2, cache.size());
+        assertNotNull(cache.get("user_aaa", "REALM_A"));
+        assertNotNull(cache.get("user_bbb", "REALM_B"));
+    }
+    
+    
+    @org.junit.Test
+    public void testTwoDistinctMappings() {
+        System.out.println("***************");
+        IdentityMapper mapper = new CacheIdentityMapper();
+        MemoryIdentityCache cache = new MemoryIdentityCache(mapper);
+        
+        cache.mapPrincipal("REALM_A", new CustomTokenPrincipal("user_aaa"), "REALM_B");
+        cache.mapPrincipal("REALM_C", new CustomTokenPrincipal("user_ccc"), "REALM_D");
+        assertEquals(4, cache.size());
+        assertNotNull(cache.get("user_aaa", "REALM_A"));
+        assertNotNull(cache.get("user_bbb", "REALM_B"));
+        assertNotNull(cache.get("user_ccc", "REALM_C"));
+        assertNotNull(cache.get("user_ddd", "REALM_D"));
+        
+    }
+    
+    @org.junit.Test
+    public void testTwoDistinctAndOneRelatedMapping() {
+        System.out.println("***************");
+        IdentityMapper mapper = new CacheIdentityMapper();
+        MemoryIdentityCache cache = new MemoryIdentityCache(mapper);
+        
+        cache.mapPrincipal("REALM_A", new CustomTokenPrincipal("user_aaa"), "REALM_B");
+        cache.mapPrincipal("REALM_C", new CustomTokenPrincipal("user_ccc"), "REALM_D");
+        cache.mapPrincipal("REALM_A", new CustomTokenPrincipal("user_aaa"), "REALM_D");
+        //now, mapping from A -> D and B -> D are cached as well
+        assertEquals(4, cache.size());
+        assertNotNull(cache.get("user_aaa", "REALM_A"));
+        assertNotNull(cache.get("user_bbb", "REALM_B"));
+        assertNotNull(cache.get("user_ccc", "REALM_C"));
+        assertNotNull(cache.get("user_ddd", "REALM_D"));
+        assertEquals(4, cache.get("user_aaa", "REALM_A").size());
+        assertEquals(4, cache.get("user_bbb", "REALM_B").size());
+        assertEquals(4, cache.get("user_ccc", "REALM_C").size());
+        assertEquals(4, cache.get("user_ddd", "REALM_D").size());
+    }
+    
+    @org.junit.Test
+    public void testTwoDistinctAndTwoRelatedMapping() {
+        System.out.println("***************");
+        IdentityMapper mapper = new CacheIdentityMapper();
+        MemoryIdentityCache cache = new MemoryIdentityCache(mapper);
+        
+        cache.mapPrincipal("REALM_A", new CustomTokenPrincipal("user_aaa"), "REALM_B");
+        cache.mapPrincipal("REALM_D", new CustomTokenPrincipal("user_ddd"), "REALM_E");
+        assertEquals(4, cache.size());
+        //No Mapping occured between A,B and D,E (C not involved at all)
+        assertEquals(2, cache.get("user_aaa", "REALM_A").size());
+        assertEquals(2, cache.get("user_bbb", "REALM_B").size());
+        assertEquals(2, cache.get("user_ddd", "REALM_D").size());
+        assertEquals(2, cache.get("user_eee", "REALM_E").size());
+        
+        cache.mapPrincipal("REALM_B", new CustomTokenPrincipal("user_bbb"), "REALM_C");
+        assertEquals(5, cache.size());
+        assertNotNull(cache.get("user_aaa", "REALM_A"));
+        assertNotNull(cache.get("user_bbb", "REALM_B"));
+        assertNotNull(cache.get("user_ccc", "REALM_C"));
+        assertNotNull(cache.get("user_ddd", "REALM_D"));
+        assertNotNull(cache.get("user_eee", "REALM_E"));
+        assertEquals(3, cache.get("user_aaa", "REALM_A").size());
+        assertEquals(3, cache.get("user_bbb", "REALM_B").size());
+        assertEquals(3, cache.get("user_ccc", "REALM_C").size());
+        //No mapping occurred between A,B,C and D,E -> distinct
+        assertEquals(2, cache.get("user_ddd", "REALM_D").size());
+        assertEquals(2, cache.get("user_eee", "REALM_E").size());
+        
+        cache.mapPrincipal("REALM_C", new CustomTokenPrincipal("user_ccc"), "REALM_E");
+        //All mappings are known now
+        assertEquals(5, cache.size());
+        assertNotNull(cache.get("user_aaa", "REALM_A"));
+        assertNotNull(cache.get("user_bbb", "REALM_B"));
+        assertNotNull(cache.get("user_ccc", "REALM_C"));
+        assertNotNull(cache.get("user_ddd", "REALM_D"));
+        assertNotNull(cache.get("user_eee", "REALM_E"));
+        assertEquals(5, cache.get("user_aaa", "REALM_A").size());
+        assertEquals(5, cache.get("user_bbb", "REALM_B").size());
+        assertEquals(5, cache.get("user_ccc", "REALM_C").size());
+        assertEquals(5, cache.get("user_ddd", "REALM_D").size());
+        assertEquals(5, cache.get("user_eee", "REALM_E").size());
+    }      
+    
+}



Mime
View raw message