cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1498509 - in /cxf/branches/2.7.x-fixes/services/sts/sts-core/src: main/java/org/apache/cxf/sts/cache/EHCacheIdentityCache.java main/resources/ main/resources/sts-ehcache.xml test/java/org/apache/cxf/sts/cache/EhCacheIdentityCacheTest.java
Date Mon, 01 Jul 2013 15:12:44 GMT
Author: coheigea
Date: Mon Jul  1 15:12:44 2013
New Revision: 1498509

URL: http://svn.apache.org/r1498509
Log:
Merged revisions 1498505 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1498505 | coheigea | 2013-07-01 16:08:32 +0100 (Mon, 01 Jul 2013) | 2 lines

  Adding EhCache-based IdentityCache in the STS

........

Added:
    cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/EHCacheIdentityCache.java
    cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/resources/
    cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/resources/sts-ehcache.xml
    cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/EhCacheIdentityCacheTest.java

Added: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/EHCacheIdentityCache.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/EHCacheIdentityCache.java?rev=1498509&view=auto
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/EHCacheIdentityCache.java
(added)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/EHCacheIdentityCache.java
Mon Jul  1 15:12:44 2013
@@ -0,0 +1,257 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.cache;
+
+import java.io.Closeable;
+import java.io.IOException;
+import java.net.URL;
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import net.sf.ehcache.Cache;
+import net.sf.ehcache.CacheManager;
+import net.sf.ehcache.Ehcache;
+import net.sf.ehcache.Element;
+import net.sf.ehcache.config.CacheConfiguration;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.buslifecycle.BusLifeCycleListener;
+import org.apache.cxf.buslifecycle.BusLifeCycleManager;
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.resource.ResourceManager;
+import org.apache.cxf.sts.IdentityMapper;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
+import org.apache.wss4j.common.cache.EHCacheManagerHolder;
+import org.apache.wss4j.common.principal.CustomTokenPrincipal;
+import org.springframework.jmx.export.annotation.ManagedOperation;
+import org.springframework.jmx.export.annotation.ManagedResource;
+
+/**
+ * A EH-Cache based cache to cache identities in different realms where
+ * the relationship is of type FederateIdentity.
+ */
+@ManagedResource()
+public class EHCacheIdentityCache 
+    implements IdentityCache, IdentityMapper, Closeable, BusLifeCycleListener {
+    
+    private static final Logger LOG = LogUtils.getL7dLogger(EHCacheIdentityCache.class);
+    
+    private IdentityMapper identityMapper;
+    private MemoryIdentityCacheStatistics statistics;
+    private Ehcache cache;
+    private Bus bus;
+    private CacheManager cacheManager;
+    
+    
+    public EHCacheIdentityCache(
+        IdentityMapper identityMapper, Bus b
+    ) {
+        this(identityMapper, EHCacheIdentityCache.class.getName(), b, null);
+    }
+    
+    public EHCacheIdentityCache(
+        IdentityMapper identityMapper, String key, Bus b, URL configFileURL
+    ) {
+        this.identityMapper = identityMapper;
+        
+        bus = b;
+        if (bus != null) {
+            b.getExtension(BusLifeCycleManager.class).registerLifeCycleListener(this);
+        }
+
+        if (configFileURL != null) {
+            cacheManager = EHCacheManagerHolder.getCacheManager(configFileURL);
+        } else {
+            cacheManager = EHCacheManagerHolder.getCacheManager(getDefaultConfigFileURL());
+        }
+        CacheConfiguration cc = EHCacheManagerHolder.getCacheConfiguration(key, cacheManager);
+        
+        Ehcache newCache = new Cache(cc);
+        cache = cacheManager.addCacheIfAbsent(newCache);
+    }
+    
+    public MemoryIdentityCacheStatistics getStatistics() {
+        if (statistics == null) {
+            this.statistics = new MemoryIdentityCacheStatistics();
+        }
+        return statistics;
+    }
+
+    public void setStatistics(MemoryIdentityCacheStatistics stats) {
+        this.statistics = stats;
+    }
+
+    @Override
+    public void add(String user, String realm, Map<String, String> identities) {
+        cache.put(new Element(user + "@" + realm, identities));
+    }
+
+    @SuppressWarnings("unchecked")
+    @ManagedOperation()
+    @Override
+    public Map<String, String> get(String user, String realm) {
+        Element element = cache.get(user + "@" + realm);
+        if (element != null && !cache.isExpired(element)) {
+            return (Map<String, String>)element.getObjectValue();
+        }
+        return null;
+    }
+
+    @Override
+    public void remove(String user, String realm) {
+        cache.remove(user + "@" + realm);       
+    }
+    
+    @ManagedOperation()
+    @Override
+    public void clear() {
+        cache.removeAll();
+    }
+    
+    @ManagedOperation()
+    @Override
+    public int size() {
+        return cache.getSize();
+    }
+    
+    @ManagedOperation()
+    public String getContent() {
+        return this.cache.toString();
+    }
+
+    @Override
+    public Principal mapPrincipal(String sourceRealm,
+            Principal sourcePrincipal, String targetRealm) {
+        
+        Principal targetPrincipal = null;
+        Map<String, String> identities = this.get(sourcePrincipal.getName(), sourceRealm);
+        if (identities != null) {
+            if (LOG.isLoggable(Level.FINE)) {
+                LOG.fine("Identities found for '" + sourcePrincipal.getName() + "@" + sourceRealm
+ "'");
+            }
+            // Identities object found for key sourceUser@sourceRealm
+            String targetUser = identities.get(targetRealm);
+            if (targetUser == null) {
+                getStatistics().increaseCacheMiss();
+                if (LOG.isLoggable(Level.FINE)) {
+                    LOG.fine("No mapping found for realm " + targetRealm + " of user '"
+                             + sourcePrincipal.getName() + "@" + sourceRealm + "'");
+                }
+                // User identity of target realm not cached yet
+                targetPrincipal = this.identityMapper.mapPrincipal(
+                        sourceRealm, sourcePrincipal, targetRealm);
+                // Add the identity for target realm to the cached entry 
+                identities.put(targetRealm, targetPrincipal.getName());
+                
+                // Verify whether target user has cached some identities already
+                Map<String, String> cachedItem = this.get(targetPrincipal.getName(),
targetRealm);
+                if (cachedItem != null) {
+                    if (LOG.isLoggable(Level.FINE)) {
+                        LOG.fine("Merging mappings for '" + sourcePrincipal.getName() + "@"
+ sourceRealm + "'");
+                    }
+                    //Identites already cached for targetUser@targetRealm key pair
+                    //Merge into identities object
+                    this.mergeMap(identities, cachedItem);
+                }
+                this.add(targetPrincipal.getName(), targetRealm, identities);
+            } else {
+                getStatistics().increaseCacheHit();
+                if (LOG.isLoggable(Level.INFO)) {
+                    LOG.info("Mapping '" + sourcePrincipal.getName() + "@" + sourceRealm
+ "' to '"
+                             + targetUser + "@" + targetRealm + "' cached");
+                }
+                targetPrincipal = new CustomTokenPrincipal(targetUser);
+            }
+            
+        } else {
+            if (LOG.isLoggable(Level.FINE)) {
+                LOG.fine("No mapping found for realm " + targetRealm + " of user '"
+                        + sourcePrincipal.getName() + "@" + sourceRealm + "'");
+            }
+            getStatistics().increaseCacheMiss();
+            
+            // Identities object NOT found for key sourceUser@sourceRealm
+            targetPrincipal = this.identityMapper.mapPrincipal(
+                    sourceRealm, sourcePrincipal, targetRealm);
+            identities = new HashMap<String, String>();
+            identities.put(sourceRealm, sourcePrincipal.getName());
+            identities.put(targetRealm, targetPrincipal.getName());
+            this.add(targetPrincipal.getName(), targetRealm, identities);
+            this.add(sourcePrincipal.getName(), sourceRealm, identities);
+        }
+        return targetPrincipal;
+    }
+    
+    
+    
+    private void mergeMap(Map<String, String> to, Map<String, String> from) {
+        for (String key : from.keySet()) {
+            to.put(key, from.get(key));
+        }
+        for (String key : to.keySet()) {
+            from.put(key, to.get(key));
+        }
+    }
+    
+    public void close() {
+        if (cacheManager != null) {
+            EHCacheManagerHolder.releaseCacheManger(cacheManager);
+            cacheManager = null;
+            cache = null;
+            if (bus != null) {
+                bus.getExtension(BusLifeCycleManager.class).unregisterLifeCycleListener(this);
+            }
+        }
+    }
+
+    public void initComplete() {
+    }
+
+    public void preShutdown() {
+        close();
+    }
+
+    public void postShutdown() {
+        close();
+    }
+    
+    private URL getDefaultConfigFileURL() {
+        URL url = null;
+        ResourceManager rm = bus.getExtension(ResourceManager.class);
+        url = rm.resolveResource("sts-ehcache.xml", URL.class);
+        try {
+            if (url == null) {
+                url = ClassLoaderUtils.getResource("sts-ehcache.xml", TokenStoreFactory.class);
+            }
+            if (url == null) {
+                url = new URL("sts-ehcache.xml");
+            }
+            return url;
+        } catch (IOException e) {
+            // Do nothing
+        }
+        return null;
+    }
+}
+

Added: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/resources/sts-ehcache.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/resources/sts-ehcache.xml?rev=1498509&view=auto
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/resources/sts-ehcache.xml (added)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/resources/sts-ehcache.xml Mon
Jul  1 15:12:44 2013
@@ -0,0 +1,17 @@
+<ehcache xsi:noNamespaceSchemaLocation="ehcache.xsd" updateCheck="false" monitoring="autodetect"
dynamicConfig="true" name="cxfSTSSecurityCache">
+
+    <diskStore path="java.io.tmpdir"/>
+
+    <cache name="org.apache.cxf.sts.cache.EHCacheIdentityCache"  
+            maxEntriesLocalHeap="5000"
+            eternal="false"
+            timeToIdleSeconds="3600"
+            timeToLiveSeconds="3600"
+            overflowToDisk="true"
+            maxElementsOnDisk="10000000"
+            diskPersistent="false"
+            diskExpiryThreadIntervalSeconds="120"
+            memoryStoreEvictionPolicy="LRU"
+    />
+     
+</ehcache>

Added: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/EhCacheIdentityCacheTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/EhCacheIdentityCacheTest.java?rev=1498509&view=auto
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/EhCacheIdentityCacheTest.java
(added)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/EhCacheIdentityCacheTest.java
Mon Jul  1 15:12:44 2013
@@ -0,0 +1,138 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.cache;
+
+//import java.security.Principal;
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.sts.IdentityMapper;
+import org.apache.wss4j.common.principal.CustomTokenPrincipal;
+
+import org.junit.BeforeClass;
+
+public class EhCacheIdentityCacheTest extends org.junit.Assert {
+  
+    @BeforeClass
+    public static void init() throws Exception {
+        
+    }
+    
+    // tests TokenStore apis for storing in the cache.
+    @org.junit.Test
+    public void testOneMapping() throws Exception {
+        IdentityMapper mapper = new CacheIdentityMapper();
+        Bus bus = BusFactory.getDefaultBus();
+        EHCacheIdentityCache cache = new EHCacheIdentityCache(mapper, bus);
+        
+        cache.mapPrincipal("REALM_A", new CustomTokenPrincipal("user_aaa"), "REALM_B");
+        assertEquals(2, cache.size());
+        assertNotNull(cache.get("user_aaa", "REALM_A"));
+        assertNotNull(cache.get("user_bbb", "REALM_B"));
+        
+        cache.close();
+    }
+    
+    
+    @org.junit.Test
+    public void testTwoDistinctMappings() {
+        IdentityMapper mapper = new CacheIdentityMapper();
+        Bus bus = BusFactory.getDefaultBus();
+        EHCacheIdentityCache cache = new EHCacheIdentityCache(mapper, bus);
+        
+        cache.mapPrincipal("REALM_A", new CustomTokenPrincipal("user_aaa"), "REALM_B");
+        cache.mapPrincipal("REALM_C", new CustomTokenPrincipal("user_ccc"), "REALM_D");
+        assertEquals(4, cache.size());
+        assertNotNull(cache.get("user_aaa", "REALM_A"));
+        assertNotNull(cache.get("user_bbb", "REALM_B"));
+        assertNotNull(cache.get("user_ccc", "REALM_C"));
+        assertNotNull(cache.get("user_ddd", "REALM_D"));
+        
+        cache.close();
+    }
+    
+    @org.junit.Test
+    public void testTwoDistinctAndOneRelatedMapping() {
+        IdentityMapper mapper = new CacheIdentityMapper();
+        Bus bus = BusFactory.getDefaultBus();
+        EHCacheIdentityCache cache = new EHCacheIdentityCache(mapper, bus);
+        
+        cache.mapPrincipal("REALM_A", new CustomTokenPrincipal("user_aaa"), "REALM_B");
+        cache.mapPrincipal("REALM_C", new CustomTokenPrincipal("user_ccc"), "REALM_D");
+        cache.mapPrincipal("REALM_A", new CustomTokenPrincipal("user_aaa"), "REALM_D");
+        //now, mapping from A -> D and B -> D are cached as well
+        assertEquals(4, cache.size());
+        assertNotNull(cache.get("user_aaa", "REALM_A"));
+        assertNotNull(cache.get("user_bbb", "REALM_B"));
+        assertNotNull(cache.get("user_ccc", "REALM_C"));
+        assertNotNull(cache.get("user_ddd", "REALM_D"));
+        assertEquals(4, cache.get("user_aaa", "REALM_A").size());
+        assertEquals(4, cache.get("user_bbb", "REALM_B").size());
+        assertEquals(4, cache.get("user_ccc", "REALM_C").size());
+        assertEquals(4, cache.get("user_ddd", "REALM_D").size());
+        
+        cache.close();
+    }
+    
+    @org.junit.Test
+    public void testTwoDistinctAndTwoRelatedMapping() {
+        IdentityMapper mapper = new CacheIdentityMapper();
+        Bus bus = BusFactory.getDefaultBus();
+        EHCacheIdentityCache cache = new EHCacheIdentityCache(mapper, bus);
+        
+        cache.mapPrincipal("REALM_A", new CustomTokenPrincipal("user_aaa"), "REALM_B");
+        cache.mapPrincipal("REALM_D", new CustomTokenPrincipal("user_ddd"), "REALM_E");
+        assertEquals(4, cache.size());
+        //No Mapping occured between A,B and D,E (C not involved at all)
+        assertEquals(2, cache.get("user_aaa", "REALM_A").size());
+        assertEquals(2, cache.get("user_bbb", "REALM_B").size());
+        assertEquals(2, cache.get("user_ddd", "REALM_D").size());
+        assertEquals(2, cache.get("user_eee", "REALM_E").size());
+        
+        cache.mapPrincipal("REALM_B", new CustomTokenPrincipal("user_bbb"), "REALM_C");
+        assertEquals(5, cache.size());
+        assertNotNull(cache.get("user_aaa", "REALM_A"));
+        assertNotNull(cache.get("user_bbb", "REALM_B"));
+        assertNotNull(cache.get("user_ccc", "REALM_C"));
+        assertNotNull(cache.get("user_ddd", "REALM_D"));
+        assertNotNull(cache.get("user_eee", "REALM_E"));
+        assertEquals(3, cache.get("user_aaa", "REALM_A").size());
+        assertEquals(3, cache.get("user_bbb", "REALM_B").size());
+        assertEquals(3, cache.get("user_ccc", "REALM_C").size());
+        //No mapping occurred between A,B,C and D,E -> distinct
+        assertEquals(2, cache.get("user_ddd", "REALM_D").size());
+        assertEquals(2, cache.get("user_eee", "REALM_E").size());
+        
+        cache.mapPrincipal("REALM_C", new CustomTokenPrincipal("user_ccc"), "REALM_E");
+        //All mappings are known now
+        assertEquals(5, cache.size());
+        assertNotNull(cache.get("user_aaa", "REALM_A"));
+        assertNotNull(cache.get("user_bbb", "REALM_B"));
+        assertNotNull(cache.get("user_ccc", "REALM_C"));
+        assertNotNull(cache.get("user_ddd", "REALM_D"));
+        assertNotNull(cache.get("user_eee", "REALM_E"));
+        assertEquals(5, cache.get("user_aaa", "REALM_A").size());
+        assertEquals(5, cache.get("user_bbb", "REALM_B").size());
+        assertEquals(5, cache.get("user_ccc", "REALM_C").size());
+        assertEquals(5, cache.get("user_ddd", "REALM_D").size());
+        assertEquals(5, cache.get("user_eee", "REALM_E").size());
+        
+        cache.close();
+    }      
+    
+}



Mime
View raw message