cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-6827] Simple caching support for OAuthRequestFilter
Date Mon, 14 Mar 2016 14:15:28 GMT
Repository: cxf
Updated Branches:
  refs/heads/master c89736f2e -> 9b0e6b8cb


[CXF-6827] Simple caching support for OAuthRequestFilter


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9b0e6b8c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9b0e6b8c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9b0e6b8c

Branch: refs/heads/master
Commit: 9b0e6b8cb41df79a13f19649ffad40a28dddb961
Parents: c89736f
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Mon Mar 14 14:15:11 2016 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Mon Mar 14 14:15:11 2016 +0000

----------------------------------------------------------------------
 .../services/AbstractAccessTokenValidator.java  | 70 +++++++++++++-------
 1 file changed, 46 insertions(+), 24 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/9b0e6b8c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
index df45580..bf59895 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
@@ -22,6 +22,7 @@ import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
 
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MultivaluedMap;
@@ -51,6 +52,10 @@ public abstract class AbstractAccessTokenValidator {
     private List<AccessTokenValidator> tokenHandlers = Collections.emptyList();
     private OAuthDataProvider dataProvider;
     
+    private int maxValidationDataCacheSize;
+    private ConcurrentHashMap<String, AccessTokenValidation> accessTokenValidations
=
+        new ConcurrentHashMap<String, AccessTokenValidation>();
+    
     public void setTokenValidator(AccessTokenValidator validator) {
         setTokenValidators(Collections.singletonList(validator));
     }
@@ -96,32 +101,37 @@ public abstract class AbstractAccessTokenValidator {
             throw ExceptionUtils.toInternalServerErrorException(null, null);
         }
         
-        // Get the registered handler capable of processing the token
-        AccessTokenValidator handler = findTokenValidator(authScheme);
-        if (handler != null) {
-            try {
-                // Convert the HTTP Authorization scheme data into a token
-                accessTokenV = handler.validateAccessToken(getMessageContext(), authScheme,
authSchemeData, 
-                                                           extraProps);
-            } catch (OAuthServiceException ex) {
-                AuthorizationUtils.throwAuthorizationFailure(Collections.singleton(authScheme),
realm);
-            } catch (RuntimeException ex) {
-                AuthorizationUtils.throwAuthorizationFailure(Collections.singleton(authScheme),
realm);
-            }
-        }
-        // Default processing if no registered providers available
+        if (maxValidationDataCacheSize > 0) {
+            accessTokenV = accessTokenValidations.get(authSchemeData);
+        } 
         ServerAccessToken localAccessToken = null;
-        if (accessTokenV == null && dataProvider != null && authScheme.equals(DEFAULT_AUTH_SCHEME))
{
-            try {
-                localAccessToken = dataProvider.getAccessToken(authSchemeData);
-            } catch (OAuthServiceException ex) {
-                // to be handled next
+        if (accessTokenV == null) {
+            // Get the registered handler capable of processing the token
+            AccessTokenValidator handler = findTokenValidator(authScheme);
+            if (handler != null) {
+                try {
+                    // Convert the HTTP Authorization scheme data into a token
+                    accessTokenV = handler.validateAccessToken(getMessageContext(), authScheme,
authSchemeData, 
+                                                               extraProps);
+                } catch (OAuthServiceException ex) {
+                    AuthorizationUtils.throwAuthorizationFailure(Collections.singleton(authScheme),
realm);
+                } catch (RuntimeException ex) {
+                    AuthorizationUtils.throwAuthorizationFailure(Collections.singleton(authScheme),
realm);
+                }
             }
-            if (localAccessToken == null) {
-                AuthorizationUtils.throwAuthorizationFailure(
-                    Collections.singleton(authScheme), realm);
+            // Default processing if no registered providers available
+            if (accessTokenV == null && dataProvider != null && authScheme.equals(DEFAULT_AUTH_SCHEME))
{
+                try {
+                    localAccessToken = dataProvider.getAccessToken(authSchemeData);
+                } catch (OAuthServiceException ex) {
+                    // to be handled next
+                }
+                if (localAccessToken == null) {
+                    AuthorizationUtils.throwAuthorizationFailure(
+                        Collections.singleton(authScheme), realm);
+                }
+                accessTokenV = new AccessTokenValidation(localAccessToken);
             }
-            accessTokenV = new AccessTokenValidation(localAccessToken);
         }
         if (accessTokenV == null) {
             AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
@@ -130,10 +140,18 @@ public abstract class AbstractAccessTokenValidator {
         if (OAuthUtils.isExpired(accessTokenV.getTokenIssuedAt(), accessTokenV.getTokenLifetime()))
{
             if (localAccessToken != null) {
                 removeAccessToken(localAccessToken);
+            } else if (maxValidationDataCacheSize > 0) {
+                accessTokenValidations.remove(authSchemeData);
             }
             AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
         }
-        
+        if (maxValidationDataCacheSize > 0) {
+            if (accessTokenValidations.size() >= maxValidationDataCacheSize) {
+                // or delete the ones expiring sooner than others, etc
+                accessTokenValidations.clear();
+            }
+            accessTokenValidations.put(authSchemeData, accessTokenV);
+        }
         return accessTokenV;
     }
 
@@ -147,5 +165,9 @@ public abstract class AbstractAccessTokenValidator {
         this.realm = realm;
     }
 
+    public void setMaxValidationDataCacheSize(int maxValidationDataCacheSize) {
+        this.maxValidationDataCacheSize = maxValidationDataCacheSize;
+    }
+
     
 }


Mime
View raw message