directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kayyag...@apache.org
Subject svn commit: r1042145 - in /directory/apacheds/branches/apacheds-kerberos-codec-2.0: core-api/src/main/resources/ kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/replay/ kerberos-shared/src/test/java/org/apache/directory/server...
Date Sat, 04 Dec 2010 11:21:18 GMT
Author: kayyagari
Date: Sat Dec  4 11:21:18 2010
New Revision: 1042145

URL: http://svn.apache.org/viewvc?rev=1042145&view=rev
Log:
o used ehcache as store for replay cache implementation and renamed InMemoryReplayCache to
ReplayCacheImpl
o moved the instantiation of replay cache to KDC and ChangePassword server classes
o removed the static replay cache instances from ChangePasswordService and TicketGrantingService
o added cache configuration to the irectory-cacheservice.xml
o removed set/get methods for replay cache from TicketGrantingContext and ChangePasswordContext


Added:
    directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/replay/ReplayCacheImpl.java
      - copied, changed from r1042117, directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/replay/InMemoryReplayCache.java
Removed:
    directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/replay/InMemoryReplayCache.java
Modified:
    directory/apacheds/branches/apacheds-kerberos-codec-2.0/core-api/src/main/resources/directory-cacheservice.xml
    directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/replay/ReplayCache.java
    directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/replay/InMemoryReplayCacheTest.java
    directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/ChangePasswordServer.java
    directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordContext.java
    directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordService.java
    directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java
    directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java
    directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java
    directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java
    directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingService.java

Modified: directory/apacheds/branches/apacheds-kerberos-codec-2.0/core-api/src/main/resources/directory-cacheservice.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/core-api/src/main/resources/directory-cacheservice.xml?rev=1042145&r1=1042144&r2=1042145&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/core-api/src/main/resources/directory-cacheservice.xml
(original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/core-api/src/main/resources/directory-cacheservice.xml
Sat Dec  4 11:21:18 2010
@@ -93,7 +93,6 @@
 		on disk is needed to swap the data if it is too much to hold in memory -->
 	<cache name="groupCache" 
 	       maxElementsInMemory="10000"
-		   maxElementsOnDisk="1000"
 		   eternal="false" 
 		   overflowToDisk="true"
 		   diskSpoolBufferSizeMB="20"
@@ -104,7 +103,6 @@
     
     <cache name="dnCache" 
 	       maxElementsInMemory="10000"
-		   maxElementsOnDisk="1000"
 		   eternal="false" 
 		   overflowToDisk="false"
 		   diskSpoolBufferSizeMB="20"
@@ -112,5 +110,38 @@
 		   timeToLiveSeconds="600"
 		   memoryStoreEvictionPolicy="LFU" 
 		   diskPersistent="false" />
+
+   <!-- Kerberos replay cache
+      NOTE1: keep the maxElementsInMemory as low as possible to avoid wasting memory
+      Cause the elements present in the cache won't be removed dynamically even after their
TTL
+      expires. For a good explanation see http://forums.terracotta.org/forums/posts/list/4126.page
+      
+      NOTE2: We don't use the standard eviction policies like LFU or LRU rather we use a
custom eviction
+             policy based on the value of clockskew setting. The default value of clokcskew
is 5 minutes,
+             which is also set for the TTL and TTI values of cache config
+             
+      So what we do here is enable the overflowToDisk flag and then let the disk store be
cleaned
+      periodically based on diskExpiryThreadIntervalSeconds
+   -->
+    <cache name="kdcReplayCache" 
+	       maxElementsInMemory="100"
+		   eternal="false" 
+		   overflowToDisk="true"
+		   diskSpoolBufferSizeMB="20"
+		   diskExpiryThreadIntervalSeconds="300"
+		   timeToLiveSeconds="300"
+		   timeToIdleSeconds="300"
+		   diskPersistent="false" />
+
+   <!-- ChangePassword replay cache, this has the same settings as the Kerberos replay
cache -->
+    <cache name="changePwdReplayCache" 
+	       maxElementsInMemory="100"
+		   eternal="false" 
+		   overflowToDisk="true"
+		   diskSpoolBufferSizeMB="20"
+		   diskExpiryThreadIntervalSeconds="300"
+		   timeToLiveSeconds="300"
+		   timeToIdleSeconds="300"
+		   diskPersistent="false" />
 		   
 </ehcache>
\ No newline at end of file

Modified: directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/replay/ReplayCache.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/replay/ReplayCache.java?rev=1042145&r1=1042144&r2=1042145&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/replay/ReplayCache.java
(original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/replay/ReplayCache.java
Sat Dec  4 11:21:18 2010
@@ -59,4 +59,9 @@ public interface ReplayCache
      */
     void save( KerberosPrincipal serverPrincipal, KerberosPrincipal clientPrincipal, KerberosTime
clientTime,
         int clientMicroSeconds );
+    
+    /**
+     * removes all the elements present in the cache
+     */
+    void clear();
 }

Copied: directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/replay/ReplayCacheImpl.java
(from r1042117, directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/replay/InMemoryReplayCache.java)
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/replay/ReplayCacheImpl.java?p2=directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/replay/ReplayCacheImpl.java&p1=directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/replay/InMemoryReplayCache.java&r1=1042117&r2=1042145&rev=1042145&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/replay/InMemoryReplayCache.java
(original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/replay/ReplayCacheImpl.java
Sat Dec  4 11:21:18 2010
@@ -20,16 +20,17 @@
 package org.apache.directory.server.kerberos.shared.replay;
 
 
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
+import java.io.Serializable;
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import net.sf.ehcache.Cache;
+import net.sf.ehcache.Element;
+import net.sf.ehcache.store.AbstractPolicy;
+
 import org.apache.directory.shared.kerberos.KerberosTime;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 
 /**
@@ -37,20 +38,17 @@ import org.apache.directory.shared.kerbe
  * time, and microsecond fields from the recently-seen authenticators, and if a
  * matching tuple is found, the KRB_AP_ERR_REPEAT error is returned."
  * 
- * We will store the entries using an HashMap which key will be the client
- * principal, and we will store a list of entries for each client principal.
- * 
- * A thread will run every N seconds to clean the cache from entries out of the 
- * clockSkew.
+ * We will store the entries in Ehacache instance
  * 
- * TODO: check if we really want an active thread for each cache instance (DIRKRB-80).
- *    
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
-public class InMemoryReplayCache extends Thread implements ReplayCache
+public class ReplayCacheImpl implements ReplayCache
 {
-    /** Stores the entries in memory */
-    private Map<KerberosPrincipal, List<ReplayCacheEntry>> cache = new HashMap<KerberosPrincipal,
List<ReplayCacheEntry>>();
+    
+    private static final Logger LOG = LoggerFactory.getLogger( ReplayCacheImpl.class );
+    
+    /** ehcache based storage to store the entries */
+    private Cache cache;
 
     /** default clock skew */
     private static final long DEFAULT_CLOCK_SKEW = 5 * KerberosTime.MINUTE;
@@ -58,17 +56,13 @@ public class InMemoryReplayCache extends
     /** The clock skew */
     private long clockSkew = DEFAULT_CLOCK_SKEW;
 
-    /** The default delay between each run of the cleaning process : 5 s */
-    private static long DEFAULT_DELAY = 5 * 1000;  
-
-    /** The delay to wait between each cache cleaning */
-    private long delay;
-
     /**
      * A structure to hold an entry
      */
-    public class ReplayCacheEntry
+    public class ReplayCacheEntry implements Serializable
     {
+        private static final long serialVersionUID = 1L;
+
         private KerberosPrincipal serverPrincipal;
         private KerberosPrincipal clientPrincipal;
         private KerberosTime clientTime;
@@ -118,71 +112,85 @@ public class InMemoryReplayCache extends
         {
             return !clientTime.isInClockSkew( clockSkew );
         }
+
+
+        /**
+         * @return create a key to be used while storing in the cache
+         */
+        private String createKey()
+        {
+            StringBuilder sb = new StringBuilder();
+            sb.append( ( clientPrincipal == null ) ? "null" : clientPrincipal.getName() );
+            sb.append( '#' );
+            sb.append( ( serverPrincipal == null ) ? "null" : serverPrincipal.getName() );
+            sb.append( '#' );
+            sb.append( ( clientTime == null ) ? "null" : clientTime.getDate() );
+            sb.append( '#' );
+            sb.append( clientMicroSeconds );
+
+            return sb.toString();
+        }
     }
 
-    
     /**
-     * Creates a new instance of InMemoryReplayCache. Sets the
-     * delay between each cleaning run to 5 seconds.
+     * an expiration policy based on the clockskew
      */
-    public InMemoryReplayCache()
+    private class ClockskewExpirationPolicy extends AbstractPolicy
     {
-        cache = new HashMap<KerberosPrincipal, List<ReplayCacheEntry>>();
-        delay = DEFAULT_DELAY;
-        this.start();
+
+        /**
+         * {@inheritDoc}
+         */
+        public String getName()
+        {
+            System.out.println( "getName" );
+            return "CLOCK-SKEW";
+        }
+
+
+        /**
+         * {@inheritDoc}
+         */
+        public boolean compare( Element element1, Element element2 )
+        {
+            ReplayCacheEntry entry = ( ReplayCacheEntry ) element2.getValue();
+
+            if ( entry.isOutsideClockSkew( clockSkew ) )
+            {
+                return true;
+            }
+
+            return false;
+        }
     }
-    
-    
+
+
     /**
      * Creates a new instance of InMemoryReplayCache. Sets the
-     * delay between each cleaning run to 5 seconds. Sets the
-     * clockSkew to the given value
-     * 
-     * @param clockSkew the allowed skew (milliseconds)
+     * delay between each cleaning run to 5 seconds.
      */
-    public InMemoryReplayCache( long clockSkew )
+    public ReplayCacheImpl( Cache cache )
     {
-        cache = new HashMap<KerberosPrincipal, List<ReplayCacheEntry>>();
-        delay = DEFAULT_DELAY;
-        this.clockSkew = clockSkew;
-        this.start();
+        this.cache = cache;
+        this.cache.setMemoryStoreEvictionPolicy( new ClockskewExpirationPolicy() );
     }
-    
-    
+
+
     /**
      * Creates a new instance of InMemoryReplayCache. Sets the
-     * clockSkew to the given value, and set the cleaning thread 
-     * kick off delay
+     * delay between each cleaning run to 5 seconds. Sets the
+     * clockSkew to the given value
      * 
      * @param clockSkew the allowed skew (milliseconds)
-     * @param delay the interval between each run of the cache 
-     * cleaning thread (milliseconds)
      */
-    public InMemoryReplayCache( long clockSkew, int delay  )
+    public ReplayCacheImpl( Cache cache, long clockSkew )
     {
-        cache = new HashMap<KerberosPrincipal, List<ReplayCacheEntry>>();
-        this.delay = (long)delay;
+        this.cache = cache;
         this.clockSkew = clockSkew;
-        this.start();
+        this.cache.setMemoryStoreEvictionPolicy( new ClockskewExpirationPolicy() );
     }
-    
-    
-    /**
-     * Creates a new instance of InMemoryReplayCache. Sets the
-     * delay between each cleaning run to 5 seconds. Sets the 
-     * cleaning thread kick off delay
-     * 
-     * @param delay the interval between each run of the cache 
-     * cleaning thread (milliseconds).
-     */
-    public InMemoryReplayCache( int delay )
-    {
-        cache = new HashMap<KerberosPrincipal, List<ReplayCacheEntry>>();
-        this.delay = (long)delay;
-        this.clockSkew = DEFAULT_CLOCK_SKEW;
-    }
-    
-    
+
+
     /**
      * Sets the clock skew.
      *
@@ -193,16 +201,6 @@ public class InMemoryReplayCache extends
         this.clockSkew = clockSkew;
     }
 
-    
-    /**
-     * Set the delay between each cleaning thread run.
-     *
-     * @param delay delay in milliseconds
-     */
-    public void setDelay( long delay )
-    {
-        this.delay = delay;
-    }
 
     /**
      * Check if an entry is a replay or not.
@@ -210,21 +208,23 @@ public class InMemoryReplayCache extends
     public synchronized boolean isReplay( KerberosPrincipal serverPrincipal, KerberosPrincipal
clientPrincipal,
         KerberosTime clientTime, int clientMicroSeconds )
     {
-        List<ReplayCacheEntry> entries = cache.get( clientPrincipal );
-        
-        if ( ( entries == null ) || ( entries.size() == 0 ) )
+
+        ReplayCacheEntry entry = new ReplayCacheEntry( serverPrincipal, clientPrincipal,
clientTime, clientMicroSeconds );
+
+        Element element = cache.get( entry.createKey() );
+
+        if ( element == null )
         {
             return false;
         }
-        
-        for ( ReplayCacheEntry entry:entries )
+
+        entry = ( ReplayCacheEntry ) element.getValue();
+
+        if ( serverPrincipal.equals( entry.serverPrincipal ) &&
+            clientTime.equals( entry.clientTime ) &&
+            ( clientMicroSeconds == entry.clientMicroSeconds ) )
         {
-            if ( serverPrincipal.equals( entry.serverPrincipal ) && 
-                 clientTime.equals( entry.clientTime ) && 
-                 (clientMicroSeconds == entry.clientMicroSeconds ) )
-            {
-                return true;
-            }
+            return true;
         }
 
         return false;
@@ -238,80 +238,19 @@ public class InMemoryReplayCache extends
     public synchronized void save( KerberosPrincipal serverPrincipal, KerberosPrincipal clientPrincipal,
         KerberosTime clientTime, int clientMicroSeconds )
     {
-        List<ReplayCacheEntry> entries = cache.get( clientPrincipal );
-        
-        if ( entries == null )
-        {
-            entries = new ArrayList<ReplayCacheEntry>();
-        }
-        
-        entries.add( new ReplayCacheEntry( serverPrincipal, clientPrincipal, clientTime,
clientMicroSeconds ) );
-        
-        cache.put( clientPrincipal, entries );
-    }
+        ReplayCacheEntry entry = new ReplayCacheEntry( serverPrincipal, clientPrincipal,
clientTime, clientMicroSeconds );
 
-    
-    public Map<KerberosPrincipal, List<ReplayCacheEntry>> getCache()
-    {
-        return cache;
-    }
-    
-    /**
-     * A method to remove all the expired entries from the cache.
-     */
-    synchronized void cleanCache()
-    {
-        Collection<List<ReplayCacheEntry>> entryList = cache.values();
-        
-        if ( ( entryList == null ) || ( entryList.size() == 0 ) )
-        {
-            return;
-        }
-        
-        for ( List<ReplayCacheEntry> entries:entryList )
-        {
-            if ( ( entries == null ) || ( entries.size() == 0 ) )
-            {
-                continue;
-            }
-            
-            Iterator<ReplayCacheEntry> iterator = entries.iterator();
-            
-            while ( iterator.hasNext() )
-            {
-                ReplayCacheEntry entry = iterator.next();
-                
-                if ( entry.isOutsideClockSkew( clockSkew ) )
-                {
-                    iterator.remove();
-                }
-                else
-                {
-                    break;
-                }
-            }
-        }
+        Element element = new Element( entry.createKey(), entry );
+        cache.put( element );
     }
     
     
-    /** 
-     * The cleaning thread. It runs every N seconds.
+    /**
+     * {@inheritDoc}
      */
-    public void run()
+    public void clear()
     {
-        while ( true )
-        {
-            try
-            {
-                Thread.sleep( delay );
-                
-                cleanCache();
-            }
-            catch ( InterruptedException ie )
-            {
-                cache.clear();
-                return;
-            }
-        }
+        LOG.debug( "removing all the elements from cache" );
+        cache.removeAll();
     }
 }

Modified: directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/replay/InMemoryReplayCacheTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/replay/InMemoryReplayCacheTest.java?rev=1042145&r1=1042144&r2=1042145&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/replay/InMemoryReplayCacheTest.java
(original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/replay/InMemoryReplayCacheTest.java
Sat Dec  4 11:21:18 2010
@@ -19,27 +19,27 @@
  */
 package org.apache.directory.server.kerberos.shared.replay;
 
+
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.assertNull;
 
-import java.util.Collection;
-import java.util.Iterator;
 import java.util.List;
-import java.util.Map;
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import net.sf.ehcache.Cache;
+import net.sf.ehcache.CacheManager;
+
 import org.apache.directory.junit.tools.Concurrent;
 import org.apache.directory.junit.tools.ConcurrentJunitRunner;
 import org.apache.directory.junit.tools.MultiThreadedMultiInvoker;
-import org.apache.directory.server.kerberos.shared.replay.InMemoryReplayCache.ReplayCacheEntry;
 import org.apache.directory.shared.kerberos.KerberosTime;
 import org.apache.directory.shared.kerberos.codec.types.PrincipalNameType;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
+
 /**
  * Test the InMemory replay cache
  * 
@@ -52,96 +52,58 @@ public class InMemoryReplayCacheTest
     @Rule
     public MultiThreadedMultiInvoker i = new MultiThreadedMultiInvoker( MultiThreadedMultiInvoker.THREADSAFE
);
 
+
     /**
      * Test that the cache is working well. We will create a new entry
-     * every 20 ms, with 10 different serverPrincipals.
+     * every 500 ms, with 4 different serverPrincipals.
      * 
-     * After this period of time, we should only have 25 entries in the cache
+     * After this period of time, we should only have 2 entries in the cache
      */
     @Test
     public void testCacheSetting() throws Exception
     {
-        int delay = 500;
-        long clockSkew = 100;
-        
-        // Set a delay of 500 ms and a clock skew of 100 ms
-        InMemoryReplayCache cache = new InMemoryReplayCache( clockSkew, delay );
-        
-        // Loop for 2 seconds, then check that the cache is clean
+        long clockSkew = 1000; // 1 sec
+
+        CacheManager cacheManager = new CacheManager( InMemoryReplayCacheTest.class.getClassLoader().getResource(
+            "directory-cacheservice.xml" ) );
+
+        Cache ehCache = cacheManager.getCache( "kdcReplayCache" );
+        ehCache.getCacheConfiguration().setMaxElementsInMemory( 2 );
+        ehCache.getCacheConfiguration().setTimeToLiveSeconds( 1 );
+        ehCache.getCacheConfiguration().setTimeToIdleSeconds( 1 );
+        ehCache.getCacheConfiguration().setDiskExpiryThreadIntervalSeconds( 1 );
+
+        ReplayCacheImpl cache = new ReplayCacheImpl( ehCache, clockSkew );
+
         int i = 0;
-        int nbClient = 20;
-        int nbServer = 10;
-        
-        // Inject 100 entries, one every 20 ms
-        while ( i < 100 )
+
+        // Inject 4 entries one every second 
+        while ( i < 4 )
         {
-            KerberosPrincipal serverPrincipal = new KerberosPrincipal( "server" + i%nbServer
+ "@APACHE.ORG", PrincipalNameType.KRB_NT_PRINCIPAL.getValue() );
-            KerberosPrincipal clientPrincipal = new KerberosPrincipal( "client" + i%nbClient
+ "@APACHE.ORG", PrincipalNameType.KRB_NT_PRINCIPAL.getValue() );
-            
+            KerberosPrincipal serverPrincipal = new KerberosPrincipal( "server" + i + "@APACHE.ORG",
+                PrincipalNameType.KRB_NT_PRINCIPAL.getValue() );
+            KerberosPrincipal clientPrincipal = new KerberosPrincipal( "client" + i + "@APACHE.ORG",
+                PrincipalNameType.KRB_NT_PRINCIPAL.getValue() );
+
             cache.save( serverPrincipal, clientPrincipal, new KerberosTime( System.currentTimeMillis()
), 0 );
-            
-            Thread.sleep( 20 );
+
             i++;
         }
-        
-        Map<KerberosPrincipal, List<ReplayCacheEntry>> map = cache.getCache();
 
-        // We should have 20 List of entries, as we have injected 20 different
-        // clientPrincipals
-        assertEquals( nbClient, map.size() );
-        
-        int nbEntries = 0;
-        
-        // Loop into the cache to see how many entries we have
-        Collection<List<ReplayCacheEntry>> entryList = map.values();
-        
-        for ( List<ReplayCacheEntry> entries:entryList )
-        {
-            if ( ( entries == null ) || ( entries.size() == 0 ) )
-            {
-                continue;
-            }
-            
-            Iterator<ReplayCacheEntry> iterator = entries.iterator();
-            
-            while ( iterator.hasNext() )
-            {
-                iterator.next();
-                nbEntries ++;
-            }
-        }
+        List keys = ehCache.getKeys();
+
+        // We should have 4 entries
+        assertEquals( 4, keys.size() );
 
-        // We should have some
-        assertNotNull( nbEntries );
-        assertTrue(nbEntries > 0);
-        
-        // Wait another delay, so that the cleaning thread will be kicked off
-        Thread.sleep( delay + 50 );
-        // It's not guaranteed that the thread run, so invoke the method manually
-        cache.cleanCache();
-        
-        nbEntries = 0;
-        
-        for ( List<ReplayCacheEntry> entries:entryList )
+        // Wait till the timetolive time exceeds 
+        Thread.sleep( 1000 );
+
+        // then access the cache so that the objects present in the cache will be expired
+        for ( Object k : keys )
         {
-            if ( ( entries == null ) || ( entries.size() == 0 ) )
-            {
-                continue;
-            }
-            
-            Iterator<ReplayCacheEntry> iterator = entries.iterator();
-            
-            while ( iterator.hasNext() )
-            {
-                iterator.next();
-                nbEntries ++;
-            }
+            assertNull( ehCache.get( k ) );
         }
 
-        // We should not have anymore entry in the cache
-        assertEquals( 0, nbEntries );
-
-        // Stop background thread
-        cache.interrupt();
+        assertEquals( 0, ehCache.getKeys().size() );
     }
 }

Modified: directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/ChangePasswordServer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/ChangePasswordServer.java?rev=1042145&r1=1042144&r2=1042145&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/ChangePasswordServer.java
(original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/ChangePasswordServer.java
Sat Dec  4 11:21:18 2010
@@ -26,8 +26,12 @@ import java.util.List;
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import net.sf.ehcache.Cache;
+
 import org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler;
 import org.apache.directory.server.constants.ServerDNConstants;
+import org.apache.directory.server.kerberos.shared.replay.ReplayCacheImpl;
+import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
 import org.apache.directory.server.kerberos.shared.store.DirectoryPrincipalStore;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
 import org.apache.directory.server.protocol.shared.DirectoryBackedService;
@@ -114,6 +118,8 @@ public class ChangePasswordServer extend
     /** The policy for token size. */
     private int policyTokenSize;
 
+    /** the cache used for storing change password requests */
+    private ReplayCache replayCache;
 
     /**
      * Creates a new instance of ChangePasswordConfiguration.
@@ -268,6 +274,11 @@ public class ChangePasswordServer extend
     {
         PrincipalStore store = new DirectoryPrincipalStore( getDirectoryService(), new DN(this.getSearchBaseDn())
 );
         
+        LOG.debug( "initializing the changepassword replay cache" );
+
+        Cache cache = getDirectoryService().getCacheService().getCache( "changePwdReplayCache"
);
+        replayCache = new ReplayCacheImpl( cache );
+
         if ( ( transports == null ) || ( transports.size() == 0 ) )
         {
             // Default to UDP with port 464
@@ -334,6 +345,8 @@ public class ChangePasswordServer extend
             }
         }
 
+        replayCache.clear();
+        
         LOG.info( "ChangePassword service stopped." );
         //System.out.println( "ChangePassword service stopped." );
     }
@@ -393,6 +406,15 @@ public class ChangePasswordServer extend
     
     
     /**
+     * @return the replayCache
+     */
+    public ReplayCache getReplayCache()
+    {
+        return replayCache;
+    }
+
+
+    /**
      * @see Object#toString()
      */
     public String toString()

Modified: directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordContext.java?rev=1042145&r1=1042144&r2=1042145&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordContext.java
(original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordContext.java
Sat Dec  4 11:21:18 2010
@@ -50,30 +50,11 @@ public class ChangePasswordContext
     private Ticket ticket;
     private Authenticator authenticator;
     private PrincipalStoreEntry serverEntry;
-    private ReplayCache replayCache;
     private CipherTextHandler cipherTextHandler;
     private String password;
 
 
     /**
-     * @return Returns the replayCache.
-     */
-    public ReplayCache getReplayCache()
-    {
-        return replayCache;
-    }
-
-
-    /**
-     * @param replayCache The replayCache to set.
-     */
-    public void setReplayCache( ReplayCache replayCache )
-    {
-        this.replayCache = replayCache;
-    }
-
-
-    /**
      * @return Returns the serverEntry.
      */
     public PrincipalStoreEntry getServerEntry()

Modified: directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordService.java?rev=1042145&r1=1042144&r2=1042145&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordService.java
(original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordService.java
Sat Dec  4 11:21:18 2010
@@ -43,7 +43,6 @@ import org.apache.directory.server.kerbe
 import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
 import org.apache.directory.server.kerberos.shared.messages.application.ApplicationReply;
 import org.apache.directory.server.kerberos.shared.messages.application.PrivateMessage;
-import org.apache.directory.server.kerberos.shared.replay.InMemoryReplayCache;
 import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
@@ -66,11 +65,8 @@ public class ChangePasswordService
     /** the logger for this class */
     private static final Logger LOG = LoggerFactory.getLogger( ChangePasswordService.class
);
 
-    private static final ReplayCache replayCache = new InMemoryReplayCache();
-    
     private static final CipherTextHandler cipherTextHandler = new CipherTextHandler();
 
-    
     public static void execute( IoSession session, ChangePasswordContext changepwContext
) throws KerberosException, IOException
     {
         if ( LOG.isDebugEnabled() )
@@ -152,7 +148,6 @@ public class ChangePasswordService
     
     private static void configureChangePassword( ChangePasswordContext changepwContext )
     {
-        changepwContext.setReplayCache( replayCache );
         changepwContext.setCipherTextHandler( cipherTextHandler );
     }
     
@@ -212,7 +207,7 @@ public class ChangePasswordService
         EncryptionKey serverKey = changepwContext.getServerEntry().getKeyMap().get( encryptionType
);
 
         long clockSkew = changepwContext.getConfig().getAllowableClockSkew();
-        ReplayCache replayCache = changepwContext.getReplayCache();
+        ReplayCache replayCache = changepwContext.getConfig().getReplayCache();
         boolean emptyAddressesAllowed = changepwContext.getConfig().isEmptyAddressesAllowed();
         InetAddress clientAddress = changepwContext.getClientAddress();
         CipherTextHandler cipherTextHandler = changepwContext.getCipherTextHandler();
@@ -294,7 +289,7 @@ public class ChangePasswordService
             PrincipalStore store = changepwContext.getStore();
             ApplicationRequest authHeader = changepwContext.getAuthHeader();
             Ticket ticket = changepwContext.getTicket();
-            ReplayCache replayCache = changepwContext.getReplayCache();
+            ReplayCache replayCache = changepwContext.getConfig().getReplayCache();
             long clockSkew = changepwContext.getConfig().getAllowableClockSkew();
 
             Authenticator authenticator = changepwContext.getAuthenticator();

Modified: directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java?rev=1042145&r1=1042144&r2=1042145&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java
(original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java
Sat Dec  4 11:21:18 2010
@@ -26,9 +26,13 @@ import java.util.Set;
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import net.sf.ehcache.Cache;
+
 import org.apache.directory.server.constants.ServerDNConstants;
 import org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler;
 import org.apache.directory.server.kerberos.protocol.KerberosUdpProtocolCodecFactory;
+import org.apache.directory.server.kerberos.shared.replay.ReplayCacheImpl;
+import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
 import org.apache.directory.server.kerberos.shared.store.DirectoryPrincipalStore;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
 import org.apache.directory.server.protocol.shared.DirectoryBackedService;
@@ -149,6 +153,8 @@ public class KdcServer extends Directory
     /** Whether to verify the body checksum. */
     private boolean isBodyChecksumVerified = DEFAULT_VERIFY_BODY_CHECKSUM;
 
+    /** the cache used for storing AS and TGS requests */
+    private ReplayCache replayCache;
 
     /**
      * Creates a new instance of KdcConfiguration.
@@ -429,6 +435,15 @@ public class KdcServer extends Directory
 
 
     /**
+     * @return the replayCache
+     */
+    public ReplayCache getReplayCache()
+    {
+        return replayCache;
+    }
+
+
+    /**
      * @throws IOException if we cannot bind to the sockets
      */
     public void start() throws IOException, LdapInvalidDnException
@@ -438,6 +453,11 @@ public class KdcServer extends Directory
         // TODO - for now ignoring this catalog crap
         store = new DirectoryPrincipalStore( getDirectoryService(), new DN(this.getSearchBaseDn())
 );
         
+        LOG.debug( "initializing the kerberos replay cache" );
+
+        Cache cache = getDirectoryService().getCacheService().getCache( "kdcReplayCache"
);
+        replayCache = new ReplayCacheImpl( cache, allowableClockSkew );
+        
         if ( ( transports == null ) || ( transports.size() == 0 ) )
         {
             // Default to UDP with port 88
@@ -517,6 +537,8 @@ public class KdcServer extends Directory
             }
         }
         
+        replayCache.clear();
+        
         LOG.info( "Kerberos service stopped." );
     }
 

Modified: directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java?rev=1042145&r1=1042144&r2=1042145&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java
(original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java
Sat Dec  4 11:21:18 2010
@@ -102,24 +102,6 @@ public class AuthenticationContext exten
 
 
     /**
-     * @return Returns the replayCache.
-     */
-    public ReplayCache getReplayCache()
-    {
-        return replayCache;
-    }
-
-
-    /**
-     * @param replayCache The replayCache to set.
-     */
-    public void setReplayCache( ReplayCache replayCache )
-    {
-        this.replayCache = replayCache;
-    }
-
-
-    /**
      * @return Returns the clientKey.
      */
     public EncryptionKey getClientKey()

Modified: directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java?rev=1042145&r1=1042144&r2=1042145&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java
(original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java
Sat Dec  4 11:21:18 2010
@@ -43,8 +43,6 @@ import org.apache.directory.server.kerbe
 import org.apache.directory.server.kerberos.shared.io.decoder.EncryptedDataDecoder;
 import org.apache.directory.server.kerberos.shared.messages.AuthenticationReply;
 import org.apache.directory.server.kerberos.shared.messages.KdcReply;
-import org.apache.directory.server.kerberos.shared.replay.InMemoryReplayCache;
-import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
 import org.apache.directory.shared.asn1.codec.EncoderException;
@@ -83,7 +81,6 @@ public class AuthenticationService
     /** The log for this class. */
     private static final Logger LOG = LoggerFactory.getLogger( AuthenticationService.class
);
 
-    private static final ReplayCache replayCache = new InMemoryReplayCache();
     private static final CipherTextHandler cipherTextHandler = new CipherTextHandler();
 
     private static final String SERVICE_NAME = "Authentication Service (AS)";
@@ -96,7 +93,6 @@ public class AuthenticationService
             monitorRequest( authContext );
         }
         
-        authContext.setReplayCache( replayCache );
         authContext.setCipherTextHandler( cipherTextHandler );
 
         if ( authContext.getRequest().getProtocolVersionNumber() != KerberosConstants.KERBEROS_V5
)

Modified: directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java?rev=1042145&r1=1042144&r2=1042145&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java
(original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java
Sat Dec  4 11:21:18 2010
@@ -39,7 +39,6 @@ public class TicketGrantingContext exten
     private Ticket tgt;
     private Ticket newTicket;
     private Authenticator authenticator;
-    private ReplayCache replayCache;
 
     private PrincipalStoreEntry ticketPrincipalEntry;
     private PrincipalStoreEntry requestPrincipalEntry;
@@ -82,24 +81,6 @@ public class TicketGrantingContext exten
 
 
     /**
-     * @return Returns the replayCache.
-     */
-    public ReplayCache getReplayCache()
-    {
-        return replayCache;
-    }
-
-
-    /**
-     * @param replayCache The replayCache to set.
-     */
-    public void setReplayCache( ReplayCache replayCache )
-    {
-        this.replayCache = replayCache;
-    }
-
-
-    /**
      * @return Returns the authenticator.
      */
     public Authenticator getAuthenticator()

Modified: directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingService.java?rev=1042145&r1=1042144&r2=1042145&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingService.java
(original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingService.java
Sat Dec  4 11:21:18 2010
@@ -42,7 +42,7 @@ import org.apache.directory.server.kerbe
 import org.apache.directory.server.kerberos.shared.messages.KdcReply;
 import org.apache.directory.server.kerberos.shared.messages.TicketGrantReply;
 import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPartModifier;
-import org.apache.directory.server.kerberos.shared.replay.InMemoryReplayCache;
+import org.apache.directory.server.kerberos.shared.replay.ReplayCacheImpl;
 import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
@@ -79,7 +79,6 @@ public class TicketGrantingService
     /** the log for this class */
     private static final Logger LOG = LoggerFactory.getLogger( TicketGrantingService.class
);
     
-    private static final InMemoryReplayCache replayCache = new InMemoryReplayCache();
     private static final CipherTextHandler cipherTextHandler = new CipherTextHandler();
 
     private static final String SERVICE_NAME = "Ticket-Granting Service (TGS)";
@@ -116,11 +115,6 @@ public class TicketGrantingService
     
     private static void configureTicketGranting( TicketGrantingContext tgsContext ) throws
KerberosException
     {
-        KdcServer config = tgsContext.getConfig();
-        long clockSkew = config.getAllowableClockSkew();
-        replayCache.setClockSkew( clockSkew );
-        tgsContext.setReplayCache( replayCache );
-
         tgsContext.setCipherTextHandler( cipherTextHandler );
 
         if ( tgsContext.getRequest().getProtocolVersionNumber() != KerberosConstants.KERBEROS_V5
)
@@ -266,7 +260,7 @@ public class TicketGrantingService
         EncryptionKey serverKey = tgsContext.getTicketPrincipalEntry().getKeyMap().get( encryptionType
);
 
         long clockSkew = tgsContext.getConfig().getAllowableClockSkew();
-        ReplayCache replayCache = tgsContext.getReplayCache();
+        ReplayCache replayCache = tgsContext.getConfig().getReplayCache();
         boolean emptyAddressesAllowed = tgsContext.getConfig().isEmptyAddressesAllowed();
         InetAddress clientAddress = tgsContext.getClientAddress();
         CipherTextHandler cipherTextHandler = tgsContext.getCipherTextHandler();



Mime
View raw message