directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject directory-kerberos git commit: WIP: Working on identity backends, and refined the backend API
Date Sun, 15 Mar 2015 03:26:45 GMT
Repository: directory-kerberos
Updated Branches:
  refs/heads/master f5af336bb -> 5f65a02f2


WIP: Working on identity backends, and refined the backend API


Project: http://git-wip-us.apache.org/repos/asf/directory-kerberos/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerberos/commit/5f65a02f
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerberos/tree/5f65a02f
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerberos/diff/5f65a02f

Branch: refs/heads/master
Commit: 5f65a02f257d161f439627940303398e6c380657
Parents: f5af336
Author: Drankye <drankye@gmail.com>
Authored: Sun Mar 15 11:26:21 2015 +0800
Committer: Drankye <drankye@gmail.com>
Committed: Sun Mar 15 11:26:21 2015 +0800

----------------------------------------------------------------------
 .../identitybackend/JsonIdentityBackend.java    |  28 ++--
 .../identitybackend/LdapIdentityBackend.java    |  54 ++-----
 .../ZookeeperIdentityBackend.java               |  42 ++---
 .../kerby/kerberos/tool/TestKdcServer.java      |  12 +-
 .../kerberos/kdc/server/KerbyKdcServer.java     |  83 +++-------
 .../kerberos/kerb/identity/IdentityService.java |  44 ++++-
 .../backend/AbstractIdentityBackend.java        | 107 ++++++++++--
 .../kerb/identity/backend/IdentityBackend.java  |  56 +++++++
 .../backend/InMemoryIdentityBackend.java        |  84 ----------
 .../identity/backend/MemoryIdentityBackend.java |  56 +++++++
 .../identity/backend/SimpleIdentityBackend.java |  46 ------
 .../kerb/identity/backend/BackendTest.java      |  77 +++++++++
 .../kerberos/kerb/server/TestKdcServer.java     |  19 +--
 .../kerby/kerberos/kerb/server/KdcConfig.java   |  12 --
 .../kerberos/kerb/server/KdcConfigKey.java      |   5 +-
 .../kerby/kerberos/kerb/server/KdcServer.java   | 161 ++++++++++++++-----
 .../kerberos/kerb/server/SimpleKdcServer.java   |  18 ---
 .../org/apache/kerby/config/Configurable.java   |  30 ++++
 .../org/apache/kerby/config/Configured.java     |  45 ++++++
 19 files changed, 589 insertions(+), 390 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/5f65a02f/kdc-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kdc-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java b/kdc-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
index 7a724fb..5013fb8 100644
--- a/kdc-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
+++ b/kdc-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
@@ -21,17 +21,19 @@ package org.apache.kerby.kerberos.kdc.identitybackend;
 
 import org.apache.kerby.config.Config;
 import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
-import org.apache.kerby.kerberos.kerb.identity.backend.InMemoryIdentityBackend;
+import org.apache.kerby.kerberos.kerb.identity.backend.AbstractIdentityBackend;
+import org.apache.kerby.kerberos.kerb.identity.backend.MemoryIdentityBackend;
 
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
+import java.util.List;
 
 /**
  * A Json file based backend implementation.
  *
  */
-public class JsonIdentityBackend extends InMemoryIdentityBackend {
+public class JsonIdentityBackend extends AbstractIdentityBackend {
     public static final String JSON_IDENTITY_BACKEND_FILE = "backend.json.file";
     private Config config;
     private File jsonKdbFile;
@@ -75,28 +77,22 @@ public class JsonIdentityBackend extends InMemoryIdentityBackend {
     }
 
     @Override
-    public KrbIdentity getIdentity(String name) {
-        return super.getIdentity(name);
+    protected KrbIdentity doGetIdentity(String principalName) {
+        return null;
     }
 
     @Override
-    public void addIdentity(KrbIdentity identity) {
-        super.addIdentity(identity);
-
-        // TODO: save
+    protected KrbIdentity doAddIdentity(KrbIdentity identity) {
+        return null;
     }
 
     @Override
-    public void updateIdentity(KrbIdentity identity) {
-        super.updateIdentity(identity);
-
-        // TODO: save
+    protected KrbIdentity doUpdateIdentity(KrbIdentity identity) {
+        return null;
     }
 
     @Override
-    public void deleteIdentity(KrbIdentity identity) {
-        super.deleteIdentity(identity);
-
-        // TODO: save
+    public List<String> getIdentities(int start, int limit) {
+        return null;
     }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/5f65a02f/kdc-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kdc-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java b/kdc-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java
index e867b3a..975c263 100644
--- a/kdc-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java
+++ b/kdc-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java
@@ -30,73 +30,47 @@ import java.util.List;
 /**
  * An LDAP based backend implementation.
  *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
 public class LdapIdentityBackend extends AbstractIdentityBackend {
 
-    /** the connection to the LDAP server */
-    // in case of ApacheDS this will be an istance of LdapCoreSessionConnection
+    // the connection to the LDAP server
+    // in case of ApacheDS this will be an instance of LdapCoreSessionConnection
     private LdapConnection connection;
 
     private Dn baseDn;
 
     /**
-     * Constructing an instance using specified config that contains anything to be used
-     * to initialize an LdapConnection and necessary baseDn.
+     * Constructing an instance using specified config that contains anything
+     * to be used to initialize an LdapConnection and necessary baseDn.
      * @param config
      */
     public LdapIdentityBackend(Config config) {
-        super(config);
+        setConfig(config);
     }
 
-    public LdapIdentityBackend(LdapConnection connection, Dn baseDn) {
-        super();
-        this.connection = connection;
-        this.baseDn = baseDn;
-    }
+    public void initialize() {
+        super.initialize();
 
-    /**
-     * Load identities from file
-     */
-    public void load() {
-        // todo
-    }
-
-    /**
-     * Persist the updated identities back
-     */
-    public void save() {
-        // todo
+        // init Ldap connection and baseDn.
     }
 
     @Override
-    public List<KrbIdentity> getIdentities() {
+    protected KrbIdentity doGetIdentity(String principalName) {
         return null;
     }
 
     @Override
-    public boolean checkIdentity(String name) {
-        
-        return false;
-    }
-
-    @Override
-    public KrbIdentity getIdentity(String name) {
+    protected KrbIdentity doAddIdentity(KrbIdentity identity) {
         return null;
     }
 
     @Override
-    public void addIdentity(KrbIdentity identity) {
-
-    }
-
-    @Override
-    public void updateIdentity(KrbIdentity identity) {
-
+    protected KrbIdentity doUpdateIdentity(KrbIdentity identity) {
+        return null;
     }
 
     @Override
-    public void deleteIdentity(KrbIdentity identity) {
-
+    public List<String> getIdentities(int start, int limit) {
+        return null;
     }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/5f65a02f/kdc-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZookeeperIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kdc-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZookeeperIdentityBackend.java b/kdc-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZookeeperIdentityBackend.java
index be0a36e..f7aa503 100644
--- a/kdc-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZookeeperIdentityBackend.java
+++ b/kdc-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZookeeperIdentityBackend.java
@@ -21,7 +21,7 @@ package org.apache.kerby.kerberos.kdc.identitybackend;
 
 import org.apache.kerby.config.Config;
 import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
-import org.apache.kerby.kerberos.kerb.identity.backend.InMemoryIdentityBackend;
+import org.apache.kerby.kerberos.kerb.identity.backend.AbstractIdentityBackend;
 import org.apache.zookeeper.WatchedEvent;
 import org.apache.zookeeper.Watcher;
 import org.apache.zookeeper.ZooKeeper;
@@ -30,6 +30,7 @@ import org.apache.zookeeper.server.ZooKeeperServerMain;
 import org.apache.zookeeper.server.quorum.QuorumPeerConfig;
 
 import java.io.IOException;
+import java.util.List;
 import java.util.Properties;
 
 /**
@@ -38,7 +39,7 @@ import java.util.Properties;
  * cluster for replication and reliability.
  *
  */
-public class ZookeeperIdentityBackend extends InMemoryIdentityBackend
+public class ZookeeperIdentityBackend extends AbstractIdentityBackend
         implements Watcher {
     private Config config;
     private String zkHost;
@@ -109,44 +110,31 @@ public class ZookeeperIdentityBackend extends InMemoryIdentityBackend
     }
 
     /**
-     * Persist the updated identities back
+     * This will watch all the kdb update event so that it's timely synced.
+     * @param event
      */
-    public void save() {
-        // TODO: save into the kdb file
-    }
-
     @Override
-    public KrbIdentity getIdentity(String name) {
-        return super.getIdentity(name);
+    public void process(WatchedEvent event) {
+        System.out.print("I got an event: " + event);
     }
 
     @Override
-    public void addIdentity(KrbIdentity identity) {
-        super.addIdentity(identity);
-
-        // TODO: save
+    protected KrbIdentity doGetIdentity(String principalName) {
+        return null;
     }
 
     @Override
-    public void updateIdentity(KrbIdentity identity) {
-        super.updateIdentity(identity);
-
-        // TODO: save
+    protected KrbIdentity doAddIdentity(KrbIdentity identity) {
+        return null;
     }
 
     @Override
-    public void deleteIdentity(KrbIdentity identity) {
-        super.deleteIdentity(identity);
-
-        // TODO: save
+    protected KrbIdentity doUpdateIdentity(KrbIdentity identity) {
+        return null;
     }
 
-    /**
-     * This will watch all the kdb update event so that it's timely synced.
-     * @param event
-     */
     @Override
-    public void process(WatchedEvent event) {
-        System.out.print("I got an event: " + event);
+    public List<String> getIdentities(int start, int limit) {
+        return null;
     }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/5f65a02f/kdc-tool/kinit/src/test/java/org/apache/kerby/kerberos/tool/TestKdcServer.java
----------------------------------------------------------------------
diff --git a/kdc-tool/kinit/src/test/java/org/apache/kerby/kerberos/tool/TestKdcServer.java b/kdc-tool/kinit/src/test/java/org/apache/kerby/kerberos/tool/TestKdcServer.java
index c1944be..c37e7eb 100644
--- a/kdc-tool/kinit/src/test/java/org/apache/kerby/kerberos/tool/TestKdcServer.java
+++ b/kdc-tool/kinit/src/test/java/org/apache/kerby/kerberos/tool/TestKdcServer.java
@@ -41,7 +41,6 @@ public class TestKdcServer extends SimpleKdcServer {
     public static final String KDC_REALM = KdcConfigKey.KDC_REALM.getPropertyKey();
     public static final String KDC_HOST = KdcConfigKey.KDC_HOST.getPropertyKey();
     public static final String KDC_TCP_PORT = KdcConfigKey.KDC_TCP_PORT.getPropertyKey();
-    public static final String WORK_DIR = KdcConfigKey.WORK_DIR.getPropertyKey();
 
     private static final Properties DEFAULT_CONFIG = new Properties();
     static {
@@ -55,19 +54,12 @@ public class TestKdcServer extends SimpleKdcServer {
         return (Properties) DEFAULT_CONFIG.clone();
     }
 
-    public TestKdcServer() {
-        this(createConf());
-    }
-
-    public TestKdcServer(Properties conf) {
-        super();
-        getKdcConfig().getConf().addPropertiesConfig(conf);
-    }
-
     @Override
     public void init() {
         super.init();
 
+        getKdcConfig().getConf().addPropertiesConfig(createConf());
+        
         createPrincipals("krbtgt", "test-service/localhost");
 
         createPrincipal("client@TEST.COM", "123456");

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/5f65a02f/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/server/KerbyKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/server/KerbyKdcServer.java b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/server/KerbyKdcServer.java
index c562fbd..bd78aef 100644
--- a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/server/KerbyKdcServer.java
+++ b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/server/KerbyKdcServer.java
@@ -6,27 +6,23 @@
  *  to you under the Apache License, Version 2.0 (the
  *  "License"); you may not use this file except in compliance
  *  with the License.  You may obtain a copy of the License at
- *  
+ *
  *    http://www.apache.org/licenses/LICENSE-2.0
- *  
+ *
  *  Unless required by applicable law or agreed to in writing,
  *  software distributed under the License is distributed on an
  *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  *  KIND, either express or implied.  See the License for the
  *  specific language governing permissions and limitations
  *  under the License. 
- *  
+ *
  */
 package org.apache.kerby.kerberos.kdc.server;
 
 import org.apache.kerby.config.Conf;
-import org.apache.kerby.config.Config;
-import org.apache.kerby.kerberos.kdc.identitybackend.LdapIdentityBackend;
 import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
-import org.apache.kerby.kerberos.kerb.identity.IdentityService;
 import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
-import org.apache.kerby.kerberos.kerb.identity.backend.InMemoryIdentityBackend;
 import org.apache.kerby.kerberos.kerb.server.KdcServer;
 import org.apache.kerby.kerberos.kerb.spec.common.EncryptionKey;
 import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
@@ -37,44 +33,14 @@ import java.util.List;
 import java.util.UUID;
 
 /**
- * The mentioned Kerby KDC server implementation
+ * The mentioned Kerby KDC server implementation.
  */
 public class KerbyKdcServer extends KdcServer {
-
-    public KerbyKdcServer() {
-        super();
-    }
-
-    public void init() {
-        super.init();
-        initIdentityService();
-    }
-
-    public void init(String confDir, String workDir) throws IOException {
-        init();
-        initConfig(confDir);
-    }
-
-    /**
-     * init config from configuration file
-     */
-    private void initConfig(String confDirString) throws IOException {
-        Conf conf = kdcConfig.getConf();
-
-        File confDir = new File(confDirString);
-        File[] files = confDir.listFiles();
-        if (files == null) {
-            throw new IOException("There are no file in configuration directory");
-        }
-
-        for (File file : files) {
-            conf.addIniConfig(file);
-        }
-
-    }
-
     private static KerbyKdcServer server;
-    private static final String USAGE = "Usage: " + KerbyKdcServer.class.getSimpleName() + " -start conf-dir working-dir|-stop";
+
+    private static final String USAGE = "Usage: " +
+            KerbyKdcServer.class.getSimpleName() +
+            " -start conf-dir working-dir|-stop";
 
     public static void main(String[] args) {
         if (args.length == 0) {
@@ -91,40 +57,27 @@ public class KerbyKdcServer extends KdcServer {
             String workDir = args[2];
 
             server = new KerbyKdcServer();
-            try {
-                server.init(confDir, workDir);
-            } catch (IOException e) {
-                System.err.println("Something wrong with configuration files or work files");
-                e.printStackTrace();
-                return;
-            }
-            //TODO add a default principal for test
+            server.setWorkDir(new File(workDir));
+            server.setConfDir(new File(confDir));
+            server.init();
+
+            server.createPrincipals("krbtgt");
+
+            //TODO: add a default principal for test, will be removed.
             server.createPrincipal("test", "123456");
-            server.createPrincipals("krbtgt", "test-service/localhost");
 
             server.start();
-            System.out.println(KerbyKdcServer.class.getSimpleName() + " started.");
+            System.out.println("KDC started.");
         } else if (args[0].equals("-stop")) {
             //server.stop();//FIXME can't get the server instance here
             System.out.println("KDC Server stoped.");
         } else {
             System.err.println(USAGE);
         }
-
-    }
-
-    protected void initIdentityService() {
-        Config config = getKdcConfig().getBackendConfig();
-
-        //FIXME
-        InMemoryIdentityBackend identityService = new InMemoryIdentityBackend();
-//        IdentityService identityService = new LdapIdentityBackend(config);
-        setIdentityService(identityService);
     }
 
-
-    //create default principal for test
-    private synchronized void createPrincipal(String principal, String password) {
+    //create some principal for test
+    private void createPrincipal(String principal, String password) {
         KrbIdentity identity = new KrbIdentity(fixPrincipal(principal));
         List<EncryptionType> encTypes = getKdcConfig().getEncryptionTypes();
         List<EncryptionKey> encKeys = null;

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/5f65a02f/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
index 96efea5..a8fdfce 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
@@ -21,11 +21,43 @@ package org.apache.kerby.kerberos.kerb.identity;
 
 import java.util.List;
 
+/**
+ * Identity service for KDC backend to create, get and manage principal accounts.
+ */
 public interface IdentityService {
-    public List<KrbIdentity> getIdentities();
-    public boolean checkIdentity(String name);
-    public KrbIdentity getIdentity(String name);
-    public void addIdentity(KrbIdentity identity);
-    public void updateIdentity(KrbIdentity identity);
-    public void deleteIdentity(KrbIdentity identity);
+
+    /**
+     * Get the identity principal names, from start offset, with count of limit.
+     * Note it's ordered by principal name.
+     * @return principal names
+     */
+    public List<String> getIdentities(int start, int limit);
+
+    /**
+     * Get the identity account specified by name.
+     * @param principalName
+     * @return identity
+     */
+    public KrbIdentity getIdentity(String principalName);
+
+    /**
+     * Add an identity, and return the newly created result.
+     * @param identity
+     * @return identity
+     */
+    public KrbIdentity addIdentity(KrbIdentity identity);
+
+    /**
+     * Update an identity, and return the updated result.
+     * @param identity
+     * @return identity
+     */
+    public KrbIdentity updateIdentity(KrbIdentity identity);
+
+    /**
+     * Delete the identity specified by principal name
+     * @param principalName
+     *
+     */
+    public void deleteIdentity(String principalName);
 }

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/5f65a02f/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
index 2cc838d..5b11c6b 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
@@ -6,35 +6,118 @@
  *  to you under the Apache License, Version 2.0 (the
  *  "License"); you may not use this file except in compliance
  *  with the License.  You may obtain a copy of the License at
- *  
+ *
  *    http://www.apache.org/licenses/LICENSE-2.0
- *  
+ *
  *  Unless required by applicable law or agreed to in writing,
  *  software distributed under the License is distributed on an
  *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  *  KIND, either express or implied.  See the License for the
  *  specific language governing permissions and limitations
  *  under the License. 
- *  
+ *
  */
 package org.apache.kerby.kerberos.kerb.identity.backend;
 
-import org.apache.kerby.config.Config;
-import org.apache.kerby.kerberos.kerb.identity.IdentityService;
+import org.apache.kerby.config.Configured;
+import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
 
 /**
- * Identity backend for KdcServer
+ * An abstract identity backend that provides default behaviors and a cache
+ * with FIFO and size limit. Note only limited recently active identities are
+ * kept in the cache, and other identities are meant to be loaded from
+ * persistent storage by specific backend, like memory, file, SQL DB, LDAP,
+ * and etc.
  */
-public abstract class AbstractIdentityBackend implements IdentityService {
+public abstract class AbstractIdentityBackend
+        extends Configured implements IdentityBackend {
+
+    private static final int DEFAULT_CACHE_SIZE = 1000;
+
+    private Map<String, KrbIdentity> idCache;
+    private int cacheSize = DEFAULT_CACHE_SIZE;
+
+    protected void setCacheSize(int cacheSize) {
+        this.cacheSize = cacheSize;
+    }
+
+    @Override
+    public void initialize() {
+        idCache = new LinkedHashMap<String, KrbIdentity>(cacheSize) {
+            @Override
+            protected boolean removeEldestEntry(Map.Entry eldest) {
+                return size() > cacheSize;
+            }
+        };
+    }
 
-    // config prepared and passed by KdcServer to initialize the backend.
-    protected Config config;
+    @Override
+    public void start() {
 
-    public AbstractIdentityBackend() {
+    }
+
+    @Override
+    public void stop() {
+
+    }
 
+    @Override
+    public void release() {
+        idCache.clear();
     }
 
-    public AbstractIdentityBackend(Config config) {
-        this.config = config;
+    protected Map<String, KrbIdentity> getCache() {
+        return idCache;
     }
+
+    @Override
+    public KrbIdentity getIdentity(String principalName) {
+        if (idCache.containsKey(principalName)) {
+            return idCache.get(principalName);
+        }
+
+        KrbIdentity identity = doGetIdentity(principalName);
+        if (identity != null) {
+            idCache.put(principalName, identity);
+        }
+
+        return identity;
+    }
+
+    protected abstract KrbIdentity doGetIdentity(String principalName);
+
+    @Override
+    public KrbIdentity addIdentity(KrbIdentity identity) {
+        KrbIdentity added = doAddIdentity(identity);
+        if (added != null) {
+            idCache.put(added.getPrincipalName(), added);
+        }
+
+        return added;
+    }
+
+    protected abstract KrbIdentity doAddIdentity(KrbIdentity identity);
+
+    @Override
+    public KrbIdentity updateIdentity(KrbIdentity identity) {
+        KrbIdentity updated = doUpdateIdentity(identity);
+        if (updated != null) {
+            idCache.put(updated.getPrincipalName(), updated);
+        }
+
+        return updated;
+    }
+
+    protected abstract KrbIdentity doUpdateIdentity(KrbIdentity identity);
+
+    @Override
+    public void deleteIdentity(String principalName) {
+        if (idCache.containsKey(principalName)) {
+            idCache.remove(principalName);
+        }
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/5f65a02f/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/IdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/IdentityBackend.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/IdentityBackend.java
new file mode 100644
index 0000000..96e13f6
--- /dev/null
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/IdentityBackend.java
@@ -0,0 +1,56 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.identity.backend;
+
+import org.apache.kerby.config.Configurable;
+import org.apache.kerby.kerberos.kerb.identity.IdentityService;
+
+/**
+ * Identity backend for KDC, either internal embedded or external standalone.
+ */
+public interface IdentityBackend extends IdentityService, Configurable {
+
+    /**
+     * Init work for the backend can be done here.
+     */
+    public void initialize();
+
+    /**
+     * Start the backend and return soon after the backend or the connection to
+     * it is well prepared and ready for KDC to use.
+     *
+     * Will be called during KDC startup.
+     */
+    public void start();
+
+    /**
+     * Stop the backend.
+     *
+     * Will be called during KDC stop.
+     */
+    public void stop();
+
+    /**
+     * Release the backend associated resources like connection.
+     *
+     * Will be called during KDC shutdown.
+     */
+    public void release();
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/5f65a02f/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/InMemoryIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/InMemoryIdentityBackend.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/InMemoryIdentityBackend.java
deleted file mode 100644
index a1581d6..0000000
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/InMemoryIdentityBackend.java
+++ /dev/null
@@ -1,84 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *  
- *    http://www.apache.org/licenses/LICENSE-2.0
- *  
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License. 
- *  
- */
-package org.apache.kerby.kerberos.kerb.identity.backend;
-
-import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-/**
- * A memory map based identity backend that loads and keeps all the identities
- * in a hashmap for fast lookup and operation.
- *
- * It's subject to be improved to only keep limited recently active identities
- * in the map, and leave other identities in persistent storage by delegation
- * to another backend.
- */
-public class InMemoryIdentityBackend extends AbstractIdentityBackend {
-
-    private final Map<String, KrbIdentity> identities;
-
-    public InMemoryIdentityBackend() {
-        this.identities = new HashMap<String, KrbIdentity>();
-    }
-
-    public InMemoryIdentityBackend(Map<String, KrbIdentity> identities) {
-        this();
-        this.identities.putAll(identities);
-    }
-
-    @Override
-    public List<KrbIdentity> getIdentities() {
-        List<KrbIdentity> results = new ArrayList<KrbIdentity>(identities.size());
-        results.addAll(identities.values());
-        return results;
-    }
-
-    @Override
-    public boolean checkIdentity(String name) {
-        return identities.containsKey(name);
-    }
-
-    @Override
-    public KrbIdentity getIdentity(String name) {
-        if (identities.containsKey(name)) {
-            return identities.get(name);
-        }
-        return null;
-    }
-
-    @Override
-    public void addIdentity(KrbIdentity identity) {
-        identities.put(identity.getPrincipalName(), identity);
-    }
-
-    @Override
-    public void updateIdentity(KrbIdentity identity) {
-        identities.put(identity.getPrincipalName(), identity);
-    }
-
-    @Override
-    public void deleteIdentity(KrbIdentity identity) {
-        identities.remove(identity.getPrincipalName());
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/5f65a02f/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/MemoryIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/MemoryIdentityBackend.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/MemoryIdentityBackend.java
new file mode 100644
index 0000000..7984c2f
--- /dev/null
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/MemoryIdentityBackend.java
@@ -0,0 +1,56 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.identity.backend;
+
+import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * A memory map based identity backend, which is purely relying on the
+ * underlying cache as the storage.
+ */
+public class MemoryIdentityBackend extends AbstractIdentityBackend {
+
+    public MemoryIdentityBackend() {
+        setCacheSize(100000000); // Just no idea, configurable ?
+    }
+
+    @Override
+    protected KrbIdentity doGetIdentity(String principalName) {
+        return null;
+    }
+
+    @Override
+    protected KrbIdentity doAddIdentity(KrbIdentity identity) {
+        return identity;
+    }
+
+    @Override
+    protected KrbIdentity doUpdateIdentity(KrbIdentity identity) {
+        return identity;
+    }
+
+    @Override
+    public List<String> getIdentities(int start, int limit) {
+        return new ArrayList<>(getCache().keySet());
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/5f65a02f/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/SimpleIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/SimpleIdentityBackend.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/SimpleIdentityBackend.java
deleted file mode 100644
index df7a0dd..0000000
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/SimpleIdentityBackend.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *  
- *    http://www.apache.org/licenses/LICENSE-2.0
- *  
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License. 
- *  
- */
-package org.apache.kerby.kerberos.kerb.identity.backend;
-
-import java.io.File;
-
-public class SimpleIdentityBackend extends InMemoryIdentityBackend {
-
-    private File identityFile;
-
-    public SimpleIdentityBackend(File identityFile) {
-        super();
-        this.identityFile = identityFile;
-    }
-
-    /**
-     * Load identities from file
-     */
-    public void load() {
-        // todo
-    }
-
-    /**
-     * Persist the updated identities back
-     */
-    public void save() {
-        // todo
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/5f65a02f/kerby-kerb/kerb-identity/src/test/org/apache/kerby/kerberos/kerb/identity/backend/BackendTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/test/org/apache/kerby/kerberos/kerb/identity/backend/BackendTest.java b/kerby-kerb/kerb-identity/src/test/org/apache/kerby/kerberos/kerb/identity/backend/BackendTest.java
new file mode 100644
index 0000000..aa71a9a
--- /dev/null
+++ b/kerby-kerb/kerb-identity/src/test/org/apache/kerby/kerberos/kerb/identity/backend/BackendTest.java
@@ -0,0 +1,77 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.identity.backend;
+
+import org.apache.kerby.kerberos.kerb.identity.IdentityService;
+import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+
+import java.util.Arrays;
+import java.util.List;
+
+/**
+ * A common backend test utility
+ */
+public abstract class BackendTest {
+
+    static final EncryptionType[] encTypes = new EncryptionType[]{
+            EncryptionType.AES128_CTS,
+            EncryptionType.AES256_CTS,
+            EncryptionType.ARCFOUR_HMAC,
+            EncryptionType.CAMELLIA128_CTS,
+            EncryptionType.CAMELLIA256_CTS_CMAC
+    };
+
+    protected void testStoreAndGet(IdentityService identityService) {
+        KrbIdentity[] ids = createManyIdentities();
+        //identityService.addIdentity();
+    }
+
+    protected KrbIdentity[] createManyIdentities() {
+        return new KrbIdentity[] {
+                createOneIdentity("test@EXAMPLE.COM"),
+                createOneIdentity("test1@EXAMPLE.COM"),
+                createOneIdentity("test2@EXAMPLE.COM"),
+                createOneIdentity("test3@EXAMPLE.COM"),
+                createOneIdentity("test4@EXAMPLE.COM"),
+                createOneIdentity("test5@EXAMPLE.COM"),
+                createOneIdentity("test6@EXAMPLE.COM"),
+        };
+    }
+    protected KrbIdentity createOneIdentity(String principal) {
+        KrbIdentity kid = new KrbIdentity(principal);
+        kid.setCreatedTime(KerberosTime.now());
+        kid.setExpireTime(KerberosTime.NEVER);
+        kid.setDisabled(false);
+        kid.setKeyVersion(1);
+        kid.setLocked(false);
+        kid.addKeys(generateKeys(kid.getPrincipalName()));
+
+        return kid;
+    }
+
+    protected abstract List<EncryptionKey> generateKeys(String principal);
+
+    protected List<EncryptionType> getEncryptionTypes() {
+        return Arrays.asList(encTypes);
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/5f65a02f/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
index 0bac5e2..d291eb8 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
@@ -19,11 +19,11 @@
  */
 package org.apache.kerby.kerberos.kerb.server;
 
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
 import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
 import org.apache.kerby.kerberos.kerb.keytab.Keytab;
 import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
-import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
 import org.apache.kerby.kerberos.kerb.spec.common.EncryptionKey;
 import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
@@ -41,7 +41,6 @@ public class TestKdcServer extends SimpleKdcServer {
     public static final String KDC_REALM = KdcConfigKey.KDC_REALM.getPropertyKey();
     public static final String KDC_HOST = KdcConfigKey.KDC_HOST.getPropertyKey();
     public static final String KDC_TCP_PORT = KdcConfigKey.KDC_TCP_PORT.getPropertyKey();
-    public static final String WORK_DIR = KdcConfigKey.WORK_DIR.getPropertyKey();
 
     private static final Properties DEFAULT_CONFIG = new Properties();
     static {
@@ -55,19 +54,12 @@ public class TestKdcServer extends SimpleKdcServer {
         return (Properties) DEFAULT_CONFIG.clone();
     }
 
-    public TestKdcServer() {
-        this(createConf());
-    }
-
-    public TestKdcServer(Properties conf) {
-        super();
-        getKdcConfig().getConf().addPropertiesConfig(conf);
-    }
-
     @Override
     public void init() {
         super.init();
 
+        getKdcConfig().getConf().addPropertiesConfig(createConf());
+
         createPrincipals("krbtgt");
     }
 
@@ -106,8 +98,9 @@ public class TestKdcServer extends SimpleKdcServer {
     public void exportPrincipals(File keytabFile) throws IOException {
         Keytab keytab = new Keytab();
 
-        List<KrbIdentity> identities = getIdentityService().getIdentities();
-        for (KrbIdentity identity : identities) {
+        List<String> principals = getIdentityService().getIdentities(-1, -1);
+        for (String pn : principals) {
+            KrbIdentity identity = getIdentityService().getIdentity(pn);
             PrincipalName principal = identity.getPrincipal();
             KerberosTime timestamp = new KerberosTime();
             for (EncryptionType encType : identity.getKeys().keySet()) {

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/5f65a02f/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
index da4bfe3..6cb8d79 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
@@ -37,14 +37,6 @@ public class KdcConfig {
         return this.conf;
     }
 
-    /**
-     * Prepare and return backend config
-     * @return
-     */
-    public Config getBackendConfig() {
-        return conf.getConfig("IdentityBackend");
-    }
-
     public boolean enableDebug() {
         return conf.getBoolean(KdcConfigKey.KRB_DEBUG);
     }
@@ -53,10 +45,6 @@ public class KdcConfig {
         return conf.getString(KdcConfigKey.KDC_SERVICE_NAME);
     }
 
-    public String getWorkDir() {
-        return conf.getString(KdcConfigKey.WORK_DIR);
-    }
-
     public String getKdcHost() {
         return KrbConfHelper.getStringUnderSection(conf, KdcConfigKey.KDC_HOST);
     }

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/5f65a02f/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
index 490510e..669844f 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
@@ -20,11 +20,12 @@
 package org.apache.kerby.kerberos.kerb.server;
 
 import org.apache.kerby.kerberos.kerb.common.SectionConfigKey;
+import org.apache.kerby.kerberos.kerb.identity.backend.MemoryIdentityBackend;
 
 public enum KdcConfigKey implements SectionConfigKey {
     KRB_DEBUG(true),
-    WORK_DIR,
-    KDC_SERVICE_NAME("Kerby_KDC_Server"),
+    KDC_SERVICE_NAME("KDC-Server"),
+    KDC_IDENTITY_BACKEND,
     KDC_HOST("127.0.0.1", "kdcdefaults"),
     KDC_PORT(8015, "kdcdefaults"),
     KDC_ALLOW_UDP(true, "kdcdefaults"),

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/5f65a02f/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
index b72d5d2..353b087 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
@@ -6,25 +6,30 @@
  *  to you under the Apache License, Version 2.0 (the
  *  "License"); you may not use this file except in compliance
  *  with the License.  You may obtain a copy of the License at
- *  
+ *
  *    http://www.apache.org/licenses/LICENSE-2.0
- *  
+ *
  *  Unless required by applicable law or agreed to in writing,
  *  software distributed under the License is distributed on an
  *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  *  KIND, either express or implied.  See the License for the
  *  specific language governing permissions and limitations
  *  under the License. 
- *  
+ *
  */
 package org.apache.kerby.kerberos.kerb.server;
 
+import org.apache.kerby.config.Conf;
+import org.apache.kerby.config.Config;
 import org.apache.kerby.event.EventHub;
 import org.apache.kerby.kerberos.kerb.common.KrbStreamingDecoder;
 import org.apache.kerby.kerberos.kerb.identity.IdentityService;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.identity.backend.MemoryIdentityBackend;
 import org.apache.kerby.transport.Network;
 
 import java.io.File;
+import java.io.IOException;
 
 public class KdcServer {
     private String kdcHost;
@@ -34,39 +39,113 @@ public class KdcServer {
     private String kdcRealm;
 
     private boolean started;
-    private String serviceName = "KerbyKdc";
+    private String serviceName;
 
     private KdcHandler kdcHandler;
     private EventHub eventHub;
 
-    protected KdcConfig kdcConfig;
-    protected IdentityService identityService;
-    protected File workDir;
+    private KdcConfig kdcConfig;
+    private Conf backendConfig;
 
-    public KdcServer() {
-        kdcConfig = new KdcConfig();
+    private IdentityBackend backend;
+    private File workDir;
+    private File confDir;
+
+    /**
+     * Set runtime folder.
+     * @param workDir
+     */
+    public void setWorkDir(File workDir) {
+        this.workDir = workDir;
     }
 
-    public void init() {
-        initConfig();
+    /**
+     * Set conf dir where configuration resources can be loaded. Mainly:
+     * kdc.conf, that contains kdc server related items.
+     * backend.conf, that contains identity backend related items.
+     * @param confDir
+     */
+    public void setConfDir(File confDir) {
+        this.confDir = confDir;
+    }
 
-        initWorkDir();
+    /**
+     * Get configuration folder.
+     * @return
+     */
+    public File getConfDir() {
+        return confDir;
     }
 
-    protected void initWorkDir() {
-        String path = kdcConfig.getWorkDir();
-        File file;
-        if (path != null) {
-            file = new File(path);
-            file.mkdirs();
-        } else {
-            file = new File(".");
+    /**
+     * Get the backend identity service.
+     * @return
+     */
+    public IdentityService getIdentityService() {
+        return backend;
+    }
+
+    public void init() {
+        try {
+            initConfig();
+        } catch (IOException e) {
+            throw new RuntimeException("Failed to load configurations", e);
         }
 
-        this.workDir = file;
+        initBackend();
+    }
+
+    /**
+     * Prepare kdc and backend config, loading kdc.conf and backend.conf.
+     * It can be override to add more configuration resources.
+     *
+     * @throws IOException
+     */
+    protected void initConfig() throws IOException {
+        kdcConfig = new KdcConfig();
+        backendConfig = new Conf();
+
+        if (confDir != null && confDir.exists()) {
+            File kdcConfFile = new File(confDir, "kdc.conf");
+            if (kdcConfFile.exists()) {
+                kdcConfig.getConf().addIniConfig(kdcConfFile);
+            }
+
+            File backendConfFile = new File(confDir, "backend.conf");
+            if (backendConfFile.exists()) {
+                backendConfig.addIniConfig(backendConfFile);
+            }
+        }
     }
 
-    protected void initConfig() {}
+    private void initBackend() {
+        String backendClassName = backendConfig.getString(
+                KdcConfigKey.KDC_IDENTITY_BACKEND);
+        if (backendClassName == null) {
+            backendClassName = MemoryIdentityBackend.class.getCanonicalName();
+        }
+
+        Class backendClass = null;
+        try {
+            backendClass = Class.forName(backendClassName);
+        } catch (ClassNotFoundException e) {
+            throw new RuntimeException("Failed to load backend class: "
+                    + backendClassName);
+        }
+
+        try {
+            backend = (IdentityBackend) backendClass.newInstance();
+        } catch (InstantiationException e) {
+            throw new RuntimeException("Failed to create backend: "
+                    + backendClassName);
+        } catch (IllegalAccessException e) {
+            throw new RuntimeException("Failed to create backend: "
+                    + backendClassName);
+        }
+
+        backend.setConfig(backendConfig);
+        backend.initialize();
+    }
 
     public void start() {
         try {
@@ -78,8 +157,6 @@ public class KdcServer {
         started = true;
     }
 
-
-
     public String getKdcRealm() {
         if (kdcRealm != null) {
             return kdcRealm;
@@ -156,6 +233,8 @@ public class KdcServer {
     }
 
     protected void doStart() throws Exception {
+        backend.start();
+
         prepareHandler();
 
         this.eventHub = new EventHub();
@@ -176,7 +255,7 @@ public class KdcServer {
     private void prepareHandler() {
         this.kdcHandler = new KdcHandler();
         kdcHandler.setConfig(kdcConfig);
-        kdcHandler.setIdentityService(identityService);
+        kdcHandler.setIdentityService(backend);
         if (kdcRealm != null) {
             kdcHandler.setKdcRealm(kdcRealm);
         }
@@ -189,25 +268,37 @@ public class KdcServer {
         } catch (Exception e) {
             throw new RuntimeException("Failed to stop " + getServiceName());
         }
+
+        started = false;
     }
 
     protected void doStop() throws Exception {
+        backend.stop();
+
         eventHub.stop();
     }
 
-    public KdcConfig getKdcConfig() {
+    /**
+     * Get the KDC config.
+     * @return
+     */
+    protected KdcConfig getKdcConfig() {
         return kdcConfig;
     }
 
-    public boolean isStarted() {
-        return started;
+    /**
+     * Get backend config.
+     * @return
+     */
+    protected Config getBackendConfig() {
+        return backendConfig;
     }
 
-    protected void setStarted( boolean started ) {
-        this.started = started;
+    public boolean isStarted() {
+        return started;
     }
 
-    protected void setServiceName( String name ) {
+    protected void setServiceName(String name) {
         this.serviceName = name;
     }
 
@@ -217,12 +308,4 @@ public class KdcServer {
         }
         return kdcConfig.getKdcServiceName();
     }
-
-    public IdentityService getIdentityService() {
-        return identityService;
-    }
-
-    protected void setIdentityService(IdentityService identityService) {
-        this.identityService = identityService;
-    }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/5f65a02f/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
index 4cc0b35..6874be8 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
@@ -19,25 +19,7 @@
  */
 package org.apache.kerby.kerberos.kerb.server;
 
-import org.apache.kerby.kerberos.kerb.identity.IdentityService;
-import org.apache.kerby.kerberos.kerb.identity.backend.SimpleIdentityBackend;
-
-import java.io.File;
-
 public class SimpleKdcServer extends KdcServer {
 
-    public SimpleKdcServer() {
-        super();
-    }
-
-    public void init() {
-        super.init();
-        initIdentityService();
-    }
 
-    protected void initIdentityService() {
-        File identityFile = new File(workDir, "simplekdb.dat");
-        IdentityService identityService = new SimpleIdentityBackend(identityFile);
-        setIdentityService(identityService);
-    }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/5f65a02f/lib/kerby-config/src/main/java/org/apache/kerby/config/Configurable.java
----------------------------------------------------------------------
diff --git a/lib/kerby-config/src/main/java/org/apache/kerby/config/Configurable.java b/lib/kerby-config/src/main/java/org/apache/kerby/config/Configurable.java
new file mode 100644
index 0000000..5f83341
--- /dev/null
+++ b/lib/kerby-config/src/main/java/org/apache/kerby/config/Configurable.java
@@ -0,0 +1,30 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.config;
+
+/**
+ * An interface for constructs that desire to be configurable thru the framework.
+ */
+public interface Configurable {
+
+    public void setConfig(Config config);
+
+    public Config getConfig();
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/5f65a02f/lib/kerby-config/src/main/java/org/apache/kerby/config/Configured.java
----------------------------------------------------------------------
diff --git a/lib/kerby-config/src/main/java/org/apache/kerby/config/Configured.java b/lib/kerby-config/src/main/java/org/apache/kerby/config/Configured.java
new file mode 100644
index 0000000..eadfb54
--- /dev/null
+++ b/lib/kerby-config/src/main/java/org/apache/kerby/config/Configured.java
@@ -0,0 +1,45 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.config;
+
+/**
+ * An abstract for constructs that desire to be configurable.
+ */
+public class Configured implements Configurable {
+    private Config config;
+
+    public Configured() {
+        config = null;
+    }
+
+    public Configured(Config config) {
+        this.config = config;
+    }
+
+    @Override
+    public Config getConfig() {
+        return config;
+    }
+
+    @Override
+    public void setConfig(Config config) {
+        this.config = config;
+    }
+}


Mime
View raw message