You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/07/01 17:12:44 UTC
svn commit: r1498509 - in
/cxf/branches/2.7.x-fixes/services/sts/sts-core/src:
main/java/org/apache/cxf/sts/cache/EHCacheIdentityCache.java
main/resources/ main/resources/sts-ehcache.xml
test/java/org/apache/cxf/sts/cache/EhCacheIdentityCacheTest.java
Author: coheigea
Date: Mon Jul 1 15:12:44 2013
New Revision: 1498509
URL: http://svn.apache.org/r1498509
Log:
Merged revisions 1498505 via git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1498505 | coheigea | 2013-07-01 16:08:32 +0100 (Mon, 01 Jul 2013) | 2 lines
Adding EhCache-based IdentityCache in the STS
........
Added:
cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/EHCacheIdentityCache.java
cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/resources/
cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/resources/sts-ehcache.xml
cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/EhCacheIdentityCacheTest.java
Added: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/EHCacheIdentityCache.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/EHCacheIdentityCache.java?rev=1498509&view=auto
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/EHCacheIdentityCache.java (added)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/EHCacheIdentityCache.java Mon Jul 1 15:12:44 2013
@@ -0,0 +1,257 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.cache;
+
+import java.io.Closeable;
+import java.io.IOException;
+import java.net.URL;
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import net.sf.ehcache.Cache;
+import net.sf.ehcache.CacheManager;
+import net.sf.ehcache.Ehcache;
+import net.sf.ehcache.Element;
+import net.sf.ehcache.config.CacheConfiguration;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.buslifecycle.BusLifeCycleListener;
+import org.apache.cxf.buslifecycle.BusLifeCycleManager;
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.resource.ResourceManager;
+import org.apache.cxf.sts.IdentityMapper;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
+import org.apache.wss4j.common.cache.EHCacheManagerHolder;
+import org.apache.wss4j.common.principal.CustomTokenPrincipal;
+import org.springframework.jmx.export.annotation.ManagedOperation;
+import org.springframework.jmx.export.annotation.ManagedResource;
+
+/**
+ * A EH-Cache based cache to cache identities in different realms where
+ * the relationship is of type FederateIdentity.
+ */
+@ManagedResource()
+public class EHCacheIdentityCache
+ implements IdentityCache, IdentityMapper, Closeable, BusLifeCycleListener {
+
+ private static final Logger LOG = LogUtils.getL7dLogger(EHCacheIdentityCache.class);
+
+ private IdentityMapper identityMapper;
+ private MemoryIdentityCacheStatistics statistics;
+ private Ehcache cache;
+ private Bus bus;
+ private CacheManager cacheManager;
+
+
+ public EHCacheIdentityCache(
+ IdentityMapper identityMapper, Bus b
+ ) {
+ this(identityMapper, EHCacheIdentityCache.class.getName(), b, null);
+ }
+
+ public EHCacheIdentityCache(
+ IdentityMapper identityMapper, String key, Bus b, URL configFileURL
+ ) {
+ this.identityMapper = identityMapper;
+
+ bus = b;
+ if (bus != null) {
+ b.getExtension(BusLifeCycleManager.class).registerLifeCycleListener(this);
+ }
+
+ if (configFileURL != null) {
+ cacheManager = EHCacheManagerHolder.getCacheManager(configFileURL);
+ } else {
+ cacheManager = EHCacheManagerHolder.getCacheManager(getDefaultConfigFileURL());
+ }
+ CacheConfiguration cc = EHCacheManagerHolder.getCacheConfiguration(key, cacheManager);
+
+ Ehcache newCache = new Cache(cc);
+ cache = cacheManager.addCacheIfAbsent(newCache);
+ }
+
+ public MemoryIdentityCacheStatistics getStatistics() {
+ if (statistics == null) {
+ this.statistics = new MemoryIdentityCacheStatistics();
+ }
+ return statistics;
+ }
+
+ public void setStatistics(MemoryIdentityCacheStatistics stats) {
+ this.statistics = stats;
+ }
+
+ @Override
+ public void add(String user, String realm, Map<String, String> identities) {
+ cache.put(new Element(user + "@" + realm, identities));
+ }
+
+ @SuppressWarnings("unchecked")
+ @ManagedOperation()
+ @Override
+ public Map<String, String> get(String user, String realm) {
+ Element element = cache.get(user + "@" + realm);
+ if (element != null && !cache.isExpired(element)) {
+ return (Map<String, String>)element.getObjectValue();
+ }
+ return null;
+ }
+
+ @Override
+ public void remove(String user, String realm) {
+ cache.remove(user + "@" + realm);
+ }
+
+ @ManagedOperation()
+ @Override
+ public void clear() {
+ cache.removeAll();
+ }
+
+ @ManagedOperation()
+ @Override
+ public int size() {
+ return cache.getSize();
+ }
+
+ @ManagedOperation()
+ public String getContent() {
+ return this.cache.toString();
+ }
+
+ @Override
+ public Principal mapPrincipal(String sourceRealm,
+ Principal sourcePrincipal, String targetRealm) {
+
+ Principal targetPrincipal = null;
+ Map<String, String> identities = this.get(sourcePrincipal.getName(), sourceRealm);
+ if (identities != null) {
+ if (LOG.isLoggable(Level.FINE)) {
+ LOG.fine("Identities found for '" + sourcePrincipal.getName() + "@" + sourceRealm + "'");
+ }
+ // Identities object found for key sourceUser@sourceRealm
+ String targetUser = identities.get(targetRealm);
+ if (targetUser == null) {
+ getStatistics().increaseCacheMiss();
+ if (LOG.isLoggable(Level.FINE)) {
+ LOG.fine("No mapping found for realm " + targetRealm + " of user '"
+ + sourcePrincipal.getName() + "@" + sourceRealm + "'");
+ }
+ // User identity of target realm not cached yet
+ targetPrincipal = this.identityMapper.mapPrincipal(
+ sourceRealm, sourcePrincipal, targetRealm);
+ // Add the identity for target realm to the cached entry
+ identities.put(targetRealm, targetPrincipal.getName());
+
+ // Verify whether target user has cached some identities already
+ Map<String, String> cachedItem = this.get(targetPrincipal.getName(), targetRealm);
+ if (cachedItem != null) {
+ if (LOG.isLoggable(Level.FINE)) {
+ LOG.fine("Merging mappings for '" + sourcePrincipal.getName() + "@" + sourceRealm + "'");
+ }
+ //Identites already cached for targetUser@targetRealm key pair
+ //Merge into identities object
+ this.mergeMap(identities, cachedItem);
+ }
+ this.add(targetPrincipal.getName(), targetRealm, identities);
+ } else {
+ getStatistics().increaseCacheHit();
+ if (LOG.isLoggable(Level.INFO)) {
+ LOG.info("Mapping '" + sourcePrincipal.getName() + "@" + sourceRealm + "' to '"
+ + targetUser + "@" + targetRealm + "' cached");
+ }
+ targetPrincipal = new CustomTokenPrincipal(targetUser);
+ }
+
+ } else {
+ if (LOG.isLoggable(Level.FINE)) {
+ LOG.fine("No mapping found for realm " + targetRealm + " of user '"
+ + sourcePrincipal.getName() + "@" + sourceRealm + "'");
+ }
+ getStatistics().increaseCacheMiss();
+
+ // Identities object NOT found for key sourceUser@sourceRealm
+ targetPrincipal = this.identityMapper.mapPrincipal(
+ sourceRealm, sourcePrincipal, targetRealm);
+ identities = new HashMap<String, String>();
+ identities.put(sourceRealm, sourcePrincipal.getName());
+ identities.put(targetRealm, targetPrincipal.getName());
+ this.add(targetPrincipal.getName(), targetRealm, identities);
+ this.add(sourcePrincipal.getName(), sourceRealm, identities);
+ }
+ return targetPrincipal;
+ }
+
+
+
+ private void mergeMap(Map<String, String> to, Map<String, String> from) {
+ for (String key : from.keySet()) {
+ to.put(key, from.get(key));
+ }
+ for (String key : to.keySet()) {
+ from.put(key, to.get(key));
+ }
+ }
+
+ public void close() {
+ if (cacheManager != null) {
+ EHCacheManagerHolder.releaseCacheManger(cacheManager);
+ cacheManager = null;
+ cache = null;
+ if (bus != null) {
+ bus.getExtension(BusLifeCycleManager.class).unregisterLifeCycleListener(this);
+ }
+ }
+ }
+
+ public void initComplete() {
+ }
+
+ public void preShutdown() {
+ close();
+ }
+
+ public void postShutdown() {
+ close();
+ }
+
+ private URL getDefaultConfigFileURL() {
+ URL url = null;
+ ResourceManager rm = bus.getExtension(ResourceManager.class);
+ url = rm.resolveResource("sts-ehcache.xml", URL.class);
+ try {
+ if (url == null) {
+ url = ClassLoaderUtils.getResource("sts-ehcache.xml", TokenStoreFactory.class);
+ }
+ if (url == null) {
+ url = new URL("sts-ehcache.xml");
+ }
+ return url;
+ } catch (IOException e) {
+ // Do nothing
+ }
+ return null;
+ }
+}
+
Added: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/resources/sts-ehcache.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/resources/sts-ehcache.xml?rev=1498509&view=auto
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/resources/sts-ehcache.xml (added)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/resources/sts-ehcache.xml Mon Jul 1 15:12:44 2013
@@ -0,0 +1,17 @@
+<ehcache xsi:noNamespaceSchemaLocation="ehcache.xsd" updateCheck="false" monitoring="autodetect" dynamicConfig="true" name="cxfSTSSecurityCache">
+
+ <diskStore path="java.io.tmpdir"/>
+
+ <cache name="org.apache.cxf.sts.cache.EHCacheIdentityCache"
+ maxEntriesLocalHeap="5000"
+ eternal="false"
+ timeToIdleSeconds="3600"
+ timeToLiveSeconds="3600"
+ overflowToDisk="true"
+ maxElementsOnDisk="10000000"
+ diskPersistent="false"
+ diskExpiryThreadIntervalSeconds="120"
+ memoryStoreEvictionPolicy="LRU"
+ />
+
+</ehcache>
Added: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/EhCacheIdentityCacheTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/EhCacheIdentityCacheTest.java?rev=1498509&view=auto
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/EhCacheIdentityCacheTest.java (added)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/EhCacheIdentityCacheTest.java Mon Jul 1 15:12:44 2013
@@ -0,0 +1,138 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.cache;
+
+//import java.security.Principal;
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.sts.IdentityMapper;
+import org.apache.wss4j.common.principal.CustomTokenPrincipal;
+
+import org.junit.BeforeClass;
+
+public class EhCacheIdentityCacheTest extends org.junit.Assert {
+
+ @BeforeClass
+ public static void init() throws Exception {
+
+ }
+
+ // tests TokenStore apis for storing in the cache.
+ @org.junit.Test
+ public void testOneMapping() throws Exception {
+ IdentityMapper mapper = new CacheIdentityMapper();
+ Bus bus = BusFactory.getDefaultBus();
+ EHCacheIdentityCache cache = new EHCacheIdentityCache(mapper, bus);
+
+ cache.mapPrincipal("REALM_A", new CustomTokenPrincipal("user_aaa"), "REALM_B");
+ assertEquals(2, cache.size());
+ assertNotNull(cache.get("user_aaa", "REALM_A"));
+ assertNotNull(cache.get("user_bbb", "REALM_B"));
+
+ cache.close();
+ }
+
+
+ @org.junit.Test
+ public void testTwoDistinctMappings() {
+ IdentityMapper mapper = new CacheIdentityMapper();
+ Bus bus = BusFactory.getDefaultBus();
+ EHCacheIdentityCache cache = new EHCacheIdentityCache(mapper, bus);
+
+ cache.mapPrincipal("REALM_A", new CustomTokenPrincipal("user_aaa"), "REALM_B");
+ cache.mapPrincipal("REALM_C", new CustomTokenPrincipal("user_ccc"), "REALM_D");
+ assertEquals(4, cache.size());
+ assertNotNull(cache.get("user_aaa", "REALM_A"));
+ assertNotNull(cache.get("user_bbb", "REALM_B"));
+ assertNotNull(cache.get("user_ccc", "REALM_C"));
+ assertNotNull(cache.get("user_ddd", "REALM_D"));
+
+ cache.close();
+ }
+
+ @org.junit.Test
+ public void testTwoDistinctAndOneRelatedMapping() {
+ IdentityMapper mapper = new CacheIdentityMapper();
+ Bus bus = BusFactory.getDefaultBus();
+ EHCacheIdentityCache cache = new EHCacheIdentityCache(mapper, bus);
+
+ cache.mapPrincipal("REALM_A", new CustomTokenPrincipal("user_aaa"), "REALM_B");
+ cache.mapPrincipal("REALM_C", new CustomTokenPrincipal("user_ccc"), "REALM_D");
+ cache.mapPrincipal("REALM_A", new CustomTokenPrincipal("user_aaa"), "REALM_D");
+ //now, mapping from A -> D and B -> D are cached as well
+ assertEquals(4, cache.size());
+ assertNotNull(cache.get("user_aaa", "REALM_A"));
+ assertNotNull(cache.get("user_bbb", "REALM_B"));
+ assertNotNull(cache.get("user_ccc", "REALM_C"));
+ assertNotNull(cache.get("user_ddd", "REALM_D"));
+ assertEquals(4, cache.get("user_aaa", "REALM_A").size());
+ assertEquals(4, cache.get("user_bbb", "REALM_B").size());
+ assertEquals(4, cache.get("user_ccc", "REALM_C").size());
+ assertEquals(4, cache.get("user_ddd", "REALM_D").size());
+
+ cache.close();
+ }
+
+ @org.junit.Test
+ public void testTwoDistinctAndTwoRelatedMapping() {
+ IdentityMapper mapper = new CacheIdentityMapper();
+ Bus bus = BusFactory.getDefaultBus();
+ EHCacheIdentityCache cache = new EHCacheIdentityCache(mapper, bus);
+
+ cache.mapPrincipal("REALM_A", new CustomTokenPrincipal("user_aaa"), "REALM_B");
+ cache.mapPrincipal("REALM_D", new CustomTokenPrincipal("user_ddd"), "REALM_E");
+ assertEquals(4, cache.size());
+ //No Mapping occured between A,B and D,E (C not involved at all)
+ assertEquals(2, cache.get("user_aaa", "REALM_A").size());
+ assertEquals(2, cache.get("user_bbb", "REALM_B").size());
+ assertEquals(2, cache.get("user_ddd", "REALM_D").size());
+ assertEquals(2, cache.get("user_eee", "REALM_E").size());
+
+ cache.mapPrincipal("REALM_B", new CustomTokenPrincipal("user_bbb"), "REALM_C");
+ assertEquals(5, cache.size());
+ assertNotNull(cache.get("user_aaa", "REALM_A"));
+ assertNotNull(cache.get("user_bbb", "REALM_B"));
+ assertNotNull(cache.get("user_ccc", "REALM_C"));
+ assertNotNull(cache.get("user_ddd", "REALM_D"));
+ assertNotNull(cache.get("user_eee", "REALM_E"));
+ assertEquals(3, cache.get("user_aaa", "REALM_A").size());
+ assertEquals(3, cache.get("user_bbb", "REALM_B").size());
+ assertEquals(3, cache.get("user_ccc", "REALM_C").size());
+ //No mapping occurred between A,B,C and D,E -> distinct
+ assertEquals(2, cache.get("user_ddd", "REALM_D").size());
+ assertEquals(2, cache.get("user_eee", "REALM_E").size());
+
+ cache.mapPrincipal("REALM_C", new CustomTokenPrincipal("user_ccc"), "REALM_E");
+ //All mappings are known now
+ assertEquals(5, cache.size());
+ assertNotNull(cache.get("user_aaa", "REALM_A"));
+ assertNotNull(cache.get("user_bbb", "REALM_B"));
+ assertNotNull(cache.get("user_ccc", "REALM_C"));
+ assertNotNull(cache.get("user_ddd", "REALM_D"));
+ assertNotNull(cache.get("user_eee", "REALM_E"));
+ assertEquals(5, cache.get("user_aaa", "REALM_A").size());
+ assertEquals(5, cache.get("user_bbb", "REALM_B").size());
+ assertEquals(5, cache.get("user_ccc", "REALM_C").size());
+ assertEquals(5, cache.get("user_ddd", "REALM_D").size());
+ assertEquals(5, cache.get("user_eee", "REALM_E").size());
+
+ cache.close();
+ }
+
+}