You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ow...@apache.org on 2013/06/03 22:40:27 UTC
svn commit: r1489161 - in
/cxf/branches/2.7.x-fixes/services/sts/sts-core/src:
main/java/org/apache/cxf/sts/cache/ test/java/org/apache/cxf/sts/cache/
Author: owulff
Date: Mon Jun 3 20:40:26 2013
New Revision: 1489161
URL: http://svn.apache.org/r1489161
Log:
[CXF-4463] Support caching for mapped principals/identities
Added:
cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/IdentityCache.java
cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCache.java
cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCacheStatistics.java
cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/CacheIdentityMapper.java
cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/MemoryIdentityCacheTest.java
Added: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/IdentityCache.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/IdentityCache.java?rev=1489161&view=auto
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/IdentityCache.java (added)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/IdentityCache.java Mon Jun 3 20:40:26 2013
@@ -0,0 +1,36 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.cache;
+
+import java.util.Map;
+
+public interface IdentityCache {
+
+ void add(String user, String realm, Map<String, String> identities);
+
+ Map<String, String> get(String user, String realm);
+
+ void remove(String user, String realm);
+
+ void clear();
+
+ int size();
+
+}
Added: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCache.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCache.java?rev=1489161&view=auto
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCache.java (added)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCache.java Mon Jun 3 20:40:26 2013
@@ -0,0 +1,192 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.cache;
+
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.sts.IdentityMapper;
+import org.apache.ws.security.CustomTokenPrincipal;
+import org.springframework.jmx.export.annotation.ManagedOperation;
+import org.springframework.jmx.export.annotation.ManagedResource;
+
+/**
+ * A simple in-memory HashMap based cache to cache identities in different realms where
+ * the relationship is of type FederateIdentity.
+ */
+@ManagedResource()
+public class MemoryIdentityCache implements IdentityCache, IdentityMapper {
+
+ private static final Logger LOG = LogUtils.getL7dLogger(MemoryIdentityCache.class);
+
+ private final Map<String, Map<String, String>> cache =
+ Collections.synchronizedMap(new HashMap<String, Map<String, String>>());
+
+ private long maxCacheItems = 10000L;
+
+ private IdentityMapper identityMapper;
+
+ private MemoryIdentityCacheStatistics statistics;
+
+
+ protected MemoryIdentityCache() {
+
+ }
+
+ public MemoryIdentityCache(IdentityMapper identityMapper) {
+ this.identityMapper = identityMapper;
+ }
+
+ public MemoryIdentityCacheStatistics getStatistics() {
+ if (statistics == null) {
+ this.statistics = new MemoryIdentityCacheStatistics();
+ }
+ return statistics;
+ }
+
+ public void setStatistics(MemoryIdentityCacheStatistics stats) {
+ this.statistics = stats;
+ }
+
+ public long getMaxCacheItems() {
+ return maxCacheItems;
+ }
+
+ public void setMaxCacheItems(long maxCacheItems) {
+ this.maxCacheItems = maxCacheItems;
+ }
+
+ @Override
+ public void add(String user, String realm, Map<String, String> identities) {
+ if (cache.size() >= maxCacheItems) {
+ cache.clear();
+ }
+ cache.put(user + "@" + realm, identities);
+ }
+
+ @ManagedOperation()
+ @Override
+ public Map<String, String> get(String user, String realm) {
+ return cache.get(user + "@" + realm);
+ }
+
+ @Override
+ public void remove(String user, String realm) {
+ cache.remove(user + "@" + realm);
+ }
+
+ @ManagedOperation()
+ @Override
+ public void clear() {
+ cache.clear();
+ }
+
+ @ManagedOperation()
+ @Override
+ public int size() {
+ return cache.size();
+ }
+
+ @ManagedOperation()
+ public String getContent() {
+ return this.cache.toString();
+ }
+
+ @Override
+ public Principal mapPrincipal(String sourceRealm,
+ Principal sourcePrincipal, String targetRealm) {
+
+ Principal targetPrincipal = null;
+ Map<String, String> identities = this.get(sourcePrincipal.getName(), sourceRealm);
+ if (identities != null) {
+ if (LOG.isLoggable(Level.FINE)) {
+ LOG.fine("Identities found for '" + sourcePrincipal.getName() + "@" + sourceRealm + "'");
+ }
+ // Identities object found for key sourceUser@sourceRealm
+ String targetUser = identities.get(targetRealm);
+ if (targetUser == null) {
+ getStatistics().increaseCacheMiss();
+ if (LOG.isLoggable(Level.FINE)) {
+ LOG.fine("No mapping found for realm " + targetRealm + " of user '"
+ + sourcePrincipal.getName() + "@" + sourceRealm + "'");
+ }
+ // User identity of target realm not cached yet
+ targetPrincipal = this.identityMapper.mapPrincipal(
+ sourceRealm, sourcePrincipal, targetRealm);
+ // Add the identity for target realm to the cached entry
+ identities.put(targetRealm, targetPrincipal.getName());
+
+ // Verify whether target user has cached some identities already
+ Map<String, String> cachedItem = this.get(targetPrincipal.getName(), targetRealm);
+ if (cachedItem != null) {
+ if (LOG.isLoggable(Level.FINE)) {
+ LOG.fine("Merging mappings for '" + sourcePrincipal.getName() + "@" + sourceRealm + "'");
+ }
+ //Identites already cached for targetUser@targetRealm key pair
+ //Merge into identities object
+ this.mergeMap(identities, cachedItem);
+ }
+ this.add(targetPrincipal.getName(), targetRealm, identities);
+ } else {
+ getStatistics().increaseCacheHit();
+ if (LOG.isLoggable(Level.INFO)) {
+ LOG.info("Mapping '" + sourcePrincipal.getName() + "@" + sourceRealm + "' to '"
+ + targetUser + "@" + targetRealm + "' cached");
+ }
+ targetPrincipal = new CustomTokenPrincipal(targetUser);
+ }
+
+ } else {
+ if (LOG.isLoggable(Level.FINE)) {
+ LOG.fine("No mapping found for realm " + targetRealm + " of user '"
+ + sourcePrincipal.getName() + "@" + sourceRealm + "'");
+ }
+ getStatistics().increaseCacheMiss();
+
+ // Identities object NOT found for key sourceUser@sourceRealm
+ targetPrincipal = this.identityMapper.mapPrincipal(
+ sourceRealm, sourcePrincipal, targetRealm);
+ identities = new HashMap<String, String>();
+ identities.put(sourceRealm, sourcePrincipal.getName());
+ identities.put(targetRealm, targetPrincipal.getName());
+ this.add(targetPrincipal.getName(), targetRealm, identities);
+ this.add(sourcePrincipal.getName(), sourceRealm, identities);
+ }
+ System.out.println("Cache content: " + this.cache.toString());
+ return targetPrincipal;
+ }
+
+
+
+ private void mergeMap(Map<String, String> to, Map<String, String> from) {
+ for (String key : from.keySet()) {
+ to.put(key, from.get(key));
+ }
+ for (String key : to.keySet()) {
+ from.put(key, to.get(key));
+ }
+ }
+}
+
Added: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCacheStatistics.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCacheStatistics.java?rev=1489161&view=auto
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCacheStatistics.java (added)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCacheStatistics.java Mon Jun 3 20:40:26 2013
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.cache;
+
+import org.springframework.jmx.export.annotation.ManagedAttribute;
+import org.springframework.jmx.export.annotation.ManagedResource;
+
+@ManagedResource()
+public class MemoryIdentityCacheStatistics {
+
+ private long cacheMiss;
+ private long cacheHit;
+
+ @ManagedAttribute()
+ public synchronized long getCacheMiss() {
+ return cacheMiss;
+ }
+
+ @ManagedAttribute()
+ public synchronized long getCacheHit() {
+ return cacheHit;
+ }
+
+ protected synchronized void increaseCacheHit() {
+ cacheHit++;
+ }
+
+ protected synchronized void increaseCacheMiss() {
+ cacheMiss++;
+ }
+
+}
Added: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/CacheIdentityMapper.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/CacheIdentityMapper.java?rev=1489161&view=auto
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/CacheIdentityMapper.java (added)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/CacheIdentityMapper.java Mon Jun 3 20:40:26 2013
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.cache;
+
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.cxf.sts.IdentityMapper;
+import org.apache.ws.security.CustomTokenPrincipal;
+
+public class CacheIdentityMapper implements IdentityMapper {
+
+ Map<String, Map<String, String>> mappingTable =
+ Collections.synchronizedMap(new HashMap<String, Map<String, String>>());
+
+
+ CacheIdentityMapper() {
+ Map<String, String> identities = new HashMap<String, String>();
+ identities.put("REALM_A", "user_aaa");
+ identities.put("REALM_B", "user_bbb");
+ identities.put("REALM_C", "user_ccc");
+ identities.put("REALM_D", "user_ddd");
+ identities.put("REALM_E", "user_eee");
+ mappingTable.put("user_aaa@REALM_A", identities);
+ mappingTable.put("user_bbb@REALM_B", identities);
+ mappingTable.put("user_ccc@REALM_C", identities);
+ mappingTable.put("user_ddd@REALM_D", identities);
+ mappingTable.put("user_eee@REALM_E", identities);
+ }
+
+ @Override
+ public Principal mapPrincipal(String sourceRealm,
+ Principal sourcePrincipal, String targetRealm) {
+
+ Map<String, String> identities = mappingTable.get(sourcePrincipal.getName() + "@" + sourceRealm);
+ if (identities == null) {
+ return null;
+ }
+ String targetUser = identities.get(targetRealm);
+ if (targetUser == null) {
+ return null;
+ }
+ return new CustomTokenPrincipal(targetUser);
+
+ }
+
+}
Added: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/MemoryIdentityCacheTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/MemoryIdentityCacheTest.java?rev=1489161&view=auto
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/MemoryIdentityCacheTest.java (added)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/MemoryIdentityCacheTest.java Mon Jun 3 20:40:26 2013
@@ -0,0 +1,129 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.cache;
+
+//import java.security.Principal;
+import org.apache.cxf.sts.IdentityMapper;
+import org.apache.ws.security.CustomTokenPrincipal;
+
+import org.junit.BeforeClass;
+
+public class MemoryIdentityCacheTest extends org.junit.Assert {
+
+ @BeforeClass
+ public static void init() throws Exception {
+
+ }
+
+ // tests TokenStore apis for storing in the cache.
+ @org.junit.Test
+ public void testOneMapping() throws Exception {
+ System.out.println("***************");
+ IdentityMapper mapper = new CacheIdentityMapper();
+ MemoryIdentityCache cache = new MemoryIdentityCache(mapper);
+
+ cache.mapPrincipal("REALM_A", new CustomTokenPrincipal("user_aaa"), "REALM_B");
+ assertEquals(2, cache.size());
+ assertNotNull(cache.get("user_aaa", "REALM_A"));
+ assertNotNull(cache.get("user_bbb", "REALM_B"));
+ }
+
+
+ @org.junit.Test
+ public void testTwoDistinctMappings() {
+ System.out.println("***************");
+ IdentityMapper mapper = new CacheIdentityMapper();
+ MemoryIdentityCache cache = new MemoryIdentityCache(mapper);
+
+ cache.mapPrincipal("REALM_A", new CustomTokenPrincipal("user_aaa"), "REALM_B");
+ cache.mapPrincipal("REALM_C", new CustomTokenPrincipal("user_ccc"), "REALM_D");
+ assertEquals(4, cache.size());
+ assertNotNull(cache.get("user_aaa", "REALM_A"));
+ assertNotNull(cache.get("user_bbb", "REALM_B"));
+ assertNotNull(cache.get("user_ccc", "REALM_C"));
+ assertNotNull(cache.get("user_ddd", "REALM_D"));
+
+ }
+
+ @org.junit.Test
+ public void testTwoDistinctAndOneRelatedMapping() {
+ System.out.println("***************");
+ IdentityMapper mapper = new CacheIdentityMapper();
+ MemoryIdentityCache cache = new MemoryIdentityCache(mapper);
+
+ cache.mapPrincipal("REALM_A", new CustomTokenPrincipal("user_aaa"), "REALM_B");
+ cache.mapPrincipal("REALM_C", new CustomTokenPrincipal("user_ccc"), "REALM_D");
+ cache.mapPrincipal("REALM_A", new CustomTokenPrincipal("user_aaa"), "REALM_D");
+ //now, mapping from A -> D and B -> D are cached as well
+ assertEquals(4, cache.size());
+ assertNotNull(cache.get("user_aaa", "REALM_A"));
+ assertNotNull(cache.get("user_bbb", "REALM_B"));
+ assertNotNull(cache.get("user_ccc", "REALM_C"));
+ assertNotNull(cache.get("user_ddd", "REALM_D"));
+ assertEquals(4, cache.get("user_aaa", "REALM_A").size());
+ assertEquals(4, cache.get("user_bbb", "REALM_B").size());
+ assertEquals(4, cache.get("user_ccc", "REALM_C").size());
+ assertEquals(4, cache.get("user_ddd", "REALM_D").size());
+ }
+
+ @org.junit.Test
+ public void testTwoDistinctAndTwoRelatedMapping() {
+ System.out.println("***************");
+ IdentityMapper mapper = new CacheIdentityMapper();
+ MemoryIdentityCache cache = new MemoryIdentityCache(mapper);
+
+ cache.mapPrincipal("REALM_A", new CustomTokenPrincipal("user_aaa"), "REALM_B");
+ cache.mapPrincipal("REALM_D", new CustomTokenPrincipal("user_ddd"), "REALM_E");
+ assertEquals(4, cache.size());
+ //No Mapping occured between A,B and D,E (C not involved at all)
+ assertEquals(2, cache.get("user_aaa", "REALM_A").size());
+ assertEquals(2, cache.get("user_bbb", "REALM_B").size());
+ assertEquals(2, cache.get("user_ddd", "REALM_D").size());
+ assertEquals(2, cache.get("user_eee", "REALM_E").size());
+
+ cache.mapPrincipal("REALM_B", new CustomTokenPrincipal("user_bbb"), "REALM_C");
+ assertEquals(5, cache.size());
+ assertNotNull(cache.get("user_aaa", "REALM_A"));
+ assertNotNull(cache.get("user_bbb", "REALM_B"));
+ assertNotNull(cache.get("user_ccc", "REALM_C"));
+ assertNotNull(cache.get("user_ddd", "REALM_D"));
+ assertNotNull(cache.get("user_eee", "REALM_E"));
+ assertEquals(3, cache.get("user_aaa", "REALM_A").size());
+ assertEquals(3, cache.get("user_bbb", "REALM_B").size());
+ assertEquals(3, cache.get("user_ccc", "REALM_C").size());
+ //No mapping occurred between A,B,C and D,E -> distinct
+ assertEquals(2, cache.get("user_ddd", "REALM_D").size());
+ assertEquals(2, cache.get("user_eee", "REALM_E").size());
+
+ cache.mapPrincipal("REALM_C", new CustomTokenPrincipal("user_ccc"), "REALM_E");
+ //All mappings are known now
+ assertEquals(5, cache.size());
+ assertNotNull(cache.get("user_aaa", "REALM_A"));
+ assertNotNull(cache.get("user_bbb", "REALM_B"));
+ assertNotNull(cache.get("user_ccc", "REALM_C"));
+ assertNotNull(cache.get("user_ddd", "REALM_D"));
+ assertNotNull(cache.get("user_eee", "REALM_E"));
+ assertEquals(5, cache.get("user_aaa", "REALM_A").size());
+ assertEquals(5, cache.get("user_bbb", "REALM_B").size());
+ assertEquals(5, cache.get("user_ccc", "REALM_C").size());
+ assertEquals(5, cache.get("user_ddd", "REALM_D").size());
+ assertEquals(5, cache.get("user_eee", "REALM_E").size());
+ }
+
+}