openstack
/
monasca-api
Code Issues Proposed changes

still need to fix problem when pool is at max

This commit is contained in:
Derrick Johnson 2014-06-19 11:16:52 -07:00
parent c1cc6cd239
commit 18b5e896c7
12 changed files with 163 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pom.xml
View File

@ -124,7 +124,12 @@
<artifactId>CsMiddleware</artifactId>
<version>3.34.0</version>
</dependency> -->
<!-- removing CSMiddleware -->
<!-- removing CSMiddleware -->
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>17.0</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>

1
src/main/java/com/hp/csbu/cc/middleware/AuthClientFactory.java
View File

@ -79,6 +79,7 @@ public abstract class AuthClientFactory {
adminToken, maxActive, timeBetweenEvictionRunsMillis,
minEvictableIdleTimeMillis);
// }
// Pool tweaking
pool.setMaxActive(maxActive);
pool.setMaxIdle(maxIdle);

57
src/main/java/com/hp/csbu/cc/middleware/Config.java
View File

@ -3,15 +3,18 @@ package com.hp.csbu.cc.middleware;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.util.Map;
public class Config implements AuthConstants {
// Thee faithful logger
private static final Logger logger = LoggerFactory
.getLogger(Config.class);
private static final Logger logger = LoggerFactory
.getLogger(Config.class);
private static final Config instance = new Config();
@ -23,7 +26,7 @@ public class Config implements AuthConstants {
// Memcache client--There shall only be one
///private MemcacheCrypt client = null;
//
private TokenCache<String, String> client = null;
// Auth client factory
@ -38,6 +41,9 @@ public class Config implements AuthConstants {
// Memcache timeout value
private long memCacheTimeOut;
//the time to cache token
private long timeToCacheToken;
// flag to set if auth decision can be delegated to next filter
private boolean delayAuthDecision;
@ -69,27 +75,21 @@ public class Config implements AuthConstants {
return instance;
}
public synchronized void initialize(FilterConfig config) throws ServletException {
public synchronized void initialize(FilterConfig config, ServletRequest req, Map<String,String> map) throws ServletException {
this.context = config.getServletContext();
this.filterConfig = config;
try {
// Initialize serviceIds...
//serviceIds = context.getInitParameter(SERVICE_IDS);
serviceIds = filterConfig.getInitParameter(SERVICE_IDS);
serviceIds = filterConfig.getInitParameter(SERVICE_IDS);
// Initialize endpointIds...
//endpointIds = context.getInitParameter(ENDPOINT_IDS);
endpointIds = filterConfig.getInitParameter(ENDPOINT_IDS);
endpointIds = filterConfig.getInitParameter(ENDPOINT_IDS);
// Initialize auth server connection parameters...
String somthing = context
.getInitParameter(SERVER_PORT);
// Initialize auth server connection parameters...
//String host = context.getInitParameter(SERVER_VIP);
String host = filterConfig.getInitParameter(SERVER_VIP);
//int port = Integer.parseInt(context
// .getInitParameter(SERVER_PORT));
int port = Integer.parseInt(filterConfig.getInitParameter(SERVER_PORT));
// HP Keystone Server only supports authentication against
@ -111,19 +111,16 @@ public class Config implements AuthConstants {
this.client = new MemcacheCrypt(cacheHosts, isEncrypted);
}*/
this.client = new TokenCache<>(getValue(MEMCACHE_TIMEOUT,2000L));
// Initialize Certificates
/*String keyStore = context.getInitParameter(KEYSTORE);
String keyPass = context.getInitParameter(KEYSTORE_PASS);
String trustStore = context.getInitParameter(TRUSTSTORE);
String trustPass = context.getInitParameter(TRUSTSTORE_PASS);*/
String keyStore = filterConfig.getInitParameter(KEYSTORE);
String keyPass = filterConfig.getInitParameter(KEYSTORE_PASS);
String trustStore = filterConfig.getInitParameter(TRUSTSTORE);
String trustPass = filterConfig.getInitParameter(TRUSTSTORE_PASS);
String adminToken = getValue(ADMIN_TOKEN, "");
String adminToken = getValue(ADMIN_TOKEN, "");
int timeout = getValue(CONN_TIMEOUT, 0);
boolean clientAuth = getValue(CONN_SSL_CLIENT_AUTH, true);
int maxActive = getValue(CONN_POOL_MAX_ACTIVE, 3);
@ -140,6 +137,7 @@ public class Config implements AuthConstants {
clientAuth, keyStore, keyPass, trustStore, trustPass,
maxActive, maxIdle, evictPeriod, minIdleTime, adminToken);
verifyRequiredParamsForAuthMethod();
this.client = new TokenCache<>(20,map);
logger.info("Auth host (2-way SSL: " + clientAuth + "): " + host);
logger.info("Read Servlet Initialization Parameters ");
initialized = true;
@ -214,18 +212,14 @@ public class Config implements AuthConstants {
// Is caching enabled?
protected boolean isCaching() {
//return this.client != null;
return false;
}
return this.client != null;
}
protected ServletContext getConfig() {
return context;
}
/*protected MemcacheCrypt getClient() {
return client;
}*/
protected TokenCache getClient() {
protected TokenCache<String,String> getClient() {
return client;
}
@ -253,9 +247,14 @@ public class Config implements AuthConstants {
return pauseTime;
}
public long getTimeToCacheToken() { return timeToCacheToken; }
public void setTimeToCacheToken(long timeToCachedToken) {
this.timeToCacheToken = timeToCachedToken;
}
private <T> T getValue(String paramName, T defaultValue) {
Class type = defaultValue.getClass();
//String initparamValue = context.getInitParameter(paramName);
String initparamValue = filterConfig.getInitParameter(paramName);
if (initparamValue != null && !initparamValue.isEmpty()) {
if (type.equals(Integer.class)) {

41
src/main/java/com/hp/csbu/cc/middleware/FilterUtils.java
View File

@ -152,8 +152,15 @@ public class FilterUtils {
JsonArray roles = token.getAsJsonArray("roles");
if (roles != null) {
Iterator<JsonElement> it = roles.iterator();
while (it.hasNext()) {
JsonObject role = it.next().getAsJsonObject();
StringBuilder roleBuilder = new StringBuilder();
while (it.hasNext()) {
//Changed to meet my purposes
JsonObject role = it.next().getAsJsonObject();
String currentRole = role.get("name").getAsString();
roleBuilder.append(currentRole).append(",");
/*JsonObject role = it.next().getAsJsonObject();
if (role.get("HP-IDM") != null) {
JsonObject hpIdm = role.get("HP-IDM").getAsJsonObject();
if (hpIdm.get("projectId") != null) {
@ -163,8 +170,10 @@ public class FilterUtils {
nonTenants.append(",");
nonTenants.append(role.get("name").getAsString());
}
}
} */
}
//My changes to meet my needs
req.setAttribute(AUTH_ROLES, roleBuilder.toString());
}
String tenantRoles = (tenants.length() > 0) ? tenants.substring(1)
: tenants.toString();
@ -256,17 +265,17 @@ public class FilterUtils {
}
req.setAttribute(AUTH_IDENTITY_STATUS,
IdentityStatus.Confirmed.toString());
//if (data instanceof String) {
if (data instanceof String) {
wrapRequestFromHttpResponse(req, ((String) data));
//} else {
// wrapRequestFromThriftResponse(req, data);
//}
} else {
wrapRequestFromThriftResponse(req, data);
}
return req;
}
/*private static void wrapRequestFromThriftResponse(ServletRequest req,
private static void wrapRequestFromThriftResponse(ServletRequest req,
Object data) {
StringBuilder tenants = new StringBuilder();
/*StringBuilder tenants = new StringBuilder();
StringBuilder nonTenants = new StringBuilder();
if (data instanceof AuthResponseV2) {
AuthResponseV2 auth = (AuthResponseV2) data;
@ -339,10 +348,10 @@ public class FilterUtils {
}
setDeprecatedHeaders(req, auth, tenantRoles);
}
} */
/*private static List<CatalogV3> buildServiceCatalogV3(
}*/
}
/*
private static List<CatalogV3> buildServiceCatalogV3(
List<ServiceForCatalogV3> catalogs) {
List<CatalogV3> v3Catalogs = new ArrayList<CatalogV3>();
for (ServiceForCatalogV3 catalog : catalogs) {
@ -374,8 +383,8 @@ public class FilterUtils {
v3Catalogs.add(catalogv3);
}
return v3Catalogs;
} */
}
/*
// Method will be removed after keystone removes the deprecated headers.
/*private static void setDeprecatedHeaders(ServletRequest req,
AuthResponseV3 auth, String tenantRoles) {
@ -397,7 +406,7 @@ public class FilterUtils {
// Insert token into cache
public static void cacheToken(String token, Object auth) {
if (isCaching()) {
appConfig.getClient().put(token, auth);
appConfig.getClient().put(token, (String) auth);
/*try {
appConfig.getClient().putToken(token, auth);
} catch (TimeoutException e) {

8
src/main/java/com/hp/csbu/cc/middleware/HttpAuthClient.java
View File

@ -141,9 +141,9 @@ public class HttpAuthClient implements AuthClient {
get.setHeader(header);
}
}
if (!appConfig.getAdminAuthMethod().isEmpty()) {
get.setHeader(new BasicHeader(TOKEN, getAdminToken()));
}
//if (!appConfig.getAdminAuthMethod().isEmpty()) {
get.setHeader(new BasicHeader(TOKEN, "password"));//getAdminToken()));
//}
try {
response = client.execute(get);
} catch (IOException e) {
@ -198,7 +198,7 @@ public class HttpAuthClient implements AuthClient {
adminToken = token.get("id").getAsString();
adminTokenExpiry = token.get("expires").getAsString();
} else {
StringEntity params = getUnscopedV3AdminTokenRequest();
StringEntity params = getUnscopedV3AdminTokenRequest();
String authUri = uri + "/v3/auth/tokens";
response = sendPost(authUri, params);
adminToken = response.getFirstHeader(AUTH_SUBJECT_TOKEN)

33
src/main/java/com/hp/csbu/cc/middleware/TokenAuth.java
View File

@ -47,7 +47,7 @@ public class TokenAuth implements Filter, AuthConstants {
private static final String SERVICE_CATALOG_PARAM = "includeCatalog";
private static final String API_VERSION_PARAM = "apiVersion";
private final Config appConfig = Config.getInstance();
private final Config appConfig = Config.getInstance();
private FilterConfig filterConfig;
@ -76,14 +76,14 @@ public class TokenAuth implements Filter, AuthConstants {
Object auth = null;
int numberOfTries = 0;
if (!appConfig.isInitialized()) {
appConfig.initialize(filterConfig);
appConfig.initialize(filterConfig,req,getInputParams());
}
int retries = appConfig.getRetries();
long pauseTime = appConfig.getPauseTime();
AuthClientFactory factory = appConfig.getFactory();
AuthClientFactory factory = appConfig.getFactory();
// Extract credential
String token = ((HttpServletRequest) req).getHeader(TOKEN);
String token = ((HttpServletRequest) req).getHeader(TOKEN);
if (token == null) {
if (!appConfig.isDelayAuthDecision()) {
@ -103,20 +103,25 @@ public class TokenAuth implements Filter, AuthConstants {
AuthClient client = null;
do {
try {
auth = FilterUtils.getCachedToken(token);
client = factory.getClient();
if (appConfig.getAuthVersion().equalsIgnoreCase("v2.0")) {
auth = client.validateTokenForServiceEndpointV2(token, appConfig.getServiceIds(),
appConfig.getEndpointIds(), appConfig.isIncludeCatalog());
/*if (appConfig.getAuthVersion().equalsIgnoreCase("v2.0")) {
auth = client.validateTokenForServiceEndpointV2((token, appConfig.getServiceIds(),
appConfig.getEndpointIds(), appConfig.isIncludeCatalog());
} else {
auth = client.validateTokenForServiceEndpointV3(token, getInputParams());
}
// Cache token
FilterUtils.cacheToken(token, auth);
//auth = client.validateTokenForServiceEndpointV3(token, getInputParams());
auth = new TokenCache<String,String>(appConfig.getTimeToCacheToken(),getInputParams());
} */
// Cache token
//FilterUtils.cacheToken(token, auth);
// Return to connection pool for re-use
factory.recycle(client);
factory.recycle(client);
logger.debug("Successful Authentication");
break;
} catch (TTransportException t) {
}/* catch (TTransportException t) {
if (client != null)
factory.discard(client);
if (numberOfTries < retries) {
@ -148,7 +153,7 @@ public class TokenAuth implements Filter, AuthConstants {
handler.onException(c, resp, token);
}
return;
}catch (Exception ex) {
}*/catch (Exception ex) {
if (client != null)
factory.recycle(client);
TokenExceptionHandler handler = ExceptionHandlerUtil

71
src/main/java/com/hp/csbu/cc/middleware/TokenCache.java
View File

@ -1,22 +1,71 @@
package com.hp.csbu.cc.middleware;
import org.apache.commons.collections4.map.PassiveExpiringMap;
/**
* Created by johnderr on 6/9/14.
*/
public class TokenCache<K,V> {
private PassiveExpiringMap<K,V> map;
import com.google.common.cache.*;
import org.apache.http.client.ClientProtocolException;
import org.apache.thrift.TException;
import org.apache.thrift.transport.TTransportException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public TokenCache(Long timeToExpire) {
map = new PassiveExpiringMap<>(timeToExpire);
import java.util.Map;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
public class TokenCache<K,V> {
private final LoadingCache<K,V> cache;
private final Config appConfig = Config.getInstance();
private AuthClientFactory factory;
private AuthClient client;
private static final Logger logger = LoggerFactory
.getLogger(TokenCache.class);
public TokenCache(final long timeToExpire, final Map<String,String> map) {
factory = appConfig.getFactory();
cache = CacheBuilder.newBuilder().maximumSize(10000)
.expireAfterWrite(timeToExpire, TimeUnit.SECONDS)
.build(new CacheLoader<K, V>() {
public V load(K key) throws TException,ClientProtocolException {
//return (V) client.validateTokenForServiceEndpointV3((String)key,map);
V value = null;
//AuthClient client = null;
try {
client = factory.getClient();
if (appConfig.getAuthVersion().equals("v2.0")) {
value = (V) client.validateTokenForServiceEndpointV2((String) key, appConfig.getServiceIds(),
appConfig.getEndpointIds(), appConfig.isIncludeCatalog());
} else {
value = (V) client.validateTokenForServiceEndpointV3((String) key, map);
}
}catch(Exception e) {
//factory.discard(client);
factory.recycle(client);
throw e;
}
return value;
}
});
}
public V getToken(K key) {
public V getToken(K key) {
V value = null;
return map.get(key);
try {
value = cache.get(key);
} catch (ExecutionException e) {
logger.debug("Problem retrieving key from cache: " + e.getStackTrace());
factory.recycle(client);
}
return value;
}
public void put(K key, V value) {
map.put(key,value);
cache.put(key,value);
}
}

7
src/main/java/com/hp/csbu/cc/middleware/TokenExceptionHandler.java
View File

@ -10,7 +10,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.apache.thrift.TException;
//import com.hp.csbu.cc.security.cs.thrift.service.ResourceException;
import com.hp.csbu.cc.security.cs.thrift.service.ResourceException;
public enum TokenExceptionHandler {
@ -62,7 +62,7 @@ public enum TokenExceptionHandler {
}
}
},
/*ResourceException {
ResourceException {
@Override
public void onException(Exception e, ServletResponse resp, String token) {
ResourceException re = (ResourceException) e;
@ -81,8 +81,7 @@ public enum TokenExceptionHandler {
+ ie.getMessage() + " " + ie);
}
}
},*/
},
AuthException {
@Override
public void onException(Exception e, ServletResponse resp, String token) {

6
src/main/java/com/hp/csbu/cc/security/cs/thrift/service/ResourceException.java
View File

@ -155,7 +155,7 @@
/* */
/* */ public void setFieldValue(_Fields field, Object value)
/* */ {
/* 246 */ switch (field.ordinal()) {//1.$SwitchMap$com$hp$csbu$cc$security$cs$thrift$service$ResourceException$_Fields[field.ordinal()]) {
/* 246 */ switch (field.ordinal()) {
/* */ case 1:
/* 248 */ if (value == null)
/* 249 */ unsetCode();
@ -181,7 +181,7 @@
/* */
/* */ public Object getFieldValue(_Fields field)
/* */ {
/* 275 */ switch (field.ordinal()) {//1.$SwitchMap$com$hp$csbu$cc$security$cs$thrift$service$ResourceException$_Fields[field.ordinal()]) {
/* 275 */ switch (field.ordinal()) {
/* */ case 1:
/* 277 */ return Integer.valueOf(getCode());
/* */ case 2:
@ -199,7 +199,7 @@
/* 292 */ throw new IllegalArgumentException();
/* */ }
/* */
/* 295 */ switch (field.ordinal()) {//1.$SwitchMap$com$hp$csbu$cc$security$cs$thrift$service$ResourceException$_Fields[field.ordinal()]) {
/* 295 */ switch (field.ordinal()) {
/* */ case 1:
/* 297 */ return isSetCode();
/* */ case 2:

5
src/main/java/com/hpcloud/mon/MonApiApplication.java
View File

@ -121,9 +121,10 @@ public class MonApiApplication extends Application<MonApiConfiguration> {
authInitParams.put("ConnRetryTimes", config.middleware.connRetryTimes);
authInitParams.put("ConnRetryInterval", config.middleware.connRetryInterval);
authInitParams.put("AdminToken", config.middleware.adminToken);
authInitParams.put("AdminAuthMethod", config.middleware.adminToken);
authInitParams.put("ExpireCacheToken", config.middleware.timeToCacheToken);
/* authInitParams.put("AdminAuthMethod", config.middleware.adminToken);
authInitParams.put("AdminUser", "admin");
authInitParams.put("AdminPassword", "password");
authInitParams.put("AdminPassword", "password");*/

3
src/main/java/com/hpcloud/mon/infrastructure/middleware/MiddlewareConfiguration.java
View File

@ -46,5 +46,6 @@ public class MiddlewareConfiguration {
@NotEmpty @JsonProperty public String connRetryTimes;
@NotEmpty @JsonProperty public String connRetryInterval;
@NotEmpty @JsonProperty public String adminToken;
@NotNull @JsonProperty public List<String> rolesToMatch;
@NotNull @JsonProperty public List<String> rolesToMatch;
@JsonProperty public String timeToCacheToken;
}

10
src/main/java/com/hpcloud/mon/infrastructure/servlet/PostAuthenticationFilter.java
View File

@ -45,7 +45,7 @@ public class PostAuthenticationFilter implements Filter {
static final String CONFIRMED_STATUS = "CONFIRMED";
static final String X_ROLES_ATTRIBUTE = "X-ROLES";
static final String X_IDENTITY_STATUS_ATTRIBUTE = "X-IDENTITY-STATUS";
private static final String X_TENANT_ID_ATTRIBUTE = "X-TENANT-ID";
private static final String X_TENANT_ID_ATTRIBUTE = "X-PROJECT-ID";//X-TENANT-ID";
static final String X_TENANT_ID_HEADER = "X-Tenant-Id";
private final List<String> rolesToMatch = new ArrayList<String>();
@ -67,6 +67,14 @@ public class PostAuthenticationFilter implements Filter {
try {
Object tenantId = request.getAttribute(X_TENANT_ID_ATTRIBUTE);
Object projectId = request.getAttribute("X-PROJECT-ID");
tenantId= projectId;
/*while(request.getAttributeNames().hasMoreElements()) {
System.out.println(request.getAttributeNames().nextElement());
} */
System.out.println("this is the project id:"+projectId);
System.out.println("This is the tenantId"+tenantId);
if (tenantId == null)
sendAuthError(res, null, null, null);
tenantIdStr = tenantId.toString();