commented out unnecessary files and code
This commit is contained in:
parent
18b5e896c7
commit
43bda2ef53
2
pom.xml
2
pom.xml
|
@ -133,7 +133,7 @@
|
|||
<dependency>
|
||||
<groupId>org.apache.httpcomponents</groupId>
|
||||
<artifactId>httpclient</artifactId>
|
||||
<version>4.3.3</version>
|
||||
<version>4.2.1</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
|
|
|
@ -8,9 +8,9 @@ import org.apache.thrift.TException;
|
|||
import org.apache.thrift.TException;
|
||||
|
||||
|
||||
import com.hp.csbu.cc.security.cs.thrift.service.AuthResponse;
|
||||
import com.hp.csbu.cc.security.cs.thrift.service.ResourceException;
|
||||
import com.hp.csbu.cc.security.cs.thrift.service.SigAuthRequest;
|
||||
//import com.hp.csbu.cc.security.cs.thrift.service.AuthResponse;
|
||||
//import com.hp.csbu.cc.security.cs.thrift.service.ResourceException;
|
||||
//import com.hp.csbu.cc.security.cs.thrift.service.SigAuthRequest;
|
||||
|
||||
|
||||
/**
|
||||
|
@ -22,10 +22,10 @@ import com.hp.csbu.cc.security.cs.thrift.service.SigAuthRequest;
|
|||
public interface AuthClient {
|
||||
public Object validateTokenForServiceEndpointV2(String token,
|
||||
String serviceIds, String endpointIds, boolean includeCatalog)
|
||||
throws TException, ClientProtocolException; //ResourceException
|
||||
throws TException, ClientProtocolException;//, ResourceException;
|
||||
public Object validateTokenForServiceEndpointV3(String token,
|
||||
Map<String, String> inputParams) throws TException, ClientProtocolException; //ResourceException
|
||||
Map<String, String> inputParams) throws TException, ClientProtocolException;//, ResourceException;
|
||||
|
||||
public AuthResponse validateSignature(SigAuthRequest request) throws ResourceException, TException;
|
||||
//public AuthResponse validateSignature(SigAuthRequest request) throws ResourceException, TException;
|
||||
|
||||
}
|
||||
|
|
|
@ -76,7 +76,7 @@ public abstract class AuthClientFactory {
|
|||
} else {*/
|
||||
instance = new HttpClientFactory(host, port, timeout,
|
||||
clientAuth, keyStore, keyPass, trustStore, trustPass,
|
||||
adminToken, maxActive, timeBetweenEvictionRunsMillis,
|
||||
adminToken, maxActive, timeBetweenEvictionRunsMillis,
|
||||
minEvictableIdleTimeMillis);
|
||||
// }
|
||||
|
||||
|
@ -113,8 +113,11 @@ public abstract class AuthClientFactory {
|
|||
*/
|
||||
public void recycle(AuthClient client) {
|
||||
try {
|
||||
pool.returnObject(client);
|
||||
} catch (Exception e) {
|
||||
//int nonIdle = pool.getNumActive();
|
||||
//if(nonIdle >1)
|
||||
pool.returnObject(client);
|
||||
|
||||
} catch (Exception e) {
|
||||
throw new AuthConnectionException("Failed to recycle client", e);
|
||||
}
|
||||
}
|
||||
|
@ -129,6 +132,7 @@ public abstract class AuthClientFactory {
|
|||
try {
|
||||
pool.invalidateObject(client);
|
||||
} catch (Exception e) {
|
||||
System.out.println("AuthConnection problem destorying");
|
||||
throw new AuthConnectionException("Failed to destroy client", e);
|
||||
}
|
||||
}
|
||||
|
@ -141,6 +145,6 @@ public abstract class AuthClientFactory {
|
|||
pool.close();
|
||||
} catch (Exception e) {
|
||||
throw new AuthConnectionException("Failed to close client pool", e);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -93,6 +93,7 @@ public interface AuthConstants {
|
|||
|
||||
public static final String SIGNATURE_METHOD = "HmacSHA1";
|
||||
|
||||
public static final String TIME_TO_CACHE_TOKEN ="TimeToCacheToken";
|
||||
/** Version of CS to authenticate the credentials **/
|
||||
public static final String AUTH_VERSION = "AuthVersion";
|
||||
|
||||
|
|
|
@ -39,7 +39,7 @@ public class Config implements AuthConstants {
|
|||
private String endpointIds;
|
||||
|
||||
// Memcache timeout value
|
||||
private long memCacheTimeOut;
|
||||
// private long memCacheTimeOut;
|
||||
|
||||
//the time to cache token
|
||||
private long timeToCacheToken;
|
||||
|
@ -104,15 +104,13 @@ public class Config implements AuthConstants {
|
|||
|
||||
// Initialize memcache...
|
||||
String cacheHosts = context.getInitParameter(MEMCACHE_HOSTS);
|
||||
boolean isEncrypted = Boolean.valueOf(context
|
||||
/*boolean isEncrypted = Boolean.valueOf(context
|
||||
.getInitParameter(MEMCACHE_ENCRYPT));
|
||||
memCacheTimeOut = getValue(MEMCACHE_TIMEOUT, 2000L);
|
||||
memCacheTimeOut = getValue(MEMCACHE_TIMEOUT, 2000L);*/
|
||||
/* if (cacheHosts != null && !cacheHosts.isEmpty()) {
|
||||
this.client = new MemcacheCrypt(cacheHosts, isEncrypted);
|
||||
}*/
|
||||
|
||||
|
||||
|
||||
// Initialize Certificates
|
||||
|
||||
String keyStore = filterConfig.getInitParameter(KEYSTORE);
|
||||
|
@ -125,7 +123,7 @@ public class Config implements AuthConstants {
|
|||
boolean clientAuth = getValue(CONN_SSL_CLIENT_AUTH, true);
|
||||
int maxActive = getValue(CONN_POOL_MAX_ACTIVE, 3);
|
||||
int maxIdle = getValue(CONN_POOL_MAX_IDLE, 3);
|
||||
long evictPeriod = getValue(CONN_POOL_EVICT_PERIOD, 60000L);
|
||||
long evictPeriod = getValue(CONN_POOL_EVICT_PERIOD, 60000L);
|
||||
long minIdleTime = getValue(CONN_POOL_MIN_IDLE_TIME, 90000L);
|
||||
retries = getValue(CONN_TIMEOUT_RETRIES, 3);
|
||||
pauseTime = getValue(PAUSE_BETWEEN_RETRIES, 100);
|
||||
|
@ -133,11 +131,18 @@ public class Config implements AuthConstants {
|
|||
includeCatalog = getValue(INCLUDE_SERVICE_CATALOG, true);
|
||||
adminAuthMethod = getValue(ADMIN_AUTH_METHOD, "");
|
||||
adminProjectId = getValue(ADMIN_PROJECT_ID, "");
|
||||
this.factory = AuthClientFactory.build(host, port, timeout,
|
||||
timeToCacheToken = getValue(TIME_TO_CACHE_TOKEN,600);
|
||||
/*this.factory = AuthClientFactory.build(host, port, timeout,
|
||||
clientAuth, keyStore, keyPass, trustStore, trustPass,
|
||||
maxActive, maxIdle, evictPeriod, minIdleTime, adminToken);
|
||||
maxActive, maxIdle, evictPeriod, minIdleTime, adminToken);*/
|
||||
|
||||
this.factory = AuthClientFactory.build(host, port, timeout,
|
||||
clientAuth, null, null, trustStore, trustPass,
|
||||
maxActive, maxIdle, evictPeriod, minIdleTime, adminToken);
|
||||
|
||||
|
||||
verifyRequiredParamsForAuthMethod();
|
||||
this.client = new TokenCache<>(20,map);
|
||||
this.client = new TokenCache<>(timeToCacheToken,map);
|
||||
logger.info("Auth host (2-way SSL: " + clientAuth + "): " + host);
|
||||
logger.info("Read Servlet Initialization Parameters ");
|
||||
initialized = true;
|
||||
|
@ -166,15 +171,19 @@ public class Config implements AuthConstants {
|
|||
}
|
||||
}
|
||||
|
||||
protected String getAdminSecretKey() {
|
||||
if (context.getAttribute(ADMIN_SECRET_KEY) != null) {
|
||||
return (String) context.getAttribute(ADMIN_SECRET_KEY);
|
||||
} else {
|
||||
return getValue(ADMIN_SECRET_KEY, "");
|
||||
}
|
||||
}
|
||||
protected String getAdminSecretKey() {
|
||||
if (context.getAttribute(ADMIN_SECRET_KEY) != null) {
|
||||
return (String) context.getAttribute(ADMIN_SECRET_KEY);
|
||||
} else {
|
||||
return getValue(ADMIN_SECRET_KEY, "");
|
||||
}
|
||||
}
|
||||
|
||||
protected String getAdminAuthMethod() {
|
||||
protected String getAdminToken() {
|
||||
return getValue(ADMIN_TOKEN, "");
|
||||
}
|
||||
|
||||
protected String getAdminAuthMethod() {
|
||||
return adminAuthMethod;
|
||||
}
|
||||
|
||||
|
@ -188,7 +197,8 @@ public class Config implements AuthConstants {
|
|||
|
||||
protected String getAdminPassword() {
|
||||
if (context.getAttribute(ADMIN_PASSWORD) != null) {
|
||||
return (String) context.getAttribute(ADMIN_PASSWORD);
|
||||
String password = (String) context.getAttribute(ADMIN_PASSWORD);
|
||||
return password;
|
||||
} else {
|
||||
return getValue(ADMIN_PASSWORD, "");
|
||||
}
|
||||
|
@ -198,22 +208,22 @@ public class Config implements AuthConstants {
|
|||
return includeCatalog;
|
||||
}
|
||||
|
||||
protected long getMemCacheTimeOut() {
|
||||
/*protected long getMemCacheTimeOut() {
|
||||
return memCacheTimeOut;
|
||||
}
|
||||
} */
|
||||
|
||||
protected String getAuthVersion() {
|
||||
return authVersion;
|
||||
}
|
||||
|
||||
protected void setMemCacheTimeOut(long memCacheTimeOut) {
|
||||
/*protected void setMemCacheTimeOut(long memCacheTimeOut) {
|
||||
this.memCacheTimeOut = memCacheTimeOut;
|
||||
}
|
||||
}*/
|
||||
|
||||
// Is caching enabled?
|
||||
protected boolean isCaching() {
|
||||
/*protected boolean isCaching() {
|
||||
return this.client != null;
|
||||
}
|
||||
}*/
|
||||
|
||||
protected ServletContext getConfig() {
|
||||
return context;
|
||||
|
@ -252,6 +262,9 @@ public class Config implements AuthConstants {
|
|||
public void setTimeToCacheToken(long timeToCachedToken) {
|
||||
this.timeToCacheToken = timeToCachedToken;
|
||||
}
|
||||
|
||||
public void setClient(TokenCache<String,String> client) { this.client = client;}
|
||||
|
||||
private <T> T getValue(String paramName, T defaultValue) {
|
||||
Class type = defaultValue.getClass();
|
||||
|
||||
|
|
|
@ -41,6 +41,7 @@ import javax.servlet.ServletRequest;
|
|||
|
||||
//import net.rubyeye.xmemcached.exception.MemcachedException;
|
||||
|
||||
//import com.hp.csbu.cc.security.cs.thrift.service.Role;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
|
@ -77,6 +78,10 @@ public class FilterUtils {
|
|||
logger.warn("Failed to shutdown memcache", e);
|
||||
}
|
||||
} */
|
||||
TokenCache<String,String> client = appConfig.getClient();
|
||||
|
||||
if(client !=null)
|
||||
appConfig.setClient(null);
|
||||
|
||||
AuthClientFactory factory = appConfig.getFactory();
|
||||
// Shutdown factory
|
||||
|
@ -405,7 +410,7 @@ public class FilterUtils {
|
|||
|
||||
// Insert token into cache
|
||||
public static void cacheToken(String token, Object auth) {
|
||||
if (isCaching()) {
|
||||
///if (isCaching()) {
|
||||
appConfig.getClient().put(token, (String) auth);
|
||||
/*try {
|
||||
appConfig.getClient().putToken(token, auth);
|
||||
|
@ -416,12 +421,12 @@ public class FilterUtils {
|
|||
} catch (MemcachedException e) {
|
||||
logger.error("Error memcache", e);
|
||||
} */
|
||||
}
|
||||
//}
|
||||
}
|
||||
|
||||
// Get token from cache
|
||||
public static Object getCachedToken(String token) {
|
||||
if (isCaching()) {
|
||||
public static Object getCachedToken(String token) throws IOException {
|
||||
/*if (isCaching()) {
|
||||
long timeout = appConfig.getMemCacheTimeOut();
|
||||
|
||||
/*try {
|
||||
|
@ -432,8 +437,8 @@ public class FilterUtils {
|
|||
logger.error("Error memcache interrupted");
|
||||
} catch (MemcachedException e) {
|
||||
logger.error("Error memcache", e);
|
||||
} */
|
||||
}
|
||||
}
|
||||
} */
|
||||
return appConfig.getClient().getToken(token);
|
||||
}
|
||||
|
||||
|
@ -447,9 +452,9 @@ public class FilterUtils {
|
|||
}
|
||||
|
||||
// Is caching enabled?
|
||||
private static boolean isCaching() {
|
||||
/*private static boolean isCaching() {
|
||||
return appConfig.getClient() != null;
|
||||
}
|
||||
}*/
|
||||
|
||||
/* private static void getRoles(Object obj, StringBuilder tenants,
|
||||
StringBuilder nonTenants) {
|
||||
|
|
|
@ -15,8 +15,8 @@ import java.util.Date;
|
|||
import java.util.Map;
|
||||
import java.util.TimeZone;
|
||||
|
||||
import com.hp.csbu.cc.security.cs.thrift.service.AuthResponse;
|
||||
import com.hp.csbu.cc.security.cs.thrift.service.SigAuthRequest;
|
||||
//import com.hp.csbu.cc.security.cs.thrift.service.AuthResponse;
|
||||
//import com.hp.csbu.cc.security.cs.thrift.service.SigAuthRequest;
|
||||
import org.apache.http.Header;
|
||||
import org.apache.http.HttpEntity;
|
||||
import org.apache.http.HttpResponse;
|
||||
|
@ -25,10 +25,14 @@ import org.apache.http.client.HttpClient;
|
|||
import org.apache.http.client.methods.HttpGet;
|
||||
import org.apache.http.client.methods.HttpPost;
|
||||
import org.apache.http.entity.StringEntity;
|
||||
import org.apache.http.impl.client.DefaultHttpClient;
|
||||
import org.apache.http.message.BasicHeader;
|
||||
|
||||
import com.google.gson.JsonObject;
|
||||
import com.google.gson.JsonParser;
|
||||
import org.apache.http.params.CoreConnectionPNames;
|
||||
import org.apache.http.params.HttpParams;
|
||||
import org.apache.http.util.EntityUtils;
|
||||
//import com.hp.csbu.cc.security.cs.thrift.service.AuthResponse;
|
||||
//import com.hp.csbu.cc.security.cs.thrift.service.SigAuthRequest;
|
||||
|
||||
|
@ -52,8 +56,8 @@ public class HttpAuthClient implements AuthClient {
|
|||
|
||||
public HttpAuthClient(HttpClient client, URI uri) {
|
||||
this.client = client;
|
||||
this.uri = uri;
|
||||
}
|
||||
this.uri = uri;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Object validateTokenForServiceEndpointV2(String token,
|
||||
|
@ -82,15 +86,32 @@ public class HttpAuthClient implements AuthClient {
|
|||
Header[] header, String serviceIds, String endpointIds)
|
||||
throws ClientProtocolException {
|
||||
HttpResponse response = sendGet(newUri, header, serviceIds, endpointIds);
|
||||
int code = response.getStatusLine().getStatusCode();
|
||||
if (code == 404) {
|
||||
throw new AuthException("Authorization failed for token: " + token);
|
||||
}
|
||||
if (code != 200) {
|
||||
adminToken = null;
|
||||
throw new AuthException("Failed to validate via HTTP " + code
|
||||
+ " " +response.getStatusLine().getReasonPhrase());
|
||||
}
|
||||
|
||||
HttpEntity entity = response.getEntity();
|
||||
int code = response.getStatusLine().getStatusCode();
|
||||
|
||||
InputStream instream = null;
|
||||
try {
|
||||
if (code == 404) {
|
||||
instream = entity.getContent();
|
||||
instream.close();
|
||||
throw new AuthException("Authorization failed for token: " + token);
|
||||
}
|
||||
if (code != 200) {
|
||||
adminToken = null;
|
||||
instream = entity.getContent();
|
||||
instream.close();
|
||||
String reasonPhrase = response.getStatusLine().getReasonPhrase();
|
||||
|
||||
throw new AuthException("Failed to validate via HTTP " + code
|
||||
+ " " + reasonPhrase);
|
||||
}
|
||||
} catch(IOException e) {
|
||||
throw new ClientProtocolException(
|
||||
"IO Exception: problem closing stream ", e);
|
||||
}
|
||||
|
||||
|
||||
return parseResponse(response);
|
||||
}
|
||||
|
||||
|
@ -103,7 +124,7 @@ public class HttpAuthClient implements AuthClient {
|
|||
try {
|
||||
post.setEntity(body);
|
||||
response = client.execute(post);
|
||||
int code = response.getStatusLine().getStatusCode();
|
||||
int code = response.getStatusLine().getStatusCode();
|
||||
if (!(code == 201 || code == 200 || code == 203)) {
|
||||
adminToken = null;
|
||||
throw new AuthException(
|
||||
|
@ -112,8 +133,8 @@ public class HttpAuthClient implements AuthClient {
|
|||
}
|
||||
} catch (IOException e) {
|
||||
post.abort();
|
||||
throw new ClientProtocolException(
|
||||
"IO Exception during POST request ", e);
|
||||
throw new ClientProtocolException(
|
||||
"IO Exception during POST request ", e);
|
||||
}
|
||||
return response;
|
||||
}
|
||||
|
@ -141,26 +162,33 @@ public class HttpAuthClient implements AuthClient {
|
|||
get.setHeader(header);
|
||||
}
|
||||
}
|
||||
//if (!appConfig.getAdminAuthMethod().isEmpty()) {
|
||||
get.setHeader(new BasicHeader(TOKEN, "password"));//getAdminToken()));
|
||||
//}
|
||||
|
||||
if(!appConfig.getAdminToken().isEmpty()) {
|
||||
get.setHeader(new BasicHeader(TOKEN, appConfig.getAdminToken()));
|
||||
}
|
||||
else if (!appConfig.getAdminAuthMethod().isEmpty()) {
|
||||
get.setHeader(new BasicHeader(TOKEN, getAdminToken()));
|
||||
}
|
||||
|
||||
try {
|
||||
response = client.execute(get);
|
||||
|
||||
} catch (IOException e) {
|
||||
get.abort();
|
||||
throw new ClientProtocolException(
|
||||
|
||||
throw new ClientProtocolException(
|
||||
"IO Exception during GET request ", e);
|
||||
}
|
||||
return response;
|
||||
return response;
|
||||
}
|
||||
|
||||
private String parseResponse(HttpResponse response) {
|
||||
StringBuffer json = new StringBuffer();
|
||||
HttpEntity entity = response.getEntity();
|
||||
HttpEntity entity = response.getEntity();
|
||||
if (entity != null) {
|
||||
InputStream instream;
|
||||
InputStream instream;
|
||||
try {
|
||||
instream = entity.getContent();
|
||||
instream = entity.getContent();
|
||||
|
||||
BufferedReader reader = new BufferedReader(
|
||||
new InputStreamReader(instream));
|
||||
|
@ -169,11 +197,14 @@ public class HttpAuthClient implements AuthClient {
|
|||
json.append(line);
|
||||
line = reader.readLine();
|
||||
}
|
||||
instream.close();
|
||||
reader.close();
|
||||
} catch (Exception e) {
|
||||
throw new AuthException("Failed to parse Http Response ", e);
|
||||
}
|
||||
}
|
||||
return json.toString();
|
||||
|
||||
return json.toString();
|
||||
}
|
||||
|
||||
private String getAdminToken() throws ClientProtocolException {
|
||||
|
@ -246,16 +277,19 @@ public class HttpAuthClient implements AuthClient {
|
|||
bfr.append(appConfig.getAdminUser());
|
||||
bfr.append("\",\"password\": \"");
|
||||
bfr.append(appConfig.getAdminPassword());
|
||||
if (appConfig.getAdminProject() != null && !appConfig.getAdminProject().isEmpty()) {
|
||||
bfr.append("\"},\"scope\": { \"project\": { \"id\": \"");
|
||||
bfr.append(appConfig.getAdminProject());
|
||||
bfr.append("\",\"domain\": {\"id\": \"default\"");
|
||||
bfr.append("}}}}}}");
|
||||
|
||||
//if (appConfig.getAdminProject() != null && !appConfig.getAdminProject().isEmpty()) {
|
||||
/*bfr.append("\"},\"scope\": { \"domain\": { \"id\": \"");
|
||||
bfr.append("\"default\"");//appConfig.getAdminProject());
|
||||
bfr.append("\"}}}}}}");
|
||||
} else {
|
||||
//} else {
|
||||
bfr.append("\"}}}}}");
|
||||
}
|
||||
//}
|
||||
} else if (appConfig.getAdminAuthMethod().equalsIgnoreCase(ACCESSKEY)) {
|
||||
bfr.append("{\"auth\": {\"identity\": {\"methods\": [\"accessKey\"], \"accessKey\": { \"accessKey\": \"");
|
||||
bfr.append(appConfig.getAdminAccessKey());
|
||||
bfr.append(appConfig.getAdminAccessKey());
|
||||
bfr.append("\", \"secretKey\": \"");
|
||||
bfr.append(appConfig.getAdminSecretKey());
|
||||
if (appConfig.getAdminProject() != null && !appConfig.getAdminProject().isEmpty()) {
|
||||
|
@ -264,7 +298,7 @@ public class HttpAuthClient implements AuthClient {
|
|||
bfr.append("\"}}}}}");
|
||||
} else {
|
||||
bfr.append("\"}}}}");
|
||||
}
|
||||
}*/
|
||||
} else {
|
||||
String msg = String.format("Admin auth method %s not supported",appConfig.getAdminAuthMethod());
|
||||
throw new AuthException(msg);
|
||||
|
@ -287,12 +321,6 @@ public class HttpAuthClient implements AuthClient {
|
|||
return tokenExpiryDate.getTime() < (current.getTime() + DELTA_TIME_IN_SEC * 1000);
|
||||
}
|
||||
|
||||
public void reset() {
|
||||
}
|
||||
public void reset() { }
|
||||
|
||||
@Override
|
||||
public AuthResponse validateSignature(SigAuthRequest request) {
|
||||
// TODO Auto-generated method stub
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -55,9 +55,10 @@ public class HttpClientPoolFactory extends BasePoolableObjectFactory {
|
|||
}
|
||||
connMgr = new PoolingClientConnectionManager(schemeRegistry,
|
||||
minEvictableIdleTimeMillis, TimeUnit.MILLISECONDS);
|
||||
connMgr.setMaxTotal(maxActive);
|
||||
connMgr.setDefaultMaxPerRoute(maxActive);
|
||||
|
||||
|
||||
connMgr.setMaxTotal(maxActive);
|
||||
connMgr.setDefaultMaxPerRoute(maxActive);
|
||||
|
||||
// Http connection timeout
|
||||
HttpParams params = new BasicHttpParams();
|
||||
params.setParameter(CoreConnectionPNames.SO_TIMEOUT, timeout);
|
||||
|
@ -70,17 +71,17 @@ public class HttpClientPoolFactory extends BasePoolableObjectFactory {
|
|||
cleaner = new HttpPoolCleaner(connMgr, timeBetweenEvictionRunsMillis,
|
||||
minEvictableIdleTimeMillis);
|
||||
new Thread(cleaner).start();
|
||||
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public Object makeObject() throws Exception {
|
||||
return new HttpAuthClient(client, uri);
|
||||
return new HttpAuthClient(client, uri);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void passivateObject(Object obj) throws Exception {
|
||||
((HttpAuthClient) obj).reset();
|
||||
((HttpAuthClient) obj).reset();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -96,15 +96,19 @@ public class TokenAuth implements Filter, AuthConstants {
|
|||
logger.info("No token found...Skipping");
|
||||
}
|
||||
} else {
|
||||
// Retrieve from cache
|
||||
auth = FilterUtils.getCachedToken(token);
|
||||
if (auth == null) {
|
||||
// Validate credential
|
||||
AuthClient client = null;
|
||||
do {
|
||||
try {
|
||||
auth = FilterUtils.getCachedToken(token);
|
||||
client = factory.getClient();
|
||||
// Retrieve from cache
|
||||
//AuthClient client = null;
|
||||
//try {
|
||||
auth = FilterUtils.getCachedToken(token);
|
||||
//if (auth == null) {
|
||||
|
||||
// Validate credential
|
||||
|
||||
// do {
|
||||
|
||||
//auth = FilterUtils.getCachedToken(token);
|
||||
//client = factory.getClient();
|
||||
//factory.recycle(client);
|
||||
/*if (appConfig.getAuthVersion().equalsIgnoreCase("v2.0")) {
|
||||
auth = client.validateTokenForServiceEndpointV2((token, appConfig.getServiceIds(),
|
||||
appConfig.getEndpointIds(), appConfig.isIncludeCatalog());
|
||||
|
@ -113,15 +117,16 @@ public class TokenAuth implements Filter, AuthConstants {
|
|||
//auth = client.validateTokenForServiceEndpointV3(token, getInputParams());
|
||||
auth = new TokenCache<String,String>(appConfig.getTimeToCacheToken(),getInputParams());
|
||||
} */
|
||||
// Cache token
|
||||
//FilterUtils.cacheToken(token, auth);
|
||||
// Return to connection pool for re-use
|
||||
|
||||
// Cache token
|
||||
//FilterUtils.cacheToken(token, auth);
|
||||
// Return to connection pool for re-use
|
||||
/*if(auth==null)
|
||||
throw new TTransportException();
|
||||
factory.recycle(client);
|
||||
|
||||
logger.debug("Successful Authentication");
|
||||
break;
|
||||
}/* catch (TTransportException t) {
|
||||
*/
|
||||
// logger.debug("Successful Authentication");
|
||||
// break;
|
||||
/*} catch (TTransportException t) {
|
||||
if (client != null)
|
||||
factory.discard(client);
|
||||
if (numberOfTries < retries) {
|
||||
|
@ -137,36 +142,41 @@ public class TokenAuth implements Filter, AuthConstants {
|
|||
handler.onException(t, resp, token);
|
||||
}
|
||||
return;
|
||||
} catch (ClientProtocolException c) {
|
||||
if (client != null)
|
||||
} */ /*}catch (ClientProtocolException c) {
|
||||
if (client != null){
|
||||
|
||||
factory.discard(client);
|
||||
if (numberOfTries < retries) {
|
||||
/*if (numberOfTries < retries) {
|
||||
FilterUtils.pause(pauseTime);
|
||||
logger.debug("Retrying connection after "
|
||||
+ pauseTime + " seconds.");
|
||||
numberOfTries++;
|
||||
continue;
|
||||
|
||||
} else {
|
||||
*/
|
||||
//return;
|
||||
/*} else {
|
||||
TokenExceptionHandler handler = TokenExceptionHandler
|
||||
.valueOf("ClientProtocolException");
|
||||
handler.onException(c, resp, token);
|
||||
}
|
||||
return;
|
||||
}*/catch (Exception ex) {
|
||||
} */
|
||||
//return;
|
||||
//}
|
||||
|
||||
/* }catch (Exception ex) {
|
||||
if (client != null)
|
||||
factory.recycle(client);
|
||||
TokenExceptionHandler handler = ExceptionHandlerUtil
|
||||
.lookUpTokenException(ex);
|
||||
handler.onException(ex, resp, token);
|
||||
return;
|
||||
}
|
||||
} while (numberOfTries <= retries);
|
||||
} else {
|
||||
}*/
|
||||
//} while (numberOfTries <= retries);
|
||||
/*} else {
|
||||
// Got a cached token!
|
||||
logger.debug("Got cached token: " + token);
|
||||
}
|
||||
}
|
||||
}*/
|
||||
}
|
||||
req = FilterUtils.wrapRequest(req, auth);
|
||||
logger.debug("TokenAuth: Forwarding down stream to next filter/servlet");
|
||||
// Forward downstream...
|
||||
|
|
|
@ -1,15 +1,17 @@
|
|||
package com.hp.csbu.cc.middleware;
|
||||
|
||||
import com.google.common.cache.*;
|
||||
import org.apache.http.client.ClientProtocolException;
|
||||
import org.apache.thrift.TException;
|
||||
import org.apache.thrift.transport.TTransportException;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import com.google.common.cache.*;
|
||||
//import com.hp.csbu.cc.security.cs.thrift.service.ResourceException;
|
||||
import org.apache.http.client.ClientProtocolException;
|
||||
import org.apache.thrift.TException;
|
||||
import org.apache.thrift.transport.TTransportException;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.ExecutionException;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
import java.io.IOException;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.ExecutionException;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
|
||||
public class TokenCache<K,V> {
|
||||
|
@ -29,37 +31,46 @@ public class TokenCache<K,V> {
|
|||
cache = CacheBuilder.newBuilder().maximumSize(10000)
|
||||
.expireAfterWrite(timeToExpire, TimeUnit.SECONDS)
|
||||
.build(new CacheLoader<K, V>() {
|
||||
public V load(K key) throws TException,ClientProtocolException {
|
||||
//return (V) client.validateTokenForServiceEndpointV3((String)key,map);
|
||||
public V load(K key) throws TException,ClientProtocolException {//,ResourceException {
|
||||
|
||||
V value = null;
|
||||
//AuthClient client = null;
|
||||
AuthClient client = null;
|
||||
|
||||
try {
|
||||
client = factory.getClient();
|
||||
if (appConfig.getAuthVersion().equals("v2.0")) {
|
||||
|
||||
value = (V) client.validateTokenForServiceEndpointV2((String) key, appConfig.getServiceIds(),
|
||||
appConfig.getEndpointIds(), appConfig.isIncludeCatalog());
|
||||
} else {
|
||||
value = (V) client.validateTokenForServiceEndpointV3((String) key, map);
|
||||
}
|
||||
}catch(Exception e) {
|
||||
//factory.discard(client);
|
||||
factory.recycle(client);
|
||||
throw e;
|
||||
}/*catch(TTransportException t) {
|
||||
if(client!=null)
|
||||
factory.discard(client);
|
||||
}
|
||||
catch(ClientProtocolException c) {
|
||||
if(client!=null) {
|
||||
factory.discard(client);
|
||||
}
|
||||
} */
|
||||
finally {
|
||||
if(client!=null)
|
||||
factory.recycle(client);
|
||||
}
|
||||
|
||||
return value;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
public V getToken(K key) {
|
||||
public V getToken(K key) throws IOException {
|
||||
V value = null;
|
||||
|
||||
try {
|
||||
value = cache.get(key);
|
||||
value = cache.get(key);
|
||||
} catch (ExecutionException e) {
|
||||
logger.debug("Problem retrieving key from cache: " + e.getStackTrace());
|
||||
factory.recycle(client);
|
||||
logger.error("Problem retrieving key from cache: " + e.getStackTrace());
|
||||
throw new ClientProtocolException("Problem retrieving key from cache"+e.getStackTrace());
|
||||
}
|
||||
return value;
|
||||
}
|
||||
|
|
|
@ -10,7 +10,7 @@ import org.slf4j.Logger;
|
|||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import org.apache.thrift.TException;
|
||||
import com.hp.csbu.cc.security.cs.thrift.service.ResourceException;
|
||||
//import com.hp.csbu.cc.security.cs.thrift.service.ResourceException;
|
||||
|
||||
public enum TokenExceptionHandler {
|
||||
|
||||
|
@ -61,7 +61,7 @@ public enum TokenExceptionHandler {
|
|||
+ ie.getMessage() + " " + ie);
|
||||
}
|
||||
}
|
||||
},
|
||||
}/*,
|
||||
ResourceException {
|
||||
@Override
|
||||
public void onException(Exception e, ServletResponse resp, String token) {
|
||||
|
@ -81,7 +81,7 @@ public enum TokenExceptionHandler {
|
|||
+ ie.getMessage() + " " + ie);
|
||||
}
|
||||
}
|
||||
},
|
||||
}, */,
|
||||
AuthException {
|
||||
@Override
|
||||
public void onException(Exception e, ServletResponse resp, String token) {
|
||||
|
|
|
@ -121,12 +121,10 @@ public class MonApiApplication extends Application<MonApiConfiguration> {
|
|||
authInitParams.put("ConnRetryTimes", config.middleware.connRetryTimes);
|
||||
authInitParams.put("ConnRetryInterval", config.middleware.connRetryInterval);
|
||||
authInitParams.put("AdminToken", config.middleware.adminToken);
|
||||
authInitParams.put("ExpireCacheToken", config.middleware.timeToCacheToken);
|
||||
/* authInitParams.put("AdminAuthMethod", config.middleware.adminToken);
|
||||
authInitParams.put("AdminUser", "admin");
|
||||
authInitParams.put("AdminPassword", "password");*/
|
||||
|
||||
|
||||
authInitParams.put("TimeToCacheToken", config.middleware.timeToCacheToken);
|
||||
authInitParams.put("AdminAuthMethod", config.middleware.adminAuthMethod);
|
||||
authInitParams.put("AdminUser", config.middleware.adminUser);
|
||||
authInitParams.put("AdminPassword", config.middleware.adminPassword);
|
||||
|
||||
Dynamic tokenAuthFilter = environment.servlets().addFilter("token-auth", new TokenAuth());
|
||||
tokenAuthFilter.addMappingForUrlPatterns(null, true, "/");
|
||||
|
|
|
@ -45,7 +45,11 @@ public class MiddlewareConfiguration {
|
|||
@NotEmpty @JsonProperty public String connPoolMinIdleTime;
|
||||
@NotEmpty @JsonProperty public String connRetryTimes;
|
||||
@NotEmpty @JsonProperty public String connRetryInterval;
|
||||
@NotEmpty @JsonProperty public String adminToken;
|
||||
@NotNull @JsonProperty public List<String> rolesToMatch;
|
||||
@JsonProperty public String timeToCacheToken;
|
||||
@JsonProperty public String adminAuthMethod;
|
||||
@JsonProperty public String adminUser;
|
||||
@NotEmpty @JsonProperty public String adminToken;
|
||||
@JsonProperty public String adminPassword;
|
||||
@JsonProperty public String adminUserAccess;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue