private static Timer timer;
// Map of userName to User
private final Map<String, User<PERM>> userMap;
- private static final Map<String, Miss> missMap = new TreeMap<String,Miss>();
+ private static final Map<String, Miss> missMap = new TreeMap<>();
private final Symm missEncrypt;
private Clean clean;
protected Access access;
-// private final static Permission teaser = new LocalPermission("***NoPERM****");
protected AbsUserCache(Access access, long cleanInterval, int highCount, int usageCount) {
this.access = access;
}
missEncrypt = s;
- userMap = new ConcurrentHashMap<String, User<PERM>>();
+ userMap = new ConcurrentHashMap<>();
if(cleanInterval>0) {
}
Miss miss = missMap.get(mkey);
if(miss==null) {
- missMap.put(mkey, new Miss(bs,clean==null?MIN_INTERVAL:clean.timeInterval));
+ missMap.put(mkey, new Miss(bs,clean==null?MIN_INTERVAL:clean.timeInterval,key));
return true;
}
return miss.mayContinue();
}
public final List<DumpInfo> dumpInfo() {
- List<DumpInfo> rv = new ArrayList<DumpInfo>();
+ List<DumpInfo> rv = new ArrayList<>();
for(User<PERM> user : userMap.values()) {
rv.add(new DumpInfo(user));
}
/**
* The default behavior of a LUR is to not handle something exclusively.
*/
- public boolean handlesExclusively(Permission pond) {
+ public boolean handlesExclusively(Permission ... pond) {
return false;
}
// Simple map of Group name to a set of User Names
- // private Map<String, Set<String>> groupMap = new HashMap<String, Set<String>>();
+ // private Map<String, Set<String>> groupMap = new HashMap<>();
/**
* Class to hold a small subset of the data, because we don't want to expose actual Permission or User Objects
public DumpInfo(User<PERM> user) {
this.user = user.principal.getName();
- perms = new ArrayList<String>(user.perms.keySet());
+ perms = new ArrayList<>(user.perms.keySet());
}
}
int total = 0;
try {
// look at now. If we need to expire more by increasing "now" by "advance"
- ArrayList<User<PERM>> al = new ArrayList<User<PERM>>(userMap.values().size());
+ ArrayList<User<PERM>> al = new ArrayList<>(userMap.values().size());
al.addAll(0, userMap.values());
long now = System.currentTimeMillis() + advance;
for(User<PERM> user : al) {
++total;
if(user.count>usageTriggerCount) {
- // access.log(Level.AUDIT, "Checking Thread", new Date(now));
boolean touched = false, removed=false;
if(user.principal instanceof CachedPrincipal) {
CachedPrincipal cp = (CachedPrincipal)user.principal;
break;
case REVALIDATED:
user.resetCount();
- // access.log(Level.AUDIT, "CACHE revalidated credentials");
touched = true;
break;
default:
}
}
- // access.log(Level.AUDIT, "User Perm Expires", new Date(user.permExpires));
if(!removed && lur!=null && user.permExpires<= now ) {
- // access.log(Level.AUDIT, "Reloading");
if(lur.reload(user).equals(Resp.REVALIDATED)) {
user.renewPerm();
access.log(Level.DEBUG, "Reloaded Perms for",user);
int missTotal = missMap.keySet().size();
int miss = 0;
if(missTotal>0) {
- ArrayList<String> keys = new ArrayList<String>(missTotal);
+ ArrayList<String> keys = new ArrayList<>(missTotal);
keys.addAll(missMap.keySet());
for(String key : keys) {
Miss m = missMap.get(key);
- if(m!=null && m.timestamp<System.currentTimeMillis()) {
- synchronized(missMap) {
- missMap.remove(key);
+ if(m!=null) {
+ long timeLeft = m.timestamp - System.currentTimeMillis();
+ if(timeLeft<0) {
+ synchronized(missMap) {
+ missMap.remove(key);
+ }
+ access.log(Level.INFO, m.name, " has been removed from Missed Credential Map (" + m.tries + " invalid tries)");
+ ++miss;
+ } else {
+ access.log(Level.INFO, m.name, " remains in Missed Credential Map (" + m.tries + " invalid tries) for " + (timeLeft/1000) + " more seconds");
}
- access.log(Level.INFO, key, "has been removed from Missed Credential Map (" + m.tries + " invalid tries)");
- ++miss;
}
}
}
private long timetolive;
private long tries;
+
+ private final String name;
- public Miss(byte[] first, long timeInterval) {
+ public Miss(final byte[] first, final long timeInterval, final String name) {
timestamp = System.currentTimeMillis() + timeInterval;
this.timetolive = timeInterval;
tries = 0L;
+ this.name = name;
}
}
return true;
}
+
}
/**
Code Review / aaf / authz.git / blobdiff