import aafoauth.v2_0.Introspect;
public class TokenMgr extends Persist<Introspect, TokenPerm> {
- protected static Map<String,TokenPerm> tpmap = new ConcurrentHashMap<>();
- protected static Map<String,TokenMgr> tmmap = new HashMap<>(); // synchronized in getInstance
- protected static Map<String,String> currentToken = new HashMap<>(); // synchronized in getTP
-
public static RosettaDF<Perms> permsDF;
- public static RosettaDF<Introspect> introspectDF;
+ protected static Map<String,TokenPerm> tpmap = new ConcurrentHashMap<>();
+ protected static Map<String,TokenMgr> tmmap = new HashMap<>(); // synchronized in getInstance
+ protected static Map<String,String> currentToken = new HashMap<>(); // synchronized in getTP
+ public static RosettaDF<Perms> permsDF;
+ public static RosettaDF<Introspect> introspectDF;
- private final TokenPermLoader tpLoader;
-
- private TokenMgr(PropAccess access, String tokenURL, String introspectURL) throws APIException, CadiException {
- super(access,new RosettaEnv(access.getProperties()),Introspect.class,"introspect");
- synchronized(access) {
- if(permsDF==null) {
- permsDF = env.newDataFactory(Perms.class);
- introspectDF = env.newDataFactory(Introspect.class);
- }
- }
- if("dbToken".equals(tokenURL) && "dbIntrospect".equals(introspectURL)) {
- tpLoader = new TokenPermLoader() { // null Loader
- @Override
- public Result<TokenPerm> load(String accessToken, byte[] cred)
- throws APIException, CadiException, LocatorException {
- return Result.err(404, "DBLoader");
- }
- };
- } else {
- RemoteTokenPermLoader rtpl = new RemoteTokenPermLoader(tokenURL, introspectURL); // default is remote
- String i = access.getProperty(Config.AAF_APPID,null);
- String p = access.getProperty(Config.AAF_APPPASS, null);
- if(i==null || p==null) {
- throw new CadiException(Config.AAF_APPID + " and " + Config.AAF_APPPASS + " must be set to initialize TokenMgr");
- }
- rtpl.introCL.client_creds(i,p);
- tpLoader = rtpl;
- }
- }
+ private final TokenPermLoader tpLoader;
+
+ private TokenMgr(PropAccess access, String tokenURL, String introspectURL) throws APIException, CadiException {
+ super(access,new RosettaEnv(access.getProperties()),Introspect.class,"introspect");
+ synchronized(access) {
+ if(permsDF==null) {
+ permsDF = env.newDataFactory(Perms.class);
+ introspectDF = env.newDataFactory(Introspect.class);
+ }
+ }
+ if("dbToken".equals(tokenURL) && "dbIntrospect".equals(introspectURL)) {
+ tpLoader = new TokenPermLoader() { // null Loader
+ @Override
+ public Result<TokenPerm> load(String accessToken, byte[] cred)
+ throws APIException, CadiException, LocatorException {
+ return Result.err(404, "DBLoader");
+ }
+ };
+ } else {
+ RemoteTokenPermLoader rtpl = new RemoteTokenPermLoader(tokenURL, introspectURL); // default is remote
+ String i = access.getProperty(Config.AAF_APPID,null);
+ String p = access.getProperty(Config.AAF_APPPASS, null);
+ if(i==null || p==null) {
+ throw new CadiException(Config.AAF_APPID + " and " + Config.AAF_APPPASS + " must be set to initialize TokenMgr");
+ }
+ rtpl.introCL.client_creds(i,p);
+ tpLoader = rtpl;
+ }
+ }
- private TokenMgr(PropAccess access, TokenPermLoader tpl) throws APIException, CadiException {
- super(access,new RosettaEnv(access.getProperties()),Introspect.class,"incoming");
- synchronized(access) {
- if(permsDF==null) {
- permsDF = env.newDataFactory(Perms.class);
- introspectDF = env.newDataFactory(Introspect.class);
- }
- }
- tpLoader = tpl;
- }
+ private TokenMgr(PropAccess access, TokenPermLoader tpl) throws APIException, CadiException {
+ super(access,new RosettaEnv(access.getProperties()),Introspect.class,"incoming");
+ synchronized(access) {
+ if(permsDF==null) {
+ permsDF = env.newDataFactory(Perms.class);
+ introspectDF = env.newDataFactory(Introspect.class);
+ }
+ }
+ tpLoader = tpl;
+ }
- public static synchronized TokenMgr getInstance(final PropAccess access, final String tokenURL, final String introspectURL) throws APIException, CadiException {
- String key;
- TokenMgr tm = tmmap.get(key=tokenURL+'/'+introspectURL);
- if(tm==null) {
- tmmap.put(key, tm=new TokenMgr(access,tokenURL,introspectURL));
- }
- return tm;
- }
-
- public Result<OAuth2Principal> toPrincipal(final String accessToken, final byte[] hash) throws APIException, CadiException, LocatorException {
- Result<TokenPerm> tp = get(accessToken, hash, new Loader<TokenPerm>() {
- @Override
- public Result<TokenPerm> load(String key) throws APIException, CadiException, LocatorException {
- try {
- return tpLoader.load(accessToken,hash);
- } catch (APIException | LocatorException e) {
- throw new CadiException(e);
- }
- }
- });
- if(tp.isOK()) {
- return Result.ok(200, new OAuth2Principal(tp.value,hash));
- } else {
- return Result.err(tp);
- }
- }
-
- public Result<TokenPerm> get(final String accessToken, final byte[] hash) throws APIException, CadiException, LocatorException {
- return get(accessToken,hash,new Loader<TokenPerm>() {
- @Override
- public Result<TokenPerm> load(String key) throws APIException, CadiException, LocatorException {
- return tpLoader.load(key,hash);
- }
-
- });
-// return tpLoader.load(accessToken,hash);
- }
+ public static synchronized TokenMgr getInstance(final PropAccess access, final String tokenURL, final String introspectURL) throws APIException, CadiException {
+ String key;
+ TokenMgr tm = tmmap.get(key=tokenURL+'/'+introspectURL);
+ if(tm==null) {
+ tmmap.put(key, tm=new TokenMgr(access,tokenURL,introspectURL));
+ }
+ return tm;
+ }
+
+ public Result<OAuth2Principal> toPrincipal(final String accessToken, final byte[] hash) throws APIException, CadiException, LocatorException {
+ Result<TokenPerm> tp = get(accessToken, hash, new Loader<TokenPerm>() {
+ @Override
+ public Result<TokenPerm> load(String key) throws APIException, CadiException, LocatorException {
+ try {
+ return tpLoader.load(accessToken,hash);
+ } catch (APIException | LocatorException e) {
+ throw new CadiException(e);
+ }
+ }
+ });
+ if(tp.isOK()) {
+ return Result.ok(200, new OAuth2Principal(tp.value,hash));
+ } else {
+ return Result.err(tp);
+ }
+ }
+
+ public Result<TokenPerm> get(final String accessToken, final byte[] hash) throws APIException, CadiException, LocatorException {
+ return get(accessToken,hash,new Loader<TokenPerm>() {
+ @Override
+ public Result<TokenPerm> load(String key) throws APIException, CadiException, LocatorException {
+ return tpLoader.load(key,hash);
+ }
+
+ });
+// return tpLoader.load(accessToken,hash);
+ }
- public interface TokenPermLoader{
- public Result<TokenPerm> load(final String accessToken, final byte[] cred) throws APIException, CadiException, LocatorException;
- }
-
- private class RemoteTokenPermLoader implements TokenPermLoader {
- private TokenClientFactory tcf;
- private TokenClient tokenCL, introCL;
+ public interface TokenPermLoader{
+ public Result<TokenPerm> load(final String accessToken, final byte[] cred) throws APIException, CadiException, LocatorException;
+ }
+
+ private class RemoteTokenPermLoader implements TokenPermLoader {
+ private TokenClientFactory tcf;
+ private TokenClient tokenCL, introCL;
- public RemoteTokenPermLoader(final String tokenURL, final String introspectURL) throws APIException, CadiException {
- try {
- tcf = TokenClientFactory.instance(access);
- int timeout = Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF));
- tokenCL = tcf.newClient(tokenURL,
- timeout);
- if(introspectURL.equals(tokenURL)) {
- introCL = tokenCL;
- } else {
- introCL = tcf.newClient(introspectURL,
- timeout);
- }
+ public RemoteTokenPermLoader(final String tokenURL, final String introspectURL) throws APIException, CadiException {
+ try {
+ tcf = TokenClientFactory.instance(access);
+ int timeout = Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF));
+ tokenCL = tcf.newClient(tokenURL,
+ timeout);
+ if(introspectURL.equals(tokenURL)) {
+ introCL = tokenCL;
+ } else {
+ introCL = tcf.newClient(introspectURL,
+ timeout);
+ }
- } catch (GeneralSecurityException | IOException | NumberFormatException | LocatorException e) {
- throw new CadiException(e);
- }
- }
-
- public Result<TokenPerm> load(final String accessToken, final byte[] cred) throws APIException, CadiException, LocatorException {
- long start = System.currentTimeMillis();
- try {
- Result<Introspect> ri = introCL.introspect(accessToken);
- if(ri.isOK()) {
- return Result.ok(ri.code, new TokenPerm(TokenMgr.this,permsDF,ri.value,cred,getPath(accessToken)));
- } else {
- return Result.err(ri);
- }
- } finally {
- access.printf(Level.INFO, "Token loaded in %d ms",System.currentTimeMillis()-start);
- }
- }
- }
+ } catch (GeneralSecurityException | IOException | NumberFormatException | LocatorException e) {
+ throw new CadiException(e);
+ }
+ }
+
+ public Result<TokenPerm> load(final String accessToken, final byte[] cred) throws APIException, CadiException, LocatorException {
+ long start = System.currentTimeMillis();
+ try {
+ Result<Introspect> ri = introCL.introspect(accessToken);
+ if(ri.isOK()) {
+ return Result.ok(ri.code, new TokenPerm(TokenMgr.this,permsDF,ri.value,cred,getPath(accessToken)));
+ } else {
+ return Result.err(ri);
+ }
+ } finally {
+ access.printf(Level.INFO, "Token loaded in %d ms",System.currentTimeMillis()-start);
+ }
+ }
+ }
- public void clear(Principal p, StringBuilder report) {
- TokenPerm tp = tpmap.remove(p.getName());
- if(tp==null) {
- report.append("Nothing to clear");
- } else {
- report.append("Cleared ");
- report.append(p.getName());
- }
- }
+ public void clear(Principal p, StringBuilder report) {
+ TokenPerm tp = tpmap.remove(p.getName());
+ if(tp==null) {
+ report.append("Nothing to clear");
+ } else {
+ report.append("Cleared ");
+ report.append(p.getName());
+ }
+ }
- @Override
- protected TokenPerm newCacheable(Introspect i, long expires, byte[] hash, Path path) throws APIException {
- // Note: Introspect drives the Expiration... ignoring expires.
- return new TokenPerm(this,permsDF,i,hash,path);
- }
+ @Override
+ protected TokenPerm newCacheable(Introspect i, long expires, byte[] hash, Path path) throws APIException {
+ // Note: Introspect drives the Expiration... ignoring expires.
+ return new TokenPerm(this,permsDF,i,hash,path);
+ }
- public TokenPerm putIntrospect(Introspect intro, byte[] cred) throws APIException {
- return newCacheable(intro, intro.getExp(), cred, getPath(intro.getAccessToken()));
- }
+ public TokenPerm putIntrospect(Introspect intro, byte[] cred) throws APIException {
+ return newCacheable(intro, intro.getExp(), cred, getPath(intro.getAccessToken()));
+ }
}
Code Review / aaf / authz.git / blobdiff