From adf7e6616c2a8d6f60207059288423f693509928 Mon Sep 17 00:00:00 2001 From: DUVAL Thomas Date: Thu, 16 Jun 2016 14:50:31 +0200 Subject: Add new version of aaa Change-Id: I94d72011e6019e66c98f46d11436a5cb33ff295d --- odl-aaa-moon/aaa/aaa-authn-store/pom.xml | 100 +++++++++++++ .../java/org/opendaylight/aaa/store/Activator.java | 45 ++++++ .../opendaylight/aaa/store/DefaultTokenStore.java | 154 +++++++++++++++++++++ .../OSGI-INF/metatype/metatype.properties | 14 ++ .../main/resources/OSGI-INF/metatype/metatype.xml | 22 +++ .../aaa-authn-store/src/main/resources/tokens.cfg | 4 + .../aaa/store/DefaultTokenStoreTest.java | 66 +++++++++ 7 files changed, 405 insertions(+) create mode 100644 odl-aaa-moon/aaa/aaa-authn-store/pom.xml create mode 100644 odl-aaa-moon/aaa/aaa-authn-store/src/main/java/org/opendaylight/aaa/store/Activator.java create mode 100644 odl-aaa-moon/aaa/aaa-authn-store/src/main/java/org/opendaylight/aaa/store/DefaultTokenStore.java create mode 100644 odl-aaa-moon/aaa/aaa-authn-store/src/main/resources/OSGI-INF/metatype/metatype.properties create mode 100644 odl-aaa-moon/aaa/aaa-authn-store/src/main/resources/OSGI-INF/metatype/metatype.xml create mode 100644 odl-aaa-moon/aaa/aaa-authn-store/src/main/resources/tokens.cfg create mode 100644 odl-aaa-moon/aaa/aaa-authn-store/src/test/java/org/opendaylight/aaa/store/DefaultTokenStoreTest.java (limited to 'odl-aaa-moon/aaa/aaa-authn-store') diff --git a/odl-aaa-moon/aaa/aaa-authn-store/pom.xml b/odl-aaa-moon/aaa/aaa-authn-store/pom.xml new file mode 100644 index 00000000..01fdf252 --- /dev/null +++ b/odl-aaa-moon/aaa/aaa-authn-store/pom.xml @@ -0,0 +1,100 @@ + + + 4.0.0 + + org.opendaylight.aaa + aaa-parent + 0.3.2-Beryllium-SR2 + ../parent + + + aaa-authn-store + 0.3.2-Beryllium-SR2 + bundle + + + + net.sf.ehcache + ehcache + + + org.opendaylight.aaa + aaa-authn-api + + + org.slf4j + slf4j-api + + + org.osgi + org.osgi.core + provided + + + org.apache.felix + org.apache.felix.dependencymanager + provided + + + + junit + junit + test + + + org.mockito + mockito-all + test + + + org.slf4j + slf4j-simple + test + + + org.opendaylight.aaa + aaa-authn + test + + + + + + + org.apache.felix + maven-bundle-plugin + true + + + org.opendaylight.aaa.store.Activator + + ${project.basedir}/META-INF + + + + org.codehaus.mojo + build-helper-maven-plugin + + + attach-artifacts + package + + attach-artifact + + + + + ${project.build.directory}/classes/tokens.cfg + cfg + config + + + + + + + + + + diff --git a/odl-aaa-moon/aaa/aaa-authn-store/src/main/java/org/opendaylight/aaa/store/Activator.java b/odl-aaa-moon/aaa/aaa-authn-store/src/main/java/org/opendaylight/aaa/store/Activator.java new file mode 100644 index 00000000..f3299723 --- /dev/null +++ b/odl-aaa-moon/aaa/aaa-authn-store/src/main/java/org/opendaylight/aaa/store/Activator.java @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved. + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v1.0 which accompanies this distribution, + * and is available at http://www.eclipse.org/legal/epl-v10.html + */ + +package org.opendaylight.aaa.store; + +import java.util.Dictionary; +import org.apache.felix.dm.DependencyActivatorBase; +import org.apache.felix.dm.DependencyManager; +import org.opendaylight.aaa.api.TokenStore; +import org.osgi.framework.BundleContext; +import org.osgi.framework.Constants; +import org.osgi.service.cm.ManagedService; + +/** + * An activator for the default datastore implementation of {@link TokenStore}. + * + * @author liemmn + */ +public class Activator extends DependencyActivatorBase { + + private static final String TOKEN_PID = "org.opendaylight.aaa.tokens"; + + @Override + public void init(BundleContext context, DependencyManager manager) throws Exception { + DefaultTokenStore ts = new DefaultTokenStore(); + manager.add(createComponent().setInterface(new String[] { TokenStore.class.getName() }, + null).setImplementation(ts)); + context.registerService(ManagedService.class.getName(), ts, + addPid(DefaultTokenStore.defaults)); + } + + @Override + public void destroy(BundleContext context, DependencyManager manager) throws Exception { + } + + private Dictionary addPid(Dictionary dict) { + dict.put(Constants.SERVICE_PID, TOKEN_PID); + return dict; + } +} diff --git a/odl-aaa-moon/aaa/aaa-authn-store/src/main/java/org/opendaylight/aaa/store/DefaultTokenStore.java b/odl-aaa-moon/aaa/aaa-authn-store/src/main/java/org/opendaylight/aaa/store/DefaultTokenStore.java new file mode 100644 index 00000000..df65be32 --- /dev/null +++ b/odl-aaa-moon/aaa/aaa-authn-store/src/main/java/org/opendaylight/aaa/store/DefaultTokenStore.java @@ -0,0 +1,154 @@ +/* + * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved. + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v1.0 which accompanies this distribution, + * and is available at http://www.eclipse.org/legal/epl-v10.html + */ + +package org.opendaylight.aaa.store; + +import java.io.File; +import java.lang.management.ManagementFactory; +import java.util.Dictionary; +import java.util.Hashtable; +import java.util.concurrent.locks.ReentrantLock; +import javax.management.MBeanServer; +import net.sf.ehcache.Cache; +import net.sf.ehcache.CacheManager; +import net.sf.ehcache.Element; +import net.sf.ehcache.config.CacheConfiguration; +import net.sf.ehcache.management.ManagementService; +import org.apache.felix.dm.Component; +import org.opendaylight.aaa.api.Authentication; +import org.opendaylight.aaa.api.TokenStore; +import org.osgi.service.cm.ConfigurationException; +import org.osgi.service.cm.ManagedService; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * A default token store for STS. + * + * @author liemmn + * + */ +public class DefaultTokenStore implements TokenStore, ManagedService { + private static final Logger LOG = LoggerFactory.getLogger(DefaultTokenStore.class); + private static final String TOKEN_STORE_CONFIG_ERR = "Token store configuration error"; + + private static final String TOKEN_CACHE_MANAGER = "org.opendaylight.aaa"; + private static final String TOKEN_CACHE = "tokens"; + private static final String EHCACHE_XML = "etc/ehcache.xml"; + + static final String MAX_CACHED_MEMORY = "maxCachedTokensInMemory"; + static final String MAX_CACHED_DISK = "maxCachedTokensOnDisk"; + static final String SECS_TO_LIVE = "secondsToLive"; + static final String SECS_TO_IDLE = "secondsToIdle"; + + // Defaults (needed only for non-Karaf deployments) + static final Dictionary defaults = new Hashtable<>(); + static { + defaults.put(MAX_CACHED_MEMORY, Long.toString(10000)); + defaults.put(MAX_CACHED_DISK, Long.toString(1000000)); + defaults.put(SECS_TO_IDLE, Long.toString(3600)); + defaults.put(SECS_TO_LIVE, Long.toString(3600)); + } + + // Token cache lock + private static final ReentrantLock cacheLock = new ReentrantLock(); + + // Token cache + private Cache tokens; + + // This should be a singleton + DefaultTokenStore() { + } + + // Called by DM when all required dependencies are satisfied. + void init(Component c) { + File ehcache = new File(EHCACHE_XML); + CacheManager cm; + if (ehcache.exists()) { + cm = CacheManager.create(ehcache.getAbsolutePath()); + tokens = cm.getCache(TOKEN_CACHE); + LOG.info("Initialized token store with custom cache config"); + } else { + cm = CacheManager.getInstance(); + tokens = new Cache( + new CacheConfiguration(TOKEN_CACHE, + Integer.parseInt(defaults.get(MAX_CACHED_MEMORY))).maxEntriesLocalDisk( + Integer.parseInt(defaults.get(MAX_CACHED_DISK))) + .timeToLiveSeconds( + Long.parseLong(defaults.get(SECS_TO_LIVE))) + .timeToIdleSeconds( + Long.parseLong(defaults.get(SECS_TO_IDLE)))); + cm.addCache(tokens); + LOG.info("Initialized token store with default cache config"); + } + cm.setName(TOKEN_CACHE_MANAGER); + + // JMX for cache management + MBeanServer mBeanServer = ManagementFactory.getPlatformMBeanServer(); + ManagementService.registerMBeans(cm, mBeanServer, false, false, false, true); + } + + // Called on shutdown + void destroy() { + LOG.info("Shutting down token store..."); + CacheManager.getInstance().shutdown(); + } + + @Override + public Authentication get(String token) { + Element elem = tokens.get(token); + return (Authentication) ((elem != null) ? elem.getObjectValue() : null); + } + + @Override + public void put(String token, Authentication auth) { + tokens.put(new Element(token, auth)); + } + + @Override + public boolean delete(String token) { + return tokens.remove(token); + } + + @Override + public long tokenExpiration() { + return tokens.getCacheConfiguration().getTimeToLiveSeconds(); + } + + @Override + public void updated(@SuppressWarnings("rawtypes") Dictionary props) + throws ConfigurationException { + LOG.info("Updating token store configuration..."); + if (props == null) { + // Someone deleted the configuration, use defaults + props = defaults; + } + reconfig(props); + } + + // Refresh cache configuration... + private void reconfig(@SuppressWarnings("rawtypes") Dictionary props) + throws ConfigurationException { + cacheLock.lock(); + try { + long secsToIdle = Long.parseLong(props.get(SECS_TO_IDLE).toString()); + long secsToLive = Long.parseLong(props.get(SECS_TO_LIVE).toString()); + int maxMem = Integer.parseInt(props.get(MAX_CACHED_MEMORY).toString()); + int maxDisk = Integer.parseInt(props.get(MAX_CACHED_DISK).toString()); + CacheConfiguration config = tokens.getCacheConfiguration(); + config.setTimeToIdleSeconds(secsToIdle); + config.setTimeToLiveSeconds(secsToLive); + config.maxEntriesLocalHeap(maxMem); + config.maxEntriesLocalDisk(maxDisk); + } catch (Throwable t) { + throw new ConfigurationException(null, TOKEN_STORE_CONFIG_ERR, t); + } finally { + cacheLock.unlock(); + } + } +} diff --git a/odl-aaa-moon/aaa/aaa-authn-store/src/main/resources/OSGI-INF/metatype/metatype.properties b/odl-aaa-moon/aaa/aaa-authn-store/src/main/resources/OSGI-INF/metatype/metatype.properties new file mode 100644 index 00000000..b88d5c10 --- /dev/null +++ b/odl-aaa-moon/aaa/aaa-authn-store/src/main/resources/OSGI-INF/metatype/metatype.properties @@ -0,0 +1,14 @@ +org.opendaylight.aaa.tokens.name = Opendaylight AAA Token Configuration +org.opendaylight.aaa.tokens.description = Configuration for AAA tokens +org.opendaylight.aaa.tokens.maxCachedTokensInMemory.name = Memory Configuration +org.opendaylight.aaa.tokens.maxCachedTokensInMemory.description = Maximum number of \ +tokens in memory +org.opendaylight.aaa.tokens.maxCachedTokensOnDisk.name = Disk Configuration +org.opendaylight.aaa.tokens.maxCachedTokensOnDisk.description = Maximum number of \ +tokens in memory +org.opendaylight.aaa.tokens.secondsToLive.name = Token Expiration +org.opendaylight.aaa.tokens.secondsToLive.description = Maximum number of \ +seconds a token can exist regardless of use. Zero (0) means never expires. +org.opendaylight.aaa.tokens.secondsToIdle.name = Unused Token Expiration +org.opendaylight.aaa.tokens.secondsToIdle.description = Maximum number of \ +seconds a token can exist without being accessed. Zero (0) means never expires. \ No newline at end of file diff --git a/odl-aaa-moon/aaa/aaa-authn-store/src/main/resources/OSGI-INF/metatype/metatype.xml b/odl-aaa-moon/aaa/aaa-authn-store/src/main/resources/OSGI-INF/metatype/metatype.xml new file mode 100644 index 00000000..d04874f4 --- /dev/null +++ b/odl-aaa-moon/aaa/aaa-authn-store/src/main/resources/OSGI-INF/metatype/metatype.xml @@ -0,0 +1,22 @@ + + + + + + + + + + + + \ No newline at end of file diff --git a/odl-aaa-moon/aaa/aaa-authn-store/src/main/resources/tokens.cfg b/odl-aaa-moon/aaa/aaa-authn-store/src/main/resources/tokens.cfg new file mode 100644 index 00000000..d3dda90e --- /dev/null +++ b/odl-aaa-moon/aaa/aaa-authn-store/src/main/resources/tokens.cfg @@ -0,0 +1,4 @@ +maxCachedTokensInMemory=10000 +maxCachedTokensOnDisk=1000000 +secondsToLive=3600 +secondsToIdle=3600 \ No newline at end of file diff --git a/odl-aaa-moon/aaa/aaa-authn-store/src/test/java/org/opendaylight/aaa/store/DefaultTokenStoreTest.java b/odl-aaa-moon/aaa/aaa-authn-store/src/test/java/org/opendaylight/aaa/store/DefaultTokenStoreTest.java new file mode 100644 index 00000000..e5c837bf --- /dev/null +++ b/odl-aaa-moon/aaa/aaa-authn-store/src/test/java/org/opendaylight/aaa/store/DefaultTokenStoreTest.java @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved. + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v1.0 which accompanies this distribution, + * and is available at http://www.eclipse.org/legal/epl-v10.html + */ + +package org.opendaylight.aaa.store; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNull; +import static org.mockito.Mockito.mock; +import static org.opendaylight.aaa.store.DefaultTokenStore.MAX_CACHED_DISK; +import static org.opendaylight.aaa.store.DefaultTokenStore.MAX_CACHED_MEMORY; +import static org.opendaylight.aaa.store.DefaultTokenStore.SECS_TO_IDLE; +import static org.opendaylight.aaa.store.DefaultTokenStore.SECS_TO_LIVE; + +import java.util.Dictionary; +import java.util.Hashtable; +import org.apache.felix.dm.Component; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.opendaylight.aaa.AuthenticationBuilder; +import org.opendaylight.aaa.ClaimBuilder; +import org.opendaylight.aaa.api.Authentication; +import org.osgi.service.cm.ConfigurationException; + +public class DefaultTokenStoreTest { + private static final String FOO_TOKEN = "foo_token"; + private final DefaultTokenStore dts = new DefaultTokenStore(); + private static final Dictionary config = new Hashtable<>(); + static { + config.put(MAX_CACHED_MEMORY, Long.toString(3)); + config.put(MAX_CACHED_DISK, Long.toString(3)); + config.put(SECS_TO_IDLE, Long.toString(1)); + config.put(SECS_TO_LIVE, Long.toString(1)); + } + + @Before + public void setup() throws ConfigurationException { + dts.init(mock(Component.class)); + dts.updated(config); + } + + @After + public void teardown() { + dts.destroy(); + } + + @Test + public void testCache() throws InterruptedException { + Authentication auth = new AuthenticationBuilder(new ClaimBuilder().setUser("foo") + .setUserId("1234") + .addRole("admin").build()).build(); + dts.put(FOO_TOKEN, auth); + assertEquals(auth, dts.get(FOO_TOKEN)); + dts.delete(FOO_TOKEN); + assertNull(dts.get(FOO_TOKEN)); + dts.put(FOO_TOKEN, auth); + Thread.sleep(1200); + assertNull(dts.get(FOO_TOKEN)); + } + +} -- cgit 1.2.3-korg