openstack/monasca-api
Code Issues Proposed changes

removing middleware code from mon-api

Browse Source
This commit is contained in:
Derrick Johnson
2014-06-25 23:18:18 -07:00
parent 3556768fbb
commit a401c62b8f
21 changed files with 6 additions and 1936 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
pom.xml
View File

@@ -80,6 +80,11 @@
<artifactId>mon-kafka</artifactId> <artifactId>mon-kafka</artifactId>
<version>${mon.common.version}</version> <version>${mon.common.version}</version>
</dependency> </dependency>
<dependency>
<groupId>com.hpcloud</groupId>
<artifactId>mon-middleware</artifactId>
<version>${mon.common.version}</version>
</dependency>
<dependency> <dependency>
<groupId>io.dropwizard</groupId> <groupId>io.dropwizard</groupId>
<artifactId>dropwizard-core</artifactId> <artifactId>dropwizard-core</artifactId>
@@ -120,11 +125,6 @@
<artifactId>jsr305</artifactId> <artifactId>jsr305</artifactId>
<version>2.0.0</version> <version>2.0.0</version>
</dependency> </dependency>
<dependency>
<groupId>com.hp.csbu.cc</groupId>
<artifactId>CsMiddleware</artifactId>
<version>3.34.0</version>
</dependency>
<dependency> <dependency>
<groupId>org.apache.curator</groupId> <groupId>org.apache.curator</groupId>
<artifactId>curator-recipes</artifactId> <artifactId>curator-recipes</artifactId>

22
src/main/java/com/hpcloud/middleware/AuthClient.java
View File

@@ -1,22 +0,0 @@
package com.hpcloud.middleware;
import java.util.Map;
import org.apache.http.client.ClientProtocolException;
import org.apache.thrift.TException;
/**
* A client that can communicate to an authentication server for authentication.
*
* @author liemmn
*
*/
public interface AuthClient {
public Object validateTokenForServiceEndpointV2(String token,
String serviceIds, String endpointIds, boolean includeCatalog)
throws TException, ClientProtocolException;
public Object validateTokenForServiceEndpointV3(String token,
Map<String, String> inputParams) throws TException, ClientProtocolException;
}

141
src/main/java/com/hpcloud/middleware/AuthClientFactory.java
View File

@@ -1,141 +0,0 @@
package com.hpcloud.middleware;
import org.apache.commons.pool.impl.GenericObjectPool;
/**
* A factory for building {@link AuthClient}s.
*
* @author liemmn
*
*/
public abstract class AuthClientFactory {
private static AuthClientFactory instance = null;
protected static GenericObjectPool pool;
/**
* Build a AuthClientFactory. Singleton.
*
* @param host
* Auth host
* @param port
* Auth port
* @param timeout
* Auth connection timeout
* @param clientAuth
* 2-way SSL (if false, 1-way SSL is used)
* @param keyStore
* Keystore
* @param keyPass
* Keystore password
* @param trustStore
* Truststore
* @param trustPass
* Truststore password
* @param maxActive
* Maximum number of objects that can be allocated by the pool
* (checked out to clients, or idle awaiting checkout) at a given
* time. When non-positive, there is no limit to the number of
* objects that can be managed by the pool at one time. When
* maxActive is reached, the pool is said to be exhausted. The
* default setting for this parameter is 8.
* @param maxIdle
* Maximum number of objects that can sit idle in the pool at any
* time. When negative, there is no limit to the number of
* objects that may be idle at one time. The default setting for
* this parameter is 8.
* @param timeBetweenEvictionRunsMillis
* How long the eviction thread should sleep before "runs" of
* examining idle objects. When non-positive, no eviction thread
* will be launched. The default setting for this parameter is -1
* (i.e., idle object eviction is disabled by default).
* @param minEvictableIdleTimeMillis
* Minimum amount of time that an object may sit idle in the pool
* before it is eligible for eviction due to idle time. When
* non-positive, no object will be dropped from the pool due to
* idle time alone. This setting has no effect unless
* timeBetweenEvictionRunsMillis > 0. The default setting for
* this parameter is 30 minutes.
* @param adminToken
* Admin token for use with vanilla Keystone.
*
* @return AuthClientFactory singleton.
* @throws Exception
*/
public static synchronized AuthClientFactory build(String host, int port,
int timeout, boolean clientAuth, String keyStore, String keyPass,
String trustStore, String trustPass, int maxActive, int maxIdle,
long timeBetweenEvictionRunsMillis,
long minEvictableIdleTimeMillis, String adminToken)
throws Exception {
if (instance == null) {
instance = new HttpClientFactory(host, port, timeout,
clientAuth, keyStore, keyPass, trustStore, trustPass,
adminToken, maxActive, timeBetweenEvictionRunsMillis,
minEvictableIdleTimeMillis);
// Pool tweaking
pool.setMaxActive(maxActive);
pool.setMaxIdle(maxIdle);
pool.setTimeBetweenEvictionRunsMillis(timeBetweenEvictionRunsMillis);
pool.setMinEvictableIdleTimeMillis(minEvictableIdleTimeMillis);
}
return instance;
}
/**
* Get a client. Don't forget to {@link #recycleClient(Client)} after you
* are done using it, successfully or not.
*
* @return Client
* @throws Exception
*/
public AuthClient getClient() {
try {
return (AuthClient) pool.borrowObject();
} catch (Exception e) {
throw new AuthConnectionException("Failed to get a client "+ e.getMessage(), e);
}
}
/**
* Recycle the client for next usage.
*
* @param client
* Client to recycle
* @throws Exception
*/
public void recycle(AuthClient client) {
try {
pool.returnObject(client);
} catch (Exception e) {
throw new AuthConnectionException("Failed to recycle client", e);
}
}
/**
* Call this if the client is unusable (i.e., exception).
*
* @param client
* Client to discard.
*/
public void discard(AuthClient client) {
try {
pool.invalidateObject(client);
} catch (Exception e) {
System.out.println("AuthConnection problem destorying");
throw new AuthConnectionException("Failed to destroy client", e);
}
}
/**
* Shut down this factory.
*/
public void shutdown() {
try {
pool.close();
} catch (Exception e) {
throw new AuthConnectionException("Failed to close client pool", e);
}
}
}

18
src/main/java/com/hpcloud/middleware/AuthConnectionException.java
View File

@@ -1,18 +0,0 @@
package com.hpcloud.middleware;
/**
* An exception to indicate any connection issue.
*
* @author liemmn
*
*/
public class AuthConnectionException extends RuntimeException {
private static final long serialVersionUID = 4318025130590973448L;
public AuthConnectionException(String msg) {
super(msg);
}
public AuthConnectionException(String msg, Exception e) {
super(msg, e);
}
}

180
src/main/java/com/hpcloud/middleware/AuthConstants.java
View File

@@ -1,180 +0,0 @@
package com.hpcloud.middleware;
public interface AuthConstants {
/** 'Confirmed' or 'Invalid' */
public static enum IdentityStatus {
Confirmed, Invalid
}
// =============================== TOKEN ===================================
/** Credential (token) header */
public static final String TOKEN = "X-AUTH-TOKEN";
/** Auth status parameter */
public static final String AUTH_IDENTITY_STATUS = "X-IDENTITY-STATUS";
/** Auth user Id parameter */
public static final String AUTH_USER_ID = "X-USER-ID";
/** Auth user name parameter */
public static final String AUTH_USER_NAME = "X-USER-NAME";
/** Auth user roles parameter, comma-separated roles */
public static final String AUTH_ROLES = "X-ROLES";
/** json encoded keystone service catalog */
public static final String AUTH_SERVICE_CATALOG = "X-SERVICE-CATALOG";
/** Service Ids initialization parameter */
public static final String SERVICE_IDS = "ServiceIds";
/** Endpoint Ids initialization parameter */
public static final String ENDPOINT_IDS = "EndpointIds";
/** Keystone admin token for use in vanilla Keystone */
public static final String ADMIN_TOKEN = "AdminToken";
// ============================ CONNECTION =================================
/** Auth server initialization parameter */
public static final String SERVER_VIP = "ServerVIP";
/** Auth server port: 9543 for Thrift, 35357 for HTTP. */
public static final String SERVER_PORT = "ServerPort";
/** connection timeout initialization parameter */
public static final String CONN_TIMEOUT = "ConnTimeout";
/** 2-way SSL initialization parameter: True or False */
public static final String CONN_SSL_CLIENT_AUTH = "ConnSSLClientAuth";
/** SSL keystore initialization parameter */
public static final String KEYSTORE = "Keystore";
/** SSL keystore password initialization parameter */
public static final String KEYSTORE_PASS = "KeystorePass";
/** SSL truststore initialization parameter */
public static final String TRUSTSTORE = "Truststore";
/** SSL truststore password initialization parameter */
public static final String TRUSTSTORE_PASS = "TruststorePass";
// ============================== POOLING ==================================
/**
* Maximum number of objects that can be allocated by the pool (checked out
* to clients, or idle awaiting checkout) at a given time. When
* non-positive, there is no limit to the number of objects that can be
* managed by the pool at one time. When maxActive is reached, the pool is
* said to be exhausted. The default setting for this parameter is 8.
*/
public static final String CONN_POOL_MAX_ACTIVE = "ConnPoolMaxActive";
/**
* Maximum number of objects that can sit idle in the pool at any time. When
* negative, there is no limit to the number of objects that may be idle at
* one time. The default setting for this parameter is 8.
*/
public static final String CONN_POOL_MAX_IDLE = "ConnPoolMaxIdle";
/**
* How long the eviction thread should sleep before "runs" of examining idle
* objects. When non-positive, no eviction thread will be launched. The
* default setting for this parameter is -1 (i.e., idle object eviction is
* disabled by default).
*/
public static final String CONN_POOL_EVICT_PERIOD = "ConnPoolEvictPeriod";
/**
* Minimum amount of time that an object may sit idle in the pool before it
* is eligible for eviction due to idle time. When non-positive, no object
* will be dropped from the pool due to idle time alone. This setting has no
* effect unless ConnPoolEvictPeriod > 0. The default setting for this
* parameter is 30 minutes.
*/
public static final String CONN_POOL_MIN_IDLE_TIME = "ConnPoolMinIdleTime";
// ============================== CACHING ==================================
public static final String TIME_TO_CACHE_TOKEN ="TimeToCacheToken";
public static final String MAX_TOKEN_CACHE_SIZE="MaxTokenCacheSize";
/** Number of connection timeout retries **/
public static final String CONN_TIMEOUT_RETRIES = "ConnRetryTimes";
/** Number of connection timeout retries **/
public static final String PAUSE_BETWEEN_RETRIES = "ConnRetryInterval";
/** Authentication decision is forwarded to next filter **/
public static final String DELAY_AUTH_DECISION = "DelayAuthDecision";
public static final String SIGNATURE_METHOD = "HmacSHA1";
/** Version of CS to authenticate the credentials **/
public static final String AUTH_VERSION = "AuthVersion";
/** Include Service Catalog as part of Authentication Response **/
public static final String INCLUDE_SERVICE_CATALOG = "IncludeServiceCatalog";
/**
* Identity service managed unique identifier, string. Only present if this
* is a project-scoped v3 token, or a tenant-scoped v2 token.
**/
public static final String AUTH_PROJECT_ID = "X-PROJECT-ID";
/**
* Project name, unique within owning domain, string. Only present if this
* is a project-scoped v3 token, or a tenant-scoped v2 token.
**/
public static final String AUTH_PROJECT_NAME = "X-PROJECT-NAME";
/**
* Identity service managed unique identifier of owning domain of project,
* string. Only present if this is a project-scoped v3 token. If this
* variable is set, this indicates that the PROJECT_NAME can only be assumed
* to be unique within this domain.
**/
public static final String AUTH_PROJECT_DOMAIN_ID = "X-PROJECT-DOMAIN-ID";
/**
* Name of owning domain of project, string. Only present if this is a
* project-scoped v3 token. If this variable is set, this indicates that the
* PROJECT_NAME can only be assumed to be unique within this domain.
**/
public static final String AUTH_PROJECT_DOMAIN_NAME = "X-PROJECT-DOMAIN-NAME";
/**
* Identity service managed unique identifier of owning domain of user,
* string. If this variable is set, this indicates that the USER_NAME can
* only be assumed to be unique within this domain.
**/
public static final String AUTH_USER_DOMAIN_ID = "X-USER-DOMAIN-ID";
/**
* Name of owning domain of user, string. If this variable is set, this
* indicates that the USER_NAME can only be assumed to be unique within this
* domain.
**/
public static final String AUTH_USER_DOMAIN_NAME = "X-USER-DOMAIN-NAME";
/**
* Identity service managed unique identifier, string. Only present if this
* is a domain-scoped v3 token.
**/
public static final String AUTH_DOMAIN_ID = "X-DOMAIN-ID";
/**
* Unique domain name, string. Only present if this is a domain-scoped v3
* token.
**/
public static final String AUTH_DOMAIN_NAME = "X-DOMAIN-NAME";
public static final String AUTH_HP_IDM_ROLES = "X-HP-IDM-Non-Tenant-Roles";
public static final String REMOTE_HOST = "RemoteHost";
public static final String REMOTE_ADDR = "RemoteAddress";
// Depracated Headers.
/** Auth user roles parameter, comma-separated roles */
public static final String AUTH_ROLE = "X-ROLE";
/** Auth tenant Id parameter */
public static final String AUTH_TENANT_ID = "X-TENANT-ID";
/** Auth tenant name parameter */
public static final String AUTH_TENANT_NAME = "X-TENANT-NAME";
/** Auth tenant name parameter */
public static final String AUTH_TENANT = "X-TENANT";
/**
* *Deprecated* in favor of HTTP_X_USER_ID and HTTP_X_USER_NAME User name,
* unique within owning domain, string
**/
public static final String AUTH_USER = "X-USER";
public static final String AUTH_SUBJECT_TOKEN = "X-Subject-Token";
public static final String ADMIN_USER = "AdminUser";
public static final String ADMIN_PASSWORD = "AdminPassword";
public static final String ADMIN_AUTH_METHOD = "AdminAuthMethod";
public static final String ADMIN_ACCESS_KEY = "AdminAccessKey";
public static final String ADMIN_SECRET_KEY = "AdminSecretKey";
public static final String ADMIN_PROJECT_ID = "AdminProjectId";
}

18
src/main/java/com/hpcloud/middleware/AuthException.java
View File

@@ -1,18 +0,0 @@
package com.hpcloud.middleware;
/**
* An exception to indicate any authentication error.
*
* @author liemmn
*
*/
public class AuthException extends RuntimeException {
public AuthException(String msg) {
super(msg);
}
public AuthException(String msg, Exception e) {
super(msg, e);
}
}

31
src/main/java/com/hpcloud/middleware/CatalogV3.java
View File

@@ -1,31 +0,0 @@
package com.hpcloud.middleware;
import java.util.List;
public class CatalogV3 {
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getType() {
return type;
}
public void setType(String type) {
this.type = type;
}
public List getEndPoints() {
return endPoints;
}
public void setEndPoints(List endPoints) {
this.endPoints = endPoints;
}
String id;
String type;
List endPoints;
}

277
src/main/java/com/hpcloud/middleware/Config.java
View File

@@ -1,277 +0,0 @@
package com.hpcloud.middleware;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.util.Map;
public class Config implements AuthConstants {
// Thee faithful logger
private static final Logger logger = LoggerFactory
.getLogger(Config.class);
private static final Config instance = new Config();
private static final String PASSWORD = "password";
private static final String ACCESS_KEY = "accesskey";
// Application wide init param -- ServletContext
private ServletContext context = null;
private TokenCache<String, String> client = null;
// Auth client factory
private AuthClientFactory factory = null;
// The service IDs that this filter serves
private String serviceIds;
// The optional endpoint IDs that this filter serves
private String endpointIds;
//the time to cache token
private long timeToCacheToken;
// flag to set if auth decision can be delegated to next filter
private boolean delayAuthDecision;
// retries and pauseTime configuration for retry logic
private int retries;
private int pauseTime;
// configuration to authenticate against CS api
private String authVersion;
// flag to include catalog in the response
private boolean includeCatalog;
// configuration for admin authentication method to be used for 2-way SSL
private String adminAuthMethod;
// configuration for admin default project
private String adminProjectId;
// flag to indicate if the filter is already intialized with required parameters
private volatile boolean initialized = false;
//context is not getting properly filed so will use FilterConfig
private FilterConfig filterConfig;
private Config() {
}
public static Config getInstance() {
return instance;
}
public synchronized void initialize(FilterConfig config, ServletRequest req, Map<String,String> map) throws ServletException {
this.context = config.getServletContext();
this.filterConfig = config;
try {
// Initialize serviceIds...
serviceIds = filterConfig.getInitParameter(SERVICE_IDS);
// Initialize endpointIds...
endpointIds = filterConfig.getInitParameter(ENDPOINT_IDS);
// Initialize auth server connection parameters...
String host = filterConfig.getInitParameter(SERVER_VIP);
int port = Integer.parseInt(filterConfig.getInitParameter(SERVER_PORT));
// HP Keystone Server only supports authentication against
// V3.0 api
authVersion = getValue(AUTH_VERSION, "v3.0");
if ((serviceIds == null || serviceIds.isEmpty())
&& (endpointIds == null || endpointIds.isEmpty())
&& authVersion.equalsIgnoreCase("v2.0")) {
throw new Throwable("Need to specify " + SERVICE_IDS);
}
// Initialize Certificates
String keyStore = filterConfig.getInitParameter(KEYSTORE);
String keyPass = filterConfig.getInitParameter(KEYSTORE_PASS);
String trustStore = filterConfig.getInitParameter(TRUSTSTORE);
String trustPass = filterConfig.getInitParameter(TRUSTSTORE_PASS);
String adminToken = getValue(ADMIN_TOKEN, "");
int timeout = getValue(CONN_TIMEOUT, 0);
boolean clientAuth = getValue(CONN_SSL_CLIENT_AUTH, true);
int maxActive = getValue(CONN_POOL_MAX_ACTIVE, 3);
int maxIdle = getValue(CONN_POOL_MAX_IDLE, 3);
long evictPeriod = getValue(CONN_POOL_EVICT_PERIOD, 60000L);
long minIdleTime = getValue(CONN_POOL_MIN_IDLE_TIME, 90000L);
retries = getValue(CONN_TIMEOUT_RETRIES, 3);
pauseTime = getValue(PAUSE_BETWEEN_RETRIES, 100);
delayAuthDecision = getValue(DELAY_AUTH_DECISION, false);
includeCatalog = getValue(INCLUDE_SERVICE_CATALOG, true);
adminAuthMethod = getValue(ADMIN_AUTH_METHOD, "");
adminProjectId = getValue(ADMIN_PROJECT_ID, "");
timeToCacheToken = getValue(TIME_TO_CACHE_TOKEN,600);
long maxTokenCacheTime = getValue(MAX_TOKEN_CACHE_SIZE,1048576);
this.factory = AuthClientFactory.build(host, port, timeout,
clientAuth, null, null, trustStore, trustPass,
maxActive, maxIdle, evictPeriod, minIdleTime, adminToken);
verifyRequiredParamsForAuthMethod();
this.client = new TokenCache<>(timeToCacheToken,timeToCacheToken,map);
logger.info("Auth host (2-way SSL: " + clientAuth + "): " + host);
logger.info("Read Servlet Initialization Parameters ");
initialized = true;
} catch (Throwable t) {
logger.error("Failed to read Servlet Initialization Parameters ",
t.getMessage());
throw new ServletException(
"Failed to read Servlet Initialization Parameters :: "
+ t.getMessage(), t);
}
}
public boolean isInitialized() {
return initialized;
}
protected String getAdminProject() {
return adminProjectId;
}
protected String getAdminAccessKey() {
if (context.getAttribute(ADMIN_ACCESS_KEY) != null) {
return (String) context.getAttribute(ADMIN_ACCESS_KEY);
} else {
return getValue(ADMIN_ACCESS_KEY, "");
}
}
protected String getAdminSecretKey() {
if (context.getAttribute(ADMIN_SECRET_KEY) != null) {
return (String) context.getAttribute(ADMIN_SECRET_KEY);
} else {
return getValue(ADMIN_SECRET_KEY, "");
}
}
protected String getAdminToken() {
return getValue(ADMIN_TOKEN, "");
}
protected String getAdminAuthMethod() {
return adminAuthMethod;
}
protected String getAdminUser() {
if (context.getAttribute(ADMIN_USER) != null) {
return (String) context.getAttribute(ADMIN_USER);
} else {
return getValue(ADMIN_USER, "");
}
}
protected String getAdminPassword() {
if (context.getAttribute(ADMIN_PASSWORD) != null) {
String password = (String) context.getAttribute(ADMIN_PASSWORD);
return password;
} else {
return getValue(ADMIN_PASSWORD, "");
}
}
protected boolean isIncludeCatalog() {
return includeCatalog;
}
protected String getAuthVersion() {
return authVersion;
}
protected ServletContext getConfig() {
return context;
}
protected TokenCache<String,String> getClient() {
return client;
}
protected AuthClientFactory getFactory() {
return factory;
}
protected String getServiceIds() {
return serviceIds;
}
protected String getEndpointIds() {
return endpointIds;
}
protected boolean isDelayAuthDecision() {
return delayAuthDecision;
}
protected int getRetries() {
return retries;
}
protected int getPauseTime() {
return pauseTime;
}
public long getTimeToCacheToken() { return timeToCacheToken; }
public void setTimeToCacheToken(long timeToCachedToken) {
this.timeToCacheToken = timeToCachedToken;
}
public void setClient(TokenCache<String,String> client) { this.client = client;}
private <T> T getValue(String paramName, T defaultValue) {
Class type = defaultValue.getClass();
String initparamValue = filterConfig.getInitParameter(paramName);
if (initparamValue != null && !initparamValue.isEmpty()) {
if (type.equals(Integer.class)) {
int paramValue = Integer.parseInt(initparamValue);
return (T) type.cast(paramValue);
} else if (type.equals(Long.class)) {
long paramValue = Long.parseLong(initparamValue);
return (T) type.cast(paramValue);
} else if (type.equals(Boolean.class)) {
boolean paramValue = Boolean.parseBoolean(initparamValue);
return (T) type.cast(paramValue);
} else if (type.equals(String.class)) {
return (T) type.cast(initparamValue);
}
}
return defaultValue;
}
private void verifyRequiredParamsForAuthMethod() {
if (adminAuthMethod.equalsIgnoreCase(PASSWORD)) {
if (getAdminUser().isEmpty() || getAdminPassword().isEmpty()) {
String msg = String
.format("admin user and password must be specified if admin auth method is %s",
adminAuthMethod);
throw new AuthException(msg);
}
} else if (adminAuthMethod.equalsIgnoreCase(ACCESS_KEY)) {
if (getAdminAccessKey().isEmpty() || getAdminSecretKey().isEmpty()) {
String msg = String
.format("admin access and secret key must be specified if admin auth method is %s",
adminAuthMethod);
throw new AuthException(msg);
}
}
}
}

34
src/main/java/com/hpcloud/middleware/ExceptionHandlerUtil.java
View File

@@ -1,34 +0,0 @@
package com.hpcloud.middleware;
public class ExceptionHandlerUtil {
public final static String SERVICE_UNAVAILABLE = "Service Unavailable";
public final static String UNAUTHORIZED_TOKEN = "Unauthorized Token";
public final static String INTERNAL_SERVER_ERROR = "Internal Server Error";
private ExceptionHandlerUtil() {
}
public static String getStatusText(int errorCode) {
if (errorCode == 401) {
return UNAUTHORIZED_TOKEN;
}
if (errorCode == 503) {
return SERVICE_UNAVAILABLE;
}
if (errorCode == 500) {
return INTERNAL_SERVER_ERROR;
}
return "Unknown Error";
}
public static TokenExceptionHandler lookUpTokenException(Exception ex) {
try {
return TokenExceptionHandler.valueOf(ex.getClass().getSimpleName());
} catch (IllegalArgumentException iae) {
return TokenExceptionHandler.valueOf("ResourceException");
}
}
}

261
src/main/java/com/hpcloud/middleware/FilterUtils.java
View File

@@ -1,261 +0,0 @@
package com.hpcloud.middleware;
import static com.hpcloud.middleware.AuthConstants.AUTH_IDENTITY_STATUS;
import static com.hpcloud.middleware.AuthConstants.AUTH_ROLES;
import static com.hpcloud.middleware.AuthConstants.AUTH_TENANT_NAME;
import static com.hpcloud.middleware.AuthConstants.AUTH_USER_ID;
import static com.hpcloud.middleware.AuthConstants.AUTH_DOMAIN_ID;
import static com.hpcloud.middleware.AuthConstants.AUTH_DOMAIN_NAME;
import static com.hpcloud.middleware.AuthConstants.AUTH_PROJECT_ID;
import static com.hpcloud.middleware.AuthConstants.AUTH_PROJECT_NAME;
import static com.hpcloud.middleware.AuthConstants.AUTH_TENANT_ID;
import static com.hpcloud.middleware.AuthConstants.AUTH_USER_NAME;
import static com.hpcloud.middleware.AuthConstants.IdentityStatus;
import static com.hpcloud.middleware.AuthConstants.AUTH_PROJECT_DOMAIN_ID;
import static com.hpcloud.middleware.AuthConstants.AUTH_PROJECT_DOMAIN_NAME;
import static com.hpcloud.middleware.AuthConstants.AUTH_USER_DOMAIN_ID;
import static com.hpcloud.middleware.AuthConstants.AUTH_USER_DOMAIN_NAME;
import static com.hpcloud.middleware.AuthConstants.AUTH_HP_IDM_ROLES;
import static com.hpcloud.middleware.AuthConstants.AUTH_SERVICE_CATALOG;
import java.io.IOException;
import java.lang.reflect.Modifier;
import java.util.Iterator;
import javax.servlet.ServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonNull;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
public class FilterUtils {
private FilterUtils() {
}
private static final Config appConfig = Config.getInstance();
private static final Gson gson = new GsonBuilder()
.excludeFieldsWithModifiers(Modifier.PRIVATE, Modifier.FINAL)
.create();
// Thee faithful logger
private static final Logger logger = LoggerFactory
.getLogger(FilterUtils.class);
public static void destroyFilter() {
TokenCache<String,String> client = appConfig.getClient();
if(client !=null)
appConfig.setClient(null);
AuthClientFactory factory = appConfig.getFactory();
// Shutdown factory
if (factory != null) {
factory.shutdown();
}
}
public static ServletRequest wrapRequestFromHttpResponse(
ServletRequest req, String data) {
if (appConfig.getAuthVersion().equalsIgnoreCase("v2.0")) {
wrapRequestFromHttpV2Response(req, data);
} else {
wrapRequestFromHttpV3Response(req, data);
}
return req;
}
private static void wrapRequestFromHttpV3Response(ServletRequest req,
String data) {
StringBuilder tenants = new StringBuilder();
StringBuilder nonTenants = new StringBuilder();
JsonParser jp = new JsonParser();
JsonObject token = jp.parse(data).getAsJsonObject().get("token")
.getAsJsonObject();
// Domain Scoped Token
if (token.get("domain") != null) {
JsonObject domain = token.get("domain").getAsJsonObject();
req.setAttribute(AUTH_DOMAIN_ID, domain.get("id").getAsString());
if (domain.get("name") != null) {
req.setAttribute(AUTH_DOMAIN_NAME, domain.get("name")
.getAsString());
}
}
// Project Scoped Token
if (token.get("project") != null) {
JsonObject project = token.get("project").getAsJsonObject();
req.setAttribute(AUTH_PROJECT_ID, project.get("id").getAsString());
req.setAttribute(AUTH_PROJECT_NAME, project.get("name")
.getAsString());
JsonObject projectDomain = project.get("domain").getAsJsonObject();
// special case where the value of id is null and the
// projectDomain.get("id") != null
if (!projectDomain.get("id").equals(new JsonNull())) {
req.setAttribute(AUTH_PROJECT_DOMAIN_ID, projectDomain
.get("id").getAsString());
}
if (projectDomain.get("name") != null) {
req.setAttribute(AUTH_PROJECT_DOMAIN_NAME,
projectDomain.get("name"));
}
}
// User info
if (token.get("user") != null) {
JsonObject user = token.get("user").getAsJsonObject();
req.setAttribute(AUTH_USER_ID, user.get("id").getAsString());
req.setAttribute(AUTH_USER_NAME, user.get("name").getAsString());
JsonObject userDomain = user.get("domain").getAsJsonObject();
if (userDomain.get("id") != null) {
req.setAttribute(AUTH_USER_DOMAIN_ID, userDomain.get("id")
.getAsString());
}
if (userDomain.get("name") != null) {
req.setAttribute(AUTH_USER_DOMAIN_NAME, userDomain.get("name")
.getAsString());
}
}
// Roles
JsonArray roles = token.getAsJsonArray("roles");
if (roles != null) {
Iterator<JsonElement> it = roles.iterator();
StringBuilder roleBuilder = new StringBuilder();
while (it.hasNext()) {
//Changed to meet my purposes
JsonObject role = it.next().getAsJsonObject();
String currentRole = role.get("name").getAsString();
roleBuilder.append(currentRole).append(",");
}
//My changes to meet my needs
req.setAttribute(AUTH_ROLES, roleBuilder.toString());
}
String tenantRoles = (tenants.length() > 0) ? tenants.substring(1)
: tenants.toString();
String nonTenantRoles = (nonTenants.length() > 0) ? nonTenants
.substring(1) : nonTenants.toString();
if (!tenantRoles.equals("")) {
req.setAttribute(AUTH_ROLES, tenantRoles);
}
if (!nonTenantRoles.equals("")) {
req.setAttribute(AUTH_HP_IDM_ROLES, nonTenantRoles);
}
// Catalog
if (token.get("catalog") != null && appConfig.isIncludeCatalog()) {
JsonArray catalog = token.get("catalog").getAsJsonArray();
req.setAttribute(AUTH_SERVICE_CATALOG, catalog.toString());
}
}
private static void wrapRequestFromHttpV2Response(ServletRequest req,
String data) {
StringBuilder tenants = new StringBuilder();
StringBuilder nonTenants = new StringBuilder();
JsonParser jp = new JsonParser();
JsonObject access = jp.parse(data).getAsJsonObject().get("access")
.getAsJsonObject();
JsonObject token = access.get("token").getAsJsonObject();
// Tenant info
if (token.get("tenant") != null) {
JsonObject tenant = token.get("tenant").getAsJsonObject();
String id = tenant.get("id").getAsString();
String name = tenant.get("name").getAsString();
if (id != null)
req.setAttribute(AUTH_TENANT_ID, id);
if (name != null)
req.setAttribute(AUTH_TENANT_NAME, name);
}
// User info
if (access.get("user") != null) {
JsonObject user = access.get("user").getAsJsonObject();
String userId = user.get("id").getAsString();
String username = user.get("name").getAsString();
if (userId != null)
req.setAttribute(AUTH_USER_ID, userId);
if (username != null)
req.setAttribute(AUTH_USER_NAME, username);
// Roles
JsonArray roles = user.getAsJsonArray("roles");
if (roles != null) {
Iterator<JsonElement> it = roles.iterator();
while (it.hasNext()) {
JsonObject role = it.next().getAsJsonObject();
if (role.get("tenantId") != null) {
tenants.append(",");
tenants.append(role.get("name").getAsString());
} else {
nonTenants.append(",");
nonTenants.append(role.get("name").getAsString());
}
}
}
String tenantRoles = (tenants.length() > 0) ? tenants.substring(1)
: tenants.toString();
if (!tenantRoles.equals("")) {
req.setAttribute(AUTH_ROLES, tenantRoles);
}
String nonTenantRoles = (nonTenants.length() > 0) ? nonTenants
.substring(1) : nonTenants.toString();
if (!nonTenantRoles.equals("")) {
req.setAttribute(AUTH_HP_IDM_ROLES, nonTenantRoles);
}
}
// Service catalog
if (access.get("serviceCatalog") != null
&& appConfig.isIncludeCatalog()) {
JsonArray serviceCatalog = access.get("serviceCatalog")
.getAsJsonArray();
req.setAttribute(AUTH_SERVICE_CATALOG, serviceCatalog.toString());
}
}
public static ServletRequest wrapRequest(ServletRequest req, Object data) {
if (data == null) {
req.setAttribute(AUTH_IDENTITY_STATUS,
IdentityStatus.Invalid.toString());
logger.debug("Failed Authentication. Setting identity status header to Invalid");
}
req.setAttribute(AUTH_IDENTITY_STATUS,
IdentityStatus.Confirmed.toString());
if (data instanceof String) {
wrapRequestFromHttpResponse(req, ((String) data));
}
return req;
}
// Insert token into cache
public static void cacheToken(String token, Object auth) {
appConfig.getClient().put(token, (String) auth);
}
// Get token from cache
public static Object getCachedToken(String token) throws IOException {
return appConfig.getClient().getToken(token);
}
public static void pause(long pauseTime) {
try {
Thread.currentThread().sleep(pauseTime);
} catch (InterruptedException e) {
logger.debug("Thread is interrupted while sleeping before "
+ pauseTime + " seconds. ");
}
}
}

304
src/main/java/com/hpcloud/middleware/HttpAuthClient.java
View File

@@ -1,304 +0,0 @@
package com.hpcloud.middleware;
import static com.hpcloud.middleware.AuthConstants.TOKEN;
import static com.hpcloud.middleware.AuthConstants.AUTH_SUBJECT_TOKEN;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.ConnectException;
import java.net.URI;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Map;
import java.util.TimeZone;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.message.BasicHeader;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
public class HttpAuthClient implements AuthClient {
private static final String ACCESSKEY = "accesskey";
private static final String PASSWORD = "password";
private static final String SERVICE_IDS_PARAM = "serviceIds";
private static final String ENDPOINT_IDS_PARAM = "endpointIds";
private static final int DELTA_TIME_IN_SEC = 30;
private static SimpleDateFormat expiryFormat;
static {
expiryFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mmmmmm'Z'");
expiryFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
}
private final Config appConfig = Config.getInstance();
private HttpClient client;
private String adminToken;
private String adminTokenExpiry;
private URI uri;
public HttpAuthClient(HttpClient client, URI uri) {
this.client = client;
this.uri = uri;
}
@Override
public Object validateTokenForServiceEndpointV2(String token,
String serviceIds, String endpointIds, boolean includeCatalog)
throws ClientProtocolException {
String newUri = uri.toString() + "/v2.0/tokens/" + token;
return verifyUUIDToken(token, newUri, null, serviceIds, endpointIds);
}
@Override
public Object validateTokenForServiceEndpointV3(String token,
Map<String, String> inputParams) throws ClientProtocolException {
String newUri = uri.toString() + "/v3/auth/tokens/";
Header[] header = new Header[1];
header[0] = new BasicHeader(AUTH_SUBJECT_TOKEN, token);
String serviceIds = null;
String endpointIds = null;
if (inputParams.containsKey(SERVICE_IDS_PARAM))
serviceIds = inputParams.get(SERVICE_IDS_PARAM);
if (inputParams.containsKey(ENDPOINT_IDS_PARAM))
endpointIds = inputParams.get(ENDPOINT_IDS_PARAM);
return verifyUUIDToken(token, newUri, header, serviceIds, endpointIds);
}
private Object verifyUUIDToken(String token, String newUri,
Header[] header, String serviceIds, String endpointIds)
throws ClientProtocolException {
HttpResponse response = sendGet(newUri, header, serviceIds, endpointIds);
HttpEntity entity = response.getEntity();
int code = response.getStatusLine().getStatusCode();
InputStream instream = null;
try {
if (code == 404) {
instream = entity.getContent();
instream.close();
throw new AuthException("Authorization failed for token: " + token);
}
if (code != 200) {
adminToken = null;
instream = entity.getContent();
instream.close();
String reasonPhrase = response.getStatusLine().getReasonPhrase();
throw new AuthException("Failed to validate via HTTP " + code
+ " " + reasonPhrase);
}
} catch(IOException e) {
throw new ClientProtocolException(
"IO Exception: problem closing stream ", e);
}
return parseResponse(response);
}
private HttpResponse sendPost(String uri, StringEntity body)
throws ClientProtocolException {
HttpResponse response = null;
HttpPost post = new HttpPost(uri);
post.setHeader("Accept", "application/json");
post.setHeader("Content-Type", "application/json");
try {
post.setEntity(body);
response = client.execute(post);
int code = response.getStatusLine().getStatusCode();
if (!(code == 201 || code == 200 || code == 203)) {
adminToken = null;
throw new AuthException(
"Failed to authenticate admin credentials " + code
+ response.getStatusLine().getReasonPhrase());
}
} catch (IOException e) {
post.abort();
throw new ClientProtocolException(
"IO Exception during POST request ", e);
}
return response;
}
private HttpResponse sendGet(String newUri, Header[] headers,
String serviceIds, String endpointIds)
throws ClientProtocolException {
HttpResponse response = null;
HttpGet get = null;
boolean hasServiceIds = false;
if (serviceIds != null && !serviceIds.isEmpty()) {
newUri += "?HP-IDM-serviceId=" + serviceIds;
hasServiceIds = true;
}
if (endpointIds != null && !endpointIds.isEmpty()) {
newUri += hasServiceIds ? "&HP-IDM-endpointTemplateId="
+ endpointIds : "?HP-IDM-endpointTemplateId=" + endpointIds;
}
get = new HttpGet(newUri);
get.setHeader("Accept", "application/json");
get.setHeader("Content-Type", "application/json");
if (headers != null) {
for (Header header : headers) {
get.setHeader(header);
}
}
if(!appConfig.getAdminToken().isEmpty()) {
get.setHeader(new BasicHeader(TOKEN, appConfig.getAdminToken()));
}
else if (!appConfig.getAdminAuthMethod().isEmpty()) {
get.setHeader(new BasicHeader(TOKEN, getAdminToken()));
}
try {
response = client.execute(get);
}catch(ConnectException c) {
get.abort();
throw new UnavailableException(c.getMessage());
}
catch (IOException e) {
get.abort();
throw new ClientProtocolException(
"IO Exception during GET request ", e);
}
return response;
}
private String parseResponse(HttpResponse response) {
StringBuffer json = new StringBuffer();
HttpEntity entity = response.getEntity();
if (entity != null) {
InputStream instream;
try {
instream = entity.getContent();
BufferedReader reader = new BufferedReader(
new InputStreamReader(instream));
String line = reader.readLine();
while (line != null) {
json.append(line);
line = reader.readLine();
}
instream.close();
reader.close();
} catch (Exception e) {
throw new AuthException("Failed to parse Http Response ", e);
}
}
return json.toString();
}
private String getAdminToken() throws ClientProtocolException {
HttpResponse response;
String json;
JsonParser jp = new JsonParser();
if (adminTokenExpiry != null) {
if (isExpired(adminTokenExpiry)) {
adminToken = null;
}
}
if (adminToken == null) {
if (appConfig.getAuthVersion().equalsIgnoreCase("v2.0")) {
StringEntity params = getUnscopedV2AdminTokenRequest();
String authUri = uri + "/v2.0/tokens";
response = sendPost(authUri, params);
json = parseResponse(response);
JsonObject access = jp.parse(json).getAsJsonObject()
.get("access").getAsJsonObject();
JsonObject token = access.get("token").getAsJsonObject();
adminToken = token.get("id").getAsString();
adminTokenExpiry = token.get("expires").getAsString();
} else {
StringEntity params = getUnscopedV3AdminTokenRequest();
String authUri = uri + "/v3/auth/tokens";
response = sendPost(authUri, params);
adminToken = response.getFirstHeader(AUTH_SUBJECT_TOKEN)
.getValue();
json = parseResponse(response);
JsonObject token = jp.parse(json).getAsJsonObject()
.get("token").getAsJsonObject();
adminTokenExpiry = token.get("expires_at").getAsString();
}
}
return adminToken;
}
private StringEntity getUnscopedV2AdminTokenRequest() {
StringBuffer bfr = new StringBuffer();
if (appConfig.getAdminAuthMethod().equalsIgnoreCase(PASSWORD)) {
bfr.append("{\"auth\": {\"passwordCredentials\": {\"username\": \"");
bfr.append(appConfig.getAdminUser());
bfr.append("\",\"password\": \"");
bfr.append(appConfig.getAdminPassword());
if (appConfig.getAdminProject() != null && !appConfig.getAdminProject().isEmpty()) {
bfr.append("\"}, \"tenantId\": \"");
bfr.append(appConfig.getAdminProject());
bfr.append("\"}}");
} else {
bfr.append("\"}}}");
}
try {
return new StringEntity(bfr.toString());
} catch (UnsupportedEncodingException e) {
throw new AuthException("Invalid V2 authentication request "
+ e);
}
} else {
String msg = String.format("Admin auth method %s not supported",appConfig.getAdminAuthMethod());
throw new AuthException(msg);
}
}
private StringEntity getUnscopedV3AdminTokenRequest() {
StringBuffer bfr = new StringBuffer();
if (appConfig.getAdminAuthMethod().equalsIgnoreCase(PASSWORD)) {
bfr.append("{\"auth\": {\"identity\": {\"methods\": [\"password\"],\"password\": {\"user\": {\"name\": \"");
bfr.append(appConfig.getAdminUser());
bfr.append("\",\"password\": \"");
bfr.append(appConfig.getAdminPassword());
bfr.append("\",\"domain\": {\"id\": \"default\"");
bfr.append("}}}}}}");
} else {
String msg = String.format("Admin auth method %s not supported",appConfig.getAdminAuthMethod());
throw new AuthException(msg);
}
try {
return new StringEntity(bfr.toString());
} catch (UnsupportedEncodingException e) {
throw new AuthException("Invalid V3 authentication request " + e);
}
}
private boolean isExpired(String expires) {
Date tokenExpiryDate = null;
try {
tokenExpiryDate = expiryFormat.parse(expires);
} catch (ParseException e) {
return true;
}
Date current = new Date();
return tokenExpiryDate.getTime() < (current.getTime() + DELTA_TIME_IN_SEC * 1000);
}
public void reset() { }
}

30
src/main/java/com/hpcloud/middleware/HttpClientFactory.java
View File

@@ -1,30 +0,0 @@
package com.hpcloud.middleware;
import org.apache.commons.pool.impl.GenericObjectPool;
/**
* An HTTP factory.
*
* @author liemmn
*
*/
public class HttpClientFactory extends AuthClientFactory {
private HttpClientPoolFactory clientPool;
HttpClientFactory(String host, int port, int timeout, boolean clientAuth,
String keyStore, String keyPass, String trustStore,
String trustPass, String adminToken, int maxActive,
long timeBetweenEvictionRunsMillis, long minEvictableIdleTimeMillis) {
clientPool = new HttpClientPoolFactory(host, port, timeout, clientAuth,
keyStore, keyPass, trustStore, trustPass, adminToken,
maxActive, timeBetweenEvictionRunsMillis,
minEvictableIdleTimeMillis);
pool = new GenericObjectPool(clientPool);
}
@Override
public void shutdown() {
clientPool.shutDown();
super.shutdown();
}
}

131
src/main/java/com/hpcloud/middleware/HttpClientPoolFactory.java
View File

@@ -1,131 +0,0 @@
package com.hpcloud.middleware;
import java.io.File;
import java.io.FileInputStream;
import java.net.URI;
import java.security.KeyStore;
import java.util.concurrent.TimeUnit;
import org.apache.commons.pool.BasePoolableObjectFactory;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.PoolingClientConnectionManager;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.CoreConnectionPNames;
import org.apache.http.params.HttpParams;
/**
* A Http request pool factory. Based on Apache Commons Pool. Singleton.
* Note that the Apache HttpClient maintains its own connection pool and
* does not participate in Apache Commons pool' lifecycle other than creating
* HTTPRequests.
*
* @author liemmn
*
*/
public class HttpClientPoolFactory extends BasePoolableObjectFactory {
private URI uri;
private PoolingClientConnectionManager connMgr;
private HttpPoolCleaner cleaner;
private HttpClient client;
HttpClientPoolFactory(String host, int port, int timeout,
boolean clientAuth, String keyStore, String keyPass,
String trustStore, String trustPass, String adminToken,
int maxActive, long timeBetweenEvictionRunsMillis,
long minEvictableIdleTimeMillis) {
// Setup auth URL
String protocol = (port == 35357) ? "https://" : "http://";
String urlStr = protocol + host + ":" + port;
uri = URI.create(urlStr);
// Setup connection pool
SchemeRegistry schemeRegistry = new SchemeRegistry();
if (protocol.startsWith("https")) {
SSLSocketFactory sslf = sslFactory(keyStore, keyPass, trustStore,
trustPass, clientAuth);
schemeRegistry.register(new Scheme("https", port, sslf));
} else {
schemeRegistry.register(new Scheme("http", port, PlainSocketFactory
.getSocketFactory()));
}
connMgr = new PoolingClientConnectionManager(schemeRegistry,
minEvictableIdleTimeMillis, TimeUnit.MILLISECONDS);
connMgr.setMaxTotal(maxActive);
connMgr.setDefaultMaxPerRoute(maxActive);
// Http connection timeout
HttpParams params = new BasicHttpParams();
params.setParameter(CoreConnectionPNames.SO_TIMEOUT, timeout);
params.setParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, timeout);
// Create a single client
client = new DefaultHttpClient(connMgr, params);
// Create and start the connection pool cleaner
cleaner = new HttpPoolCleaner(connMgr, timeBetweenEvictionRunsMillis,
minEvictableIdleTimeMillis);
new Thread(cleaner).start();
}
@Override
public Object makeObject() throws Exception {
return new HttpAuthClient(client, uri);
}
@Override
public void passivateObject(Object obj) throws Exception {
((HttpAuthClient) obj).reset();
}
@Override
public void destroyObject(Object obj) throws Exception {
((HttpAuthClient) obj).reset();
obj = null;
}
public void shutDown() {
// Shutdown all connections
connMgr.shutdown();
// Shutdown connection pool cleaner
cleaner.shutdown();
}
// get a socket factory
private static SSLSocketFactory sslFactory(String keyStore, String keyPass,
String trustStore, String trustPass, boolean clientAuth) {
try {
// keystore
KeyStore ks = null;
if (clientAuth) {
ks = KeyStore.getInstance("jks");
FileInputStream is1 = new FileInputStream(new File(keyStore));
try {
ks.load(is1, keyPass.toCharArray());
} finally {
is1.close();
}
}
// truststore
KeyStore ts = KeyStore.getInstance("jks");
FileInputStream is2 = new FileInputStream(
new File(trustStore));
try {
ts.load(is2, trustPass.toCharArray());
} finally {
is2.close();
}
SSLSocketFactory sslf = new SSLSocketFactory(ks, keyPass, ts);
return sslf;
} catch (Exception e) {
throw new AuthConnectionException(
"Failed to create SSLSocketFactory", e);
}
}
}

56
src/main/java/com/hpcloud/middleware/HttpPoolCleaner.java
View File

@@ -1,56 +0,0 @@
package com.hpcloud.middleware;
import java.util.concurrent.TimeUnit;
import org.apache.http.conn.ClientConnectionManager;
/**
* A runner to clean the connection pool! There should only be one!
*
* @author liemmn
*
*/
public class HttpPoolCleaner implements Runnable {
private final ClientConnectionManager connMgr;
private long timeBetweenEvictionRunsMillis, minEvictableIdleTimeMillis;
private volatile boolean shutdown;
public HttpPoolCleaner(ClientConnectionManager connMgr,
long timeBetweenEvictionRunsMillis, long minEvictableIdleTimeMillis) {
this.connMgr = connMgr;
this.timeBetweenEvictionRunsMillis = timeBetweenEvictionRunsMillis;
this.minEvictableIdleTimeMillis = minEvictableIdleTimeMillis;
}
/**
* Start the cleaner.
*/
@Override
public void run() {
try {
while (!shutdown) {
synchronized (this) {
wait(timeBetweenEvictionRunsMillis);
// Close expired connections
connMgr.closeExpiredConnections();
// Close connections that have been idle longer than x sec
connMgr.closeIdleConnections(minEvictableIdleTimeMillis,
TimeUnit.MILLISECONDS);
}
}
} catch (InterruptedException ex) {
// terminate
}
}
/**
* Shutdown the cleaner.
*/
public void shutdown() {
shutdown = true;
synchronized (this) {
notifyAll();
}
}
}

15
src/main/java/com/hpcloud/middleware/SignatureBuilderException.java
View File

@@ -1,15 +0,0 @@
package com.hpcloud.middleware;
public class SignatureBuilderException extends RuntimeException {
private static final long serialVersionUID = -2643382825421961020L;
public SignatureBuilderException(String msg) {
super(msg);
}
public SignatureBuilderException(String msg, Exception e) {
super(msg, e);
}
}

80
src/main/java/com/hpcloud/middleware/SignatureExceptionHandler.java
View File

@@ -1,80 +0,0 @@
package com.hpcloud.middleware;
import java.io.IOException;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
//import org.apache.thrift.TException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
//import com.hp.csbu.cc.security.cs.thrift.service.ResourceException;
public enum SignatureExceptionHandler {
AuthConnectionException {
@Override
public void onException(Exception e, ServletResponse resp) {
AuthConnectionException ae = (AuthConnectionException) e;
logger.error(ae.getMessage() + " " + ae);
try {
((HttpServletResponse) resp).sendError(
HttpServletResponse.SC_UNAUTHORIZED,
ExceptionHandlerUtil.getStatusText(HttpServletResponse.SC_UNAUTHORIZED));
} catch (IOException ie) {
logger.debug("Error in writing the HTTP response "
+ ie.getMessage() + " " + ie);
}
}
},
TException {
@Override
public void onException(Exception e, ServletResponse resp) {
// TException t = (TException) e;
//logger.error("Thrift Exception " + t.getMessage() + " " + t);
try {
((HttpServletResponse) resp).sendError(
HttpServletResponse.SC_UNAUTHORIZED,
ExceptionHandlerUtil.getStatusText(HttpServletResponse.SC_UNAUTHORIZED));
} catch (IOException ie) {
logger.debug("Error in writing the HTTP response "
+ ie.getMessage() + " " + ie);
}
}
},
SignatureBuilderException {
@Override
public void onException(Exception e, ServletResponse resp) {
SignatureBuilderException sbe = (SignatureBuilderException) e;
logger.error(sbe.getMessage() + " " + sbe);
try {
((HttpServletResponse) resp).sendError(
HttpServletResponse.SC_UNAUTHORIZED,
ExceptionHandlerUtil.getStatusText(HttpServletResponse.SC_UNAUTHORIZED));
} catch (IOException ie) {
logger.debug("Error in writing the HTTP response "
+ ie.getMessage() + " " + ie);
}
}
},
AuthException {
@Override
public void onException(Exception e, ServletResponse resp) {
AuthException ae = (AuthException) e;
logger.error(ae.getMessage() + " " + ae);
try {
((HttpServletResponse) resp).sendError(
HttpServletResponse.SC_UNAUTHORIZED,
ExceptionHandlerUtil.getStatusText(HttpServletResponse.SC_UNAUTHORIZED));
} catch (IOException ie) {
logger.debug("Error in writing the HTTP response "
+ ie.getMessage() + " " + ie);
}
}
};
final Logger logger = LoggerFactory.getLogger(SignatureExceptionHandler.class);
abstract void onException(Exception e, ServletResponse resp);
}

144
src/main/java/com/hpcloud/middleware/TokenAuth.java
View File

@@ -1,144 +0,0 @@
package com.hpcloud.middleware;
import java.io.IOException;
import org.apache.http.client.ClientProtocolException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* A token-based authentication filter. This filter uses Thrift protocol to
* communicate with the CS server. The token to validate is set via the header
* {@link #TOKEN}.
* <p>
* A token is required to validate. However, if no token is presented, the
* filter will set the {@link #AUTH_IDENTITY_STATUS} request parameter to
* <code>Invalid</code> and let any other filter downstream to decide what to
* do. For instance, if a downstream filter knows how to deal with signature
* rather than tokens, then it will go ahead and validate with signatures.
* <p>
* Upon successful validation, all the Auth request parameters will be
* populated, including information such as tenant, user and user roles, and
* passed down to the next filter downstream.
* <p>
* Upon unsuccessful validation, this filter will terminate the request by
* returning a 401 (unauthorized).
*
* @author liemmn
*
*/
public class TokenAuth implements Filter, AuthConstants {
private static final String TOKEN_NOTFOUND = "Bad Request: Token not found in the request";
private static final String SERVICE_IDS_PARAM = "serviceIds";
private static final String ENDPOINT_IDS_PARAM = "endpointIds";
private static final String SERVICE_CATALOG_PARAM = "includeCatalog";
private static final String API_VERSION_PARAM = "apiVersion";
private final Config appConfig = Config.getInstance();
private FilterConfig filterConfig;
// Thee faithful logger
private static final Logger logger = LoggerFactory
.getLogger(TokenAuth.class);
@Override
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
}
/**
* {@inheritDoc}
*/
public void destroy() {
FilterUtils.destroyFilter();
}
/**
* {@inheritDoc}
*/
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
Object auth = null;
int numberOfTries = 0;
if (!appConfig.isInitialized()) {
appConfig.initialize(filterConfig,req,getInputParams());
}
int retries = appConfig.getRetries();
long pauseTime = appConfig.getPauseTime();
AuthClientFactory factory = appConfig.getFactory();
// Extract credential
String token = ((HttpServletRequest) req).getHeader(TOKEN);
if (token == null) {
if (!appConfig.isDelayAuthDecision()) {
logger.error(HttpServletResponse.SC_UNAUTHORIZED
+ " No token found.");
((HttpServletResponse) resp).sendError(
HttpServletResponse.SC_UNAUTHORIZED, TOKEN_NOTFOUND);
return;
} else {
logger.info("No token found...Skipping");
}
} else {
do {
try {
auth = FilterUtils.getCachedToken(token);
}catch(UnavailableException e) {
TokenExceptionHandler handler = TokenExceptionHandler
.valueOf("UnavailableException");
handler.onException(e,resp,token);
}
catch(ClientProtocolException e) {
if (numberOfTries < retries) {
FilterUtils.pause(pauseTime);
logger.debug("Retrying connection after "
+ pauseTime + " seconds.");
numberOfTries++;
continue;
} else {
logger.debug("Exhausted retries..");
TokenExceptionHandler handler = TokenExceptionHandler
.valueOf("ClientProtocolException");
handler.onException(e, resp, token);
}
return;
}
}while(auth==null && numberOfTries<=retries);
}
req = FilterUtils.wrapRequest(req, auth);
logger.debug("TokenAuth: Forwarding down stream to next filter/servlet");
// Forward downstream...
chain.doFilter(req, resp);
}
private Map<String, String> getInputParams() {
Map<String, String> inputParams = new HashMap<String, String>();
if (appConfig.getServiceIds() != null) {
inputParams.put(SERVICE_IDS_PARAM, appConfig.getServiceIds());
}
if (appConfig.getEndpointIds() != null) {
inputParams.put(ENDPOINT_IDS_PARAM, appConfig.getEndpointIds());
}
inputParams.put(SERVICE_CATALOG_PARAM, String.valueOf(appConfig.isIncludeCatalog()));
inputParams.put(API_VERSION_PARAM, appConfig.getAuthVersion());
return inputParams;
}
}

70
src/main/java/com/hpcloud/middleware/TokenCache.java
View File

@@ -1,70 +0,0 @@
package com.hpcloud.middleware;
import com.google.common.cache.*;
import org.apache.http.client.ClientProtocolException;
import org.apache.thrift.TException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.IOException;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
public class TokenCache<K,V> {
private final LoadingCache<K,V> cache;
private final Config appConfig = Config.getInstance();
private AuthClientFactory factory;
private AuthClient client;
private static final Logger logger = LoggerFactory
.getLogger(TokenCache.class);
public TokenCache(final long maxSize, final long timeToExpire, final Map<String,String> map) {
factory = appConfig.getFactory();
cache = CacheBuilder.newBuilder().maximumSize(maxSize)
.expireAfterWrite(timeToExpire, TimeUnit.SECONDS)
.build(new CacheLoader<K, V>() {
public V load(K key) throws TException,ClientProtocolException {
V value = null;
AuthClient client = null;
try {
client = factory.getClient();
if (appConfig.getAuthVersion().equals("v2.0")) {
value = (V) client.validateTokenForServiceEndpointV2((String) key, appConfig.getServiceIds(),
appConfig.getEndpointIds(), appConfig.isIncludeCatalog());
} else {
value = (V) client.validateTokenForServiceEndpointV3((String) key, map);
}
}finally {
if(client!=null)
factory.recycle(client);
}
return value;
}
});
}
public V getToken(K key) throws ClientProtocolException {
V value = null;
try {
value = cache.get(key);
throw new ClientProtocolException("Testing");
} catch (ExecutionException e) {
logger.debug("had problem caching token");
}
return value;
}
public void put(K key, V value) {
cache.put(key,value);
}
}

104
src/main/java/com/hpcloud/middleware/TokenExceptionHandler.java
View File

@@ -1,104 +0,0 @@
package com.hpcloud.middleware;
import java.io.IOException;
import org.apache.http.client.ClientProtocolException;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.apache.thrift.TException;
public enum TokenExceptionHandler {
AuthConnectionException {
@Override
public void onException(Exception e, ServletResponse resp, String token) {
AuthConnectionException ae = (AuthConnectionException) e;
logger.error(ae.getMessage() + " " + ae);
try {
((HttpServletResponse) resp).sendError(
HttpServletResponse.SC_UNAUTHORIZED,
ExceptionHandlerUtil.getStatusText(HttpServletResponse.SC_UNAUTHORIZED)
+ " " + token);
} catch (IOException ie) {
logger.debug("Error in writing the HTTP response "
+ ie.getMessage() + " " + ie);
}
}
},
TException {
@Override
public void onException(Exception e, ServletResponse resp, String token) {
TException t = (TException) e;
logger.error("Thrift Exception " + t.getMessage() + " " + t);
try {
((HttpServletResponse) resp).sendError(
HttpServletResponse.SC_UNAUTHORIZED,
ExceptionHandlerUtil.getStatusText(HttpServletResponse.SC_UNAUTHORIZED)
+ " " + token);
} catch (IOException ie) {
logger.debug("Error in writing the HTTP response "
+ ie.getMessage() + " " + ie);
}
}
},
ClientProtocolException {
@Override
public void onException(Exception e, ServletResponse resp, String token) {
ClientProtocolException t = (ClientProtocolException) e;
logger.error("Http Client Exception " + t.getMessage() + " " + t);
try {
((HttpServletResponse) resp).sendError(
HttpServletResponse.SC_UNAUTHORIZED,
ExceptionHandlerUtil.getStatusText(HttpServletResponse.SC_UNAUTHORIZED)
+ " " + token);
} catch (IOException ie) {
logger.debug("Error in writing the HTTP response "
+ ie.getMessage() + " " + ie);
}
}
},
AuthException {
@Override
public void onException(Exception e, ServletResponse resp, String token) {
AuthException ae = (AuthException) e;
logger.error(ae.getMessage() + " " + ae);
String statusText = ae.getMessage();
if (statusText == null || statusText.isEmpty()) {
statusText = ExceptionHandlerUtil.getStatusText(HttpServletResponse.SC_UNAUTHORIZED);
}
try {
((HttpServletResponse) resp).sendError(
HttpServletResponse.SC_UNAUTHORIZED,
statusText + " " + token);
} catch (IOException ie) {
logger.debug("Error in writing the HTTP response "
+ ie.getMessage() + " " + ie);
}
}
}, ServiceUnavailableException {
@Override
public void onException(Exception e, ServletResponse resp, String token) {
AuthException ae = (AuthException) e;
logger.error(ae.getMessage() + " " + ae);
String statusText = ae.getMessage();
if (statusText == null || statusText.isEmpty()) {
statusText = ExceptionHandlerUtil.getStatusText(HttpServletResponse.SC_UNAUTHORIZED);
}
try {
((HttpServletResponse) resp).sendError(
HttpServletResponse.SC_UNAUTHORIZED,
statusText + " " + token);
} catch (IOException ie) {
logger.debug("Error in writing the HTTP response "
+ ie.getMessage() + " " + ie);
}
}
};
final Logger logger = LoggerFactory.getLogger(TokenExceptionHandler.class);
abstract void onException(Exception e, ServletResponse resp, String token);
}

14
src/main/java/com/hpcloud/middleware/UnavailableException.java
View File

@@ -1,14 +0,0 @@
package com.hpcloud.middleware;
/**
* Created by johnderr on 6/25/14.
*/
public class UnavailableException extends RuntimeException {
public UnavailableException(String msg) {
super(msg);
}
public UnavailableException(String msg, Exception e) {
super(msg, e);
}
}

2
src/main/java/com/hpcloud/mon/MonApiApplication.java
View File

@@ -20,7 +20,7 @@ import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.PropertyNamingStrategy; import com.fasterxml.jackson.databind.PropertyNamingStrategy;
import com.fasterxml.jackson.databind.SerializationFeature; import com.fasterxml.jackson.databind.SerializationFeature;
import com.fasterxml.jackson.databind.module.SimpleModule; import com.fasterxml.jackson.databind.module.SimpleModule;
import com.hp.csbu.cc.middleware.TokenAuth; import com.hpcloud.middleware.TokenAuth;
import com.hpcloud.messaging.kafka.KafkaHealthCheck; import com.hpcloud.messaging.kafka.KafkaHealthCheck;
import com.hpcloud.mon.bundle.SwaggerBundle; import com.hpcloud.mon.bundle.SwaggerBundle;
import com.hpcloud.mon.infrastructure.servlet.MockAuthenticationFilter; import com.hpcloud.mon.infrastructure.servlet.MockAuthenticationFilter;