Search in sources :

Example 46 with AccessToken

use of com.cinchapi.concourse.thrift.AccessToken in project concourse by cinchapi.

the class UserServiceTest method testServiceTokenInvalidation.

@Test
public void testServiceTokenInvalidation() {
    AccessToken token = service.tokens.issueServiceToken();
    service.tokens.expire(token);
    Assert.assertFalse(service.tokens.isValid(token));
}
Also used : AccessToken(com.cinchapi.concourse.thrift.AccessToken) ConcourseBaseTest(com.cinchapi.concourse.test.ConcourseBaseTest) Test(org.junit.Test)

Example 47 with AccessToken

use of com.cinchapi.concourse.thrift.AccessToken in project concourse by cinchapi.

the class UserServiceTest method testAccessTokenIsNotValidIfPasswordChanges.

@Test
public void testAccessTokenIsNotValidIfPasswordChanges() {
    ByteBuffer username = getAcceptableUsername();
    ByteBuffer password = getSecurePassword();
    ByteBuffer password2 = getSecurePassword();
    service.create(username, password, Role.ADMIN);
    AccessToken token = service.tokens.issue(username);
    service.setPassword(username, password2);
    Assert.assertFalse(service.tokens.isValid(token));
}
Also used : AccessToken(com.cinchapi.concourse.thrift.AccessToken) ByteBuffer(java.nio.ByteBuffer) ConcourseBaseTest(com.cinchapi.concourse.test.ConcourseBaseTest) Test(org.junit.Test)

Example 48 with AccessToken

use of com.cinchapi.concourse.thrift.AccessToken in project concourse by cinchapi.

the class UserServiceTest method testRevokingAccessInvalidatesAllAccessTokens.

@Test
public void testRevokingAccessInvalidatesAllAccessTokens() {
    ByteBuffer username = getAcceptableUsername();
    ByteBuffer password = getSecurePassword();
    service.create(username, password, Role.ADMIN);
    List<AccessToken> tokens = Lists.newArrayList();
    for (int i = 0; i < TestData.getScaleCount(); i++) {
        tokens.add(service.tokens.issue(username));
    }
    service.delete(username);
    for (AccessToken token : tokens) {
        Assert.assertFalse(service.tokens.isValid(token));
    }
}
Also used : AccessToken(com.cinchapi.concourse.thrift.AccessToken) ByteBuffer(java.nio.ByteBuffer) ConcourseBaseTest(com.cinchapi.concourse.test.ConcourseBaseTest) Test(org.junit.Test)

Example 49 with AccessToken

use of com.cinchapi.concourse.thrift.AccessToken in project concourse by cinchapi.

the class UserServiceTest method testAccessTokenAutoExpiration.

@Test
public void testAccessTokenAutoExpiration() throws InterruptedException {
    service = UserService.createForTesting(current, 60, TimeUnit.MILLISECONDS);
    ByteBuffer username = getAcceptableUsername();
    ByteBuffer password = getSecurePassword();
    service.create(username, password, Role.ADMIN);
    AccessToken token = service.tokens.issue(username);
    TimeUnit.MILLISECONDS.sleep(60);
    Assert.assertFalse(service.tokens.isValid(token));
}
Also used : AccessToken(com.cinchapi.concourse.thrift.AccessToken) ByteBuffer(java.nio.ByteBuffer) ConcourseBaseTest(com.cinchapi.concourse.test.ConcourseBaseTest) Test(org.junit.Test)

Example 50 with AccessToken

use of com.cinchapi.concourse.thrift.AccessToken in project concourse by cinchapi.

the class ConcourseServer method init.

/**
 * Initialize this instance. This method MUST always be called after
 * constructing the instance.
 *
 * @param port - the port on which to listen for client connections
 * @param bufferStore - the location to store {@link Buffer} files
 * @param dbStore - the location to store {@link Database} files
 * @throws TTransportException
 */
@Internal
private void init(int port, String bufferStore, String dbStore) throws TTransportException {
    Preconditions.checkState(!bufferStore.equalsIgnoreCase(dbStore), "Cannot store buffer and database files in the same directory. " + "Please check concourse.prefs.");
    Preconditions.checkState(!Strings.isNullOrEmpty(Environments.sanitize(DEFAULT_ENVIRONMENT)), "Cannot initialize " + "Concourse Server with a default environment of " + "'%s'. Please use a default environment name that " + "contains only alphanumeric characters.", DEFAULT_ENVIRONMENT);
    FileSystem.mkdirs(bufferStore);
    FileSystem.mkdirs(dbStore);
    FileSystem.lock(bufferStore);
    FileSystem.lock(dbStore);
    TServerSocket socket = new TServerSocket(port);
    TMultiplexedProcessor processor = new TMultiplexedProcessor();
    TProcessor core = new ConcourseService.Processor<>(this);
    processor.registerProcessor("core", core);
    processor.registerProcessor("calculate", new ConcourseCalculateService.Processor<>(this));
    processor.registerProcessor("navigate", new ConcourseNavigateService.Processor<>(this));
    processor.registerDefault(core);
    Args args = new TThreadPoolServer.Args(socket);
    args.processor(processor);
    args.maxWorkerThreads(NUM_WORKER_THREADS);
    args.executorService(Executors.newCachedThreadPool(new ThreadFactoryBuilder().setDaemon(true).setNameFormat("Client Worker" + " %d").build()));
    // CON-530: Set a lower timeout on the ExecutorService's termination to
    // prevent the server from hanging because of active threads that have
    // not yet been given a task but won't allow shutdown to proceed (i.e.
    // clients from a ConnectionPool).
    args.stopTimeoutVal(2);
    this.server = new TThreadPoolServer(args);
    this.bufferStore = bufferStore;
    this.dbStore = dbStore;
    this.engines = Maps.newConcurrentMap();
    this.users = UserService.create(ACCESS_CREDENTIALS_FILE);
    this.inspector = new Inspector() {

        @Override
        public Role getTokenUserRole(AccessToken token) {
            ByteBuffer username = users.tokens.identify(token);
            return users.getRole(username);
        }

        @Override
        public boolean isValidToken(AccessToken token) {
            return users.tokens.isValid(token);
        }

        @Override
        public boolean isValidTransaction(TransactionToken transaction) {
            return transactions.containsKey(transaction);
        }

        @Override
        public boolean tokenUserHasPermission(AccessToken token, Permission permission, String environment) {
            ByteBuffer username = users.tokens.identify(token);
            return users.can(username, permission, Environments.sanitize(environment));
        }
    };
    this.httpServer = GlobalState.HTTP_PORT > 0 ? HttpServer.create(this, GlobalState.HTTP_PORT) : HttpServer.disabled();
    // load the default engine
    getEngine();
    this.pluginManager = new PluginManager(this, GlobalState.CONCOURSE_HOME + File.separator + "plugins");
    // Setup the management server
    TServerSocket mgmtSocket = new TServerSocket(GlobalState.MANAGEMENT_PORT);
    TSimpleServer.Args mgmtArgs = new TSimpleServer.Args(mgmtSocket);
    mgmtArgs.processor(new ConcourseManagementService.Processor<>(this));
    this.mgmtServer = new TSimpleServer(mgmtArgs);
}
Also used : Args(org.apache.thrift.server.TThreadPoolServer.Args) TProcessor(org.apache.thrift.TProcessor) TMultiplexedProcessor(org.apache.thrift.TMultiplexedProcessor) TransactionToken(com.cinchapi.concourse.thrift.TransactionToken) TMultiplexedProcessor(org.apache.thrift.TMultiplexedProcessor) ByteBuffer(java.nio.ByteBuffer) ConcourseManagementService(com.cinchapi.concourse.server.management.ConcourseManagementService) TServerSocket(org.apache.thrift.transport.TServerSocket) Role(com.cinchapi.concourse.security.Role) PluginManager(com.cinchapi.concourse.server.plugin.PluginManager) ConcourseNavigateService(com.cinchapi.concourse.thrift.ConcourseNavigateService) TProcessor(org.apache.thrift.TProcessor) AccessToken(com.cinchapi.concourse.thrift.AccessToken) VerifyAccessToken(com.cinchapi.concourse.server.aop.VerifyAccessToken) Permission(com.cinchapi.concourse.security.Permission) VerifyReadPermission(com.cinchapi.concourse.server.aop.VerifyReadPermission) VerifyWritePermission(com.cinchapi.concourse.server.aop.VerifyWritePermission) ThreadFactoryBuilder(com.google.common.util.concurrent.ThreadFactoryBuilder) ConcourseCalculateService(com.cinchapi.concourse.thrift.ConcourseCalculateService) TThreadPoolServer(org.apache.thrift.server.TThreadPoolServer) TSimpleServer(org.apache.thrift.server.TSimpleServer) Internal(com.cinchapi.concourse.server.aop.Internal)

Aggregations

AccessToken (com.cinchapi.concourse.thrift.AccessToken)96 ByteBuffer (java.nio.ByteBuffer)72 TransactionToken (com.cinchapi.concourse.thrift.TransactionToken)60 TException (org.apache.thrift.TException)60 AtomicReference (java.util.concurrent.atomic.AtomicReference)56 AnyStrings (com.cinchapi.common.base.AnyStrings)55 CheckedExceptions (com.cinchapi.common.base.CheckedExceptions)55 Reflection (com.cinchapi.common.reflect.Reflection)55 Permission (com.cinchapi.concourse.security.Permission)55 Role (com.cinchapi.concourse.security.Role)55 Internal (com.cinchapi.concourse.server.aop.Internal)55 VerifyAccessToken (com.cinchapi.concourse.server.aop.VerifyAccessToken)55 VerifyReadPermission (com.cinchapi.concourse.server.aop.VerifyReadPermission)55 VerifyWritePermission (com.cinchapi.concourse.server.aop.VerifyWritePermission)55 FileSystem (com.cinchapi.concourse.server.io.FileSystem)55 ConcourseManagementService (com.cinchapi.concourse.server.management.ConcourseManagementService)55 PluginManager (com.cinchapi.concourse.server.plugin.PluginManager)55 AbstractSyntaxTree (com.cinchapi.ccl.syntax.AbstractSyntaxTree)28 NaturalLanguage (com.cinchapi.ccl.util.NaturalLanguage)28 Array (com.cinchapi.common.base.Array)28