Example 6 with ProxyToken
use of com.emc.storageos.db.client.model.ProxyToken in project coprhd-controller by CoprHD.
the class CassandraTokenValidator method fetchTokenLocal.
/**
* Retrieves a token and checks expiration
*
* @param tw
* @return
*/
private BaseToken fetchTokenLocal(TokenOnWire tw) {
BaseToken verificationToken = null;
URI tkId = tw.getTokenId();
if (!tw.isProxyToken()) {
verificationToken = _dbClient.queryObject(Token.class, tkId);
if (null != verificationToken && !checkExpiration(((Token) verificationToken), true)) {
_log.warn("Token found in database but is expired: {}", verificationToken.getId());
return null;
}
} else {
verificationToken = _dbClient.queryObject(ProxyToken.class, tkId);
if (null != verificationToken && !checkExpiration((ProxyToken) verificationToken)) {
_log.warn("ProxyToken found in database but is expired: {}", verificationToken.getId());
return null;
}
}
if (verificationToken == null) {
_log.error("Could not find token with id {} for validation", tkId);
}
return verificationToken;
}
Also used :
ProxyToken(com.emc.storageos.db.client.model.ProxyToken)
BaseToken(com.emc.storageos.db.client.model.BaseToken)
ProxyToken(com.emc.storageos.db.client.model.ProxyToken)
Token(com.emc.storageos.db.client.model.Token)
BaseToken(com.emc.storageos.db.client.model.BaseToken)
URI(java.net.URI)
Example 7 with ProxyToken
use of com.emc.storageos.db.client.model.ProxyToken in project coprhd-controller by CoprHD.
the class CassandraTokenManager method getProxyToken.
/**
* Gets a proxy token for the given user
* If a proxy token for the given user already exists, it will be reused
*
* @return proxy-token
*/
@Override
public String getProxyToken(StorageOSUserDAO userDAO) {
InterProcessLock userLock = null;
try {
userLock = _coordinator.getLock(userDAO.getUserName());
if (userLock == null) {
_log.error("Could not acquire lock for user: {}", userDAO.getUserName());
throw SecurityException.fatals.couldNotAcquireLockForUser(userDAO.getUserName());
}
userLock.acquire();
// Look for proxy tokens based on that username.
// If any is found, use that. Else, create a new one.
ProxyToken proxyToken = getProxyTokenForUserName(userDAO.getUserName());
if (proxyToken != null) {
_log.debug("Found proxy token {} for user {}. Reusing...", proxyToken.getId(), userDAO.getUserName());
return _tokenEncoder.encode(TokenOnWire.createTokenOnWire(proxyToken));
}
// No proxy token found for this user. Create a new one.
// Create the actual proxy token
ProxyToken pToken = new ProxyToken();
pToken.setId(URIUtil.createId(ProxyToken.class));
pToken.addKnownId(userDAO.getId());
pToken.setUserName(userDAO.getUserName());
// for now
pToken.setZoneId("zone1");
pToken.setIssuedTime(getCurrentTimeInMins());
pToken.setLastValidatedTime(getCurrentTimeInMins());
_dbClient.persistObject(pToken);
return _tokenEncoder.encode(TokenOnWire.createTokenOnWire(pToken));
} catch (DatabaseException ex) {
_log.error("DatabaseException while persisting proxy token", ex);
} catch (SecurityException ex) {
_log.error("Proxy Token encoding exception. ", ex);
} catch (Exception ex) {
_log.error("Could not acquire lock while trying to get a proxy token.", ex);
} finally {
try {
if (userLock != null) {
userLock.release();
}
} catch (Exception ex) {
_log.error("Unable to release proxytoken creation lock", ex);
}
}
return null;
}
Also used :
ProxyToken(com.emc.storageos.db.client.model.ProxyToken)
InterProcessLock(org.apache.curator.framework.recipes.locks.InterProcessLock)
SecurityException(com.emc.storageos.security.exceptions.SecurityException)
DatabaseException(com.emc.storageos.db.exceptions.DatabaseException)
APIException(com.emc.storageos.svcs.errorhandling.resources.APIException)
DatabaseException(com.emc.storageos.db.exceptions.DatabaseException)
SecurityException(com.emc.storageos.security.exceptions.SecurityException)
Example 8 with ProxyToken
use of com.emc.storageos.db.client.model.ProxyToken in project coprhd-controller by CoprHD.
the class CassandraTokenManager method deleteAllTokensForUser.
/**
* Delete all tokens belonging to the user and mark all the user records for this user for deletion.
*/
@Override
public void deleteAllTokensForUser(String userName, boolean includeProxyTokens) {
try {
List<StorageOSUserDAO> userRecords = getUserRecords(userName.toLowerCase());
for (StorageOSUserDAO userRecord : userRecords) {
List<Token> tokensToDelete = getTokensForUserId(userRecord.getId());
for (Token token : tokensToDelete) {
_log.info("Removing token {} using userDAO {} for username {}", new String[] { token.getId().toString(), userRecord.getId().toString(), userName });
_dbClient.removeObject(token);
cleanUpRequestedTokenMap(token);
}
// making proxy token deletion optional
List<ProxyToken> pTokensToDelete = getProxyTokensForUserId(userRecord.getId());
if (includeProxyTokens) {
for (ProxyToken token : pTokensToDelete) {
_log.info("Removing proxy token {} using userDAO {} for username {}", new String[] { token.getId().toString(), userRecord.getId().toString(), userName });
_dbClient.removeObject(token);
}
_log.info("Marking for deletion: user record {} for username {}", userRecord.getId().toString(), userName);
_dbClient.markForDeletion(userRecord);
} else if (pTokensToDelete.isEmpty()) {
_log.info("No proxy tokens found. Marking for deletion: user record {} for username {}", userRecord.getId().toString(), userName);
_dbClient.markForDeletion(userRecord);
}
}
} catch (DatabaseException ex) {
throw SecurityException.fatals.exceptionDuringTokenDeletionForUser(userName, ex);
}
}
Also used :
StorageOSUserDAO(com.emc.storageos.db.client.model.StorageOSUserDAO)
ProxyToken(com.emc.storageos.db.client.model.ProxyToken)
ProxyToken(com.emc.storageos.db.client.model.ProxyToken)
Token(com.emc.storageos.db.client.model.Token)
DatabaseException(com.emc.storageos.db.exceptions.DatabaseException)
Example 9 with ProxyToken
use of com.emc.storageos.db.client.model.ProxyToken in project coprhd-controller by CoprHD.
the class TokenManagerTests method getProxyTokenCountForUser.
/**
* returns number of current proxytokens for username
*
* @param username
* @return
*/
private int getProxyTokenCountForUser(String username) throws IOException {
URIQueryResultList tokens = new URIQueryResultList();
_dbClient.queryByConstraint(AlternateIdConstraint.Factory.getProxyTokenUserNameConstraint(username), tokens);
List<URI> uris = new ArrayList<URI>();
for (Iterator<URI> it = tokens.iterator(); it.hasNext(); ) {
uris.add(it.next());
}
List<ProxyToken> toReturn = _dbClient.queryObject(ProxyToken.class, uris);
if (toReturn == null) {
return 0;
}
return toReturn.size();
}
Also used :
ProxyToken(com.emc.storageos.db.client.model.ProxyToken)
URI(java.net.URI)
URIQueryResultList(com.emc.storageos.db.client.constraint.URIQueryResultList)
Aggregations
ProxyToken (com.emc.storageos.db.client.model.ProxyToken)9
URI (java.net.URI)6
StorageOSUserDAO (com.emc.storageos.db.client.model.StorageOSUserDAO)5
Token (com.emc.storageos.db.client.model.Token)5
BaseToken (com.emc.storageos.db.client.model.BaseToken)4
URIQueryResultList (com.emc.storageos.db.client.constraint.URIQueryResultList)2
DatabaseException (com.emc.storageos.db.exceptions.DatabaseException)2
SignedToken (com.emc.storageos.security.authentication.Base64TokenEncoder.SignedToken)2
TokenOnWire (com.emc.storageos.security.authentication.TokenOnWire)2
Test (org.junit.Test)2
CassandraTokenManager (com.emc.storageos.auth.impl.CassandraTokenManager)1
CoordinatorClient (com.emc.storageos.coordinator.client.service.CoordinatorClient)1
DbClient (com.emc.storageos.db.client.DbClient)1
Base64TokenEncoder (com.emc.storageos.security.authentication.Base64TokenEncoder)1
TokenKeyGenerator (com.emc.storageos.security.authentication.TokenKeyGenerator)1
TokenMaxLifeValuesHolder (com.emc.storageos.security.authentication.TokenMaxLifeValuesHolder)1
SecurityException (com.emc.storageos.security.exceptions.SecurityException)1
APIException (com.emc.storageos.svcs.errorhandling.resources.APIException)1
UnauthorizedException (com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException)1
ArrayList (java.util.ArrayList)1
