Example 6 with StorageOSUserDAO
use of com.emc.storageos.db.client.model.StorageOSUserDAO in project coprhd-controller by CoprHD.
the class TokenManagerTests method testBasicTokenKeysRotation.
/**
* Basic rotation functionality is tested here using overridden rotation interval values
*
* @throws Exception
*/
@Test
public void testBasicTokenKeysRotation() throws Exception {
TokenMaxLifeValuesHolder holder = new TokenMaxLifeValuesHolder();
holder.setMaxTokenIdleTimeInMins(2);
holder.setMaxTokenLifeTimeInMins(4);
holder.setTokenIdleTimeGraceInMins(1);
holder.setKeyRotationIntervalInMSecs(5000);
CassandraTokenManager tokenManager = new CassandraTokenManager();
Base64TokenEncoder encoder = new Base64TokenEncoder();
TokenKeyGenerator tokenKeyGenerator = new TokenKeyGenerator();
DbClient dbClient = getDbClient();
CoordinatorClient coordinator = new TestCoordinator();
tokenManager.setTokenMaxLifeValuesHolder(holder);
tokenManager.setDbClient(dbClient);
tokenManager.setCoordinator(coordinator);
encoder.setCoordinator(coordinator);
tokenKeyGenerator.setTokenMaxLifeValuesHolder(holder);
encoder.setTokenKeyGenerator(tokenKeyGenerator);
encoder.managerInit();
tokenManager.setTokenEncoder(encoder);
StorageOSUserDAO userDAO = new StorageOSUserDAO();
userDAO.setUserName("user1");
userDAO.setIsLocal(true);
// get a regular token
final String token = tokenManager.getToken(userDAO);
Assert.assertNotNull(token);
TokenOnWire tw1 = encoder.decode(token);
Token tokenObj = dbClient.queryObject(Token.class, tw1.getTokenId());
Assert.assertNotNull(tokenObj);
// verify token
StorageOSUserDAO gotUser = tokenManager.validateToken(token);
Assert.assertNotNull(gotUser);
// get a proxy token
final String proxyToken = tokenManager.getProxyToken(gotUser);
Assert.assertNotNull(proxyToken);
// wait 6 seconds, this next token request will triggers a rotation
Thread.sleep(6000);
final String token2 = tokenManager.getToken(userDAO);
Assert.assertNotNull(token2);
// at this point, the first token should still be usable
gotUser = tokenManager.validateToken(token);
Assert.assertNotNull(gotUser);
// wait another 6 seconds, trigger another rotation.
Thread.sleep(6000);
final String token3 = tokenManager.getToken(userDAO);
Assert.assertNotNull(token3);
// has been rotated out from the current, then previous spot. It is gone.
try {
gotUser = tokenManager.validateToken(token);
Assert.fail("The token should not be usable.");
} catch (UnauthorizedException ex) {
// this exception is an expected one.
Assert.assertTrue(true);
}
// after several rotations, proxy token should be unaffected
gotUser = tokenManager.validateToken(proxyToken);
Assert.assertNotNull(gotUser);
}
Also used :
TokenMaxLifeValuesHolder(com.emc.storageos.security.authentication.TokenMaxLifeValuesHolder)
CassandraTokenManager(com.emc.storageos.auth.impl.CassandraTokenManager)
StorageOSUserDAO(com.emc.storageos.db.client.model.StorageOSUserDAO)
DbClient(com.emc.storageos.db.client.DbClient)
UnauthorizedException(com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException)
CoordinatorClient(com.emc.storageos.coordinator.client.service.CoordinatorClient)
Base64TokenEncoder(com.emc.storageos.security.authentication.Base64TokenEncoder)
TokenKeyGenerator(com.emc.storageos.security.authentication.TokenKeyGenerator)
TokenOnWire(com.emc.storageos.security.authentication.TokenOnWire)
SignedToken(com.emc.storageos.security.authentication.Base64TokenEncoder.SignedToken)
ProxyToken(com.emc.storageos.db.client.model.ProxyToken)
Token(com.emc.storageos.db.client.model.Token)
BaseToken(com.emc.storageos.db.client.model.BaseToken)
Test(org.junit.Test)
Example 7 with StorageOSUserDAO
use of com.emc.storageos.db.client.model.StorageOSUserDAO in project coprhd-controller by CoprHD.
the class TokenManagerTests method testCrossVDCTokenValidation.
/**
* testCrossVDCTokenValidation
* Tests that a token from VDC2 and VDC3 can both be validated in VDC1
* given that VDC1's cache has these tokens and keys available.
*
* @throws Exception
*/
@Test
public void testCrossVDCTokenValidation() throws Exception {
commonDefaultSetupForSingleNodeTests();
TokenMaxLifeValuesHolder holder = new TokenMaxLifeValuesHolder();
// VDC1 (validator)
CoordinatorClient coordinatorVDC1 = new TestCoordinator();
InterVDCTokenCacheHelper cacheHelperVDC1 = new InterVDCTokenCacheHelper();
cacheHelperVDC1.setCoordinator(coordinatorVDC1);
cacheHelperVDC1.setDbClient(_dbClient);
cacheHelperVDC1.setMaxLifeValuesHolder(holder);
TokenKeyGenerator tokenKeyGeneratorVDC1 = new TokenKeyGenerator();
tokenKeyGeneratorVDC1.setTokenMaxLifeValuesHolder(holder);
Base64TokenEncoder encoderVDC1 = new Base64TokenEncoder();
encoderVDC1.setCoordinator(coordinatorVDC1);
encoderVDC1.setInterVDCTokenCacheHelper(cacheHelperVDC1);
encoderVDC1.setTokenKeyGenerator(tokenKeyGeneratorVDC1);
encoderVDC1.managerInit();
CassandraTokenManager tokenManagerVDC1 = new CassandraTokenManager();
tokenManagerVDC1.setDbClient(_dbClient);
tokenManagerVDC1.setCoordinator(coordinatorVDC1);
tokenManagerVDC1.setInterVDCTokenCacheHelper(cacheHelperVDC1);
tokenManagerVDC1.setTokenEncoder(encoderVDC1);
tokenManagerVDC1.setTokenMaxLifeValuesHolder(holder);
// VDC2 (creator of token)
CoordinatorClient coordinatorVDC2 = new TestCoordinator();
TokenKeyGenerator tokenKeyGeneratorVDC2 = new TokenKeyGenerator();
tokenKeyGeneratorVDC2.setTokenMaxLifeValuesHolder(holder);
Base64TokenEncoder encoderVDC2 = new Base64TokenEncoder();
encoderVDC2.setCoordinator(coordinatorVDC2);
encoderVDC2.setTokenKeyGenerator(tokenKeyGeneratorVDC2);
encoderVDC2.managerInit();
CassandraTokenManager tokenManagerVDC2 = new CassandraTokenManager();
tokenManagerVDC2.setDbClient(_dbClient);
tokenManagerVDC2.setCoordinator(coordinatorVDC2);
tokenManagerVDC2.setTokenEncoder(encoderVDC2);
tokenManagerVDC2.setTokenMaxLifeValuesHolder(holder);
// VDC3 (creator of token)
CoordinatorClient coordinatorVDC3 = new TestCoordinator();
TokenKeyGenerator tokenKeyGeneratorVDC3 = new TokenKeyGenerator();
tokenKeyGeneratorVDC3.setTokenMaxLifeValuesHolder(holder);
Base64TokenEncoder encoderVDC3 = new Base64TokenEncoder();
encoderVDC3.setCoordinator(coordinatorVDC3);
encoderVDC3.setTokenKeyGenerator(tokenKeyGeneratorVDC3);
encoderVDC3.managerInit();
CassandraTokenManager tokenManagerVDC3 = new CassandraTokenManager();
tokenManagerVDC3.setDbClient(_dbClient);
tokenManagerVDC3.setCoordinator(coordinatorVDC3);
tokenManagerVDC3.setTokenEncoder(encoderVDC3);
tokenManagerVDC3.setTokenMaxLifeValuesHolder(holder);
// VDC2 create a token
// set VdcUtil localvdcid to vdc2 to resulting token is identified as such
VirtualDataCenter localVdc = VdcUtil.getLocalVdc();
localVdc.setShortId("vdc2");
_dbClient.persistObject(localVdc);
VdcUtil.invalidateVdcUrnCache();
StorageOSUserDAO userDAOVDC2 = new StorageOSUserDAO();
userDAOVDC2.setUserName("user1@domain.com");
userDAOVDC2.setIsLocal(false);
String tokenVDC2 = tokenManagerVDC2.getToken(userDAOVDC2);
Assert.assertNotNull(tokenVDC2);
TokenOnWire twVDC2 = encoderVDC2.decode(tokenVDC2);
final Token tokenObjVDC2 = _dbClient.queryObject(Token.class, twVDC2.getTokenId());
Assert.assertNotNull(tokenObjVDC2);
URI userIdVDC2 = tokenObjVDC2.getUserId();
Assert.assertNotNull(userIdVDC2);
final StorageOSUserDAO gotUserVDC2 = tokenManagerVDC2.validateToken(tokenVDC2);
Assert.assertNotNull(gotUserVDC2);
// because we are running this on the same "db" as opposed to 2 different VDCs,
// there will be a conflict when caching the token, since the original is already there
// with the same id. So we are changing the token id and user record id for this
// purpose.
tokenObjVDC2.setId(URIUtil.createId(Token.class));
gotUserVDC2.setId(URIUtil.createId(StorageOSUserDAO.class));
tokenObjVDC2.setUserId(gotUserVDC2.getId());
TokenOnWire tokenToBeCachedVDC2 = TokenOnWire.createTokenOnWire(tokenObjVDC2);
// this re-encoded alternate token is the token that will be cached and validated
// from cache.
final String newEncodedVDC2 = encoderVDC2.encode(tokenToBeCachedVDC2);
// VDC3 create a token
// set VdcUtil localvdcid to vdc3 to resulting token is identified as such
localVdc.setShortId("vdc3");
_dbClient.persistObject(localVdc);
VdcUtil.invalidateVdcUrnCache();
StorageOSUserDAO userDAOVDC3 = new StorageOSUserDAO();
userDAOVDC3.setUserName("user2@domain.com");
userDAOVDC3.setIsLocal(false);
String tokenVDC3 = tokenManagerVDC3.getToken(userDAOVDC3);
Assert.assertNotNull(tokenVDC3);
TokenOnWire twVDC3 = encoderVDC3.decode(tokenVDC3);
final Token tokenObjVDC3 = _dbClient.queryObject(Token.class, twVDC3.getTokenId());
Assert.assertNotNull(tokenObjVDC3);
URI userIdVDC3 = tokenObjVDC3.getUserId();
Assert.assertNotNull(userIdVDC3);
final StorageOSUserDAO gotUserVDC3 = tokenManagerVDC3.validateToken(tokenVDC3);
Assert.assertNotNull(gotUserVDC3);
tokenObjVDC3.setId(URIUtil.createId(Token.class));
gotUserVDC3.setId(URIUtil.createId(StorageOSUserDAO.class));
tokenObjVDC3.setUserId(gotUserVDC3.getId());
TokenOnWire tokenToBeCachedVDC3 = TokenOnWire.createTokenOnWire(tokenObjVDC3);
// this re-encoded alternate token is the token that will be cached and validated
// from cache.
final String newEncodedVDC3 = encoderVDC3.encode(tokenToBeCachedVDC3);
// Cache VDC2 &3's tokens and keys in VDC1.cache
TokenKeysBundle bundleVDC2 = tokenKeyGeneratorVDC2.readBundle();
TokenKeysBundle bundleVDC3 = tokenKeyGeneratorVDC3.readBundle();
TokenResponseArtifacts artifactsVDC2 = new TokenResponseArtifacts(gotUserVDC2, tokenObjVDC2, bundleVDC2);
TokenResponseArtifacts artifactsVDC3 = new TokenResponseArtifacts(gotUserVDC3, tokenObjVDC3, bundleVDC3);
cacheHelperVDC1.cacheForeignTokenAndKeys(artifactsVDC2, "vdc2");
cacheHelperVDC1.cacheForeignTokenAndKeys(artifactsVDC3, "vdc3");
Assert.assertEquals(2, cacheHelperVDC1.getAllCachedBundles().size());
// Validate both tokens using VDC1
// set VdcUtil localvdcid to vdc1 to resulting token is identified as such
localVdc.setShortId("vdc1");
_dbClient.persistObject(localVdc);
VdcUtil.invalidateVdcUrnCache();
StorageOSUserDAO userValidate = tokenManagerVDC1.validateToken(newEncodedVDC2);
Assert.assertNotNull(userValidate);
Assert.assertEquals(userValidate.getUserName(), userDAOVDC2.getUserName());
StorageOSUserDAO userValidate2 = tokenManagerVDC1.validateToken(newEncodedVDC3);
Assert.assertNotNull(userValidate2);
Assert.assertEquals(userValidate2.getUserName(), userDAOVDC3.getUserName());
}
Also used :
TokenMaxLifeValuesHolder(com.emc.storageos.security.authentication.TokenMaxLifeValuesHolder)
CassandraTokenManager(com.emc.storageos.auth.impl.CassandraTokenManager)
TokenKeysBundle(com.emc.storageos.security.authentication.TokenKeyGenerator.TokenKeysBundle)
TokenKeyGenerator(com.emc.storageos.security.authentication.TokenKeyGenerator)
SignedToken(com.emc.storageos.security.authentication.Base64TokenEncoder.SignedToken)
ProxyToken(com.emc.storageos.db.client.model.ProxyToken)
Token(com.emc.storageos.db.client.model.Token)
BaseToken(com.emc.storageos.db.client.model.BaseToken)
URI(java.net.URI)
StorageOSUserDAO(com.emc.storageos.db.client.model.StorageOSUserDAO)
InterVDCTokenCacheHelper(com.emc.storageos.security.geo.InterVDCTokenCacheHelper)
VirtualDataCenter(com.emc.storageos.db.client.model.VirtualDataCenter)
CoordinatorClient(com.emc.storageos.coordinator.client.service.CoordinatorClient)
Base64TokenEncoder(com.emc.storageos.security.authentication.Base64TokenEncoder)
TokenOnWire(com.emc.storageos.security.authentication.TokenOnWire)
TokenResponseArtifacts(com.emc.storageos.security.geo.TokenResponseBuilder.TokenResponseArtifacts)
Test(org.junit.Test)
Example 8 with StorageOSUserDAO
use of com.emc.storageos.db.client.model.StorageOSUserDAO in project coprhd-controller by CoprHD.
the class TokenManagerTests method resetCoordinatorData.
/**
* Convenience function to reset the coordinator data, call init on the two involved nodes,
* and check they agree on the curent key id.
*
* @param coordinator
* @param tokenManager1
* @param tokenManager2
* @param encoder1
* @param encoder2
* @throws Exception
*/
private void resetCoordinatorData(CoordinatorClient coordinator, CassandraTokenManager tokenManager1, CassandraTokenManager tokenManager2, Base64TokenEncoder encoder1, Base64TokenEncoder encoder2, TokenKeyGenerator tokenKeyGenerator1, TokenKeyGenerator tokenKeyGenerator2) throws Exception {
final long ROTATION_INTERVAL_MSECS = 5000;
DbClient dbClient = getDbClient();
coordinator = new TestCoordinator();
// Node 1
tokenManager1 = new CassandraTokenManager();
encoder1 = new Base64TokenEncoder();
tokenKeyGenerator1 = new TokenKeyGenerator();
TokenMaxLifeValuesHolder holder1 = new TokenMaxLifeValuesHolder();
// means that once a token is created,
holder1.setKeyRotationIntervalInMSecs(ROTATION_INTERVAL_MSECS);
// if the next token being requested happens 5 seconds later or more, the keys will
// rotate. This is to test the built in logic that triggers rotation.
tokenManager1.setTokenMaxLifeValuesHolder(holder1);
tokenManager1.setDbClient(dbClient);
tokenManager1.setCoordinator(coordinator);
encoder1.setCoordinator(coordinator);
tokenKeyGenerator1.setTokenMaxLifeValuesHolder(holder1);
encoder1.setTokenKeyGenerator(tokenKeyGenerator1);
encoder1.managerInit();
tokenManager1.setTokenEncoder(encoder1);
// Node 2
tokenManager2 = new CassandraTokenManager();
encoder2 = new Base64TokenEncoder();
tokenKeyGenerator2 = new TokenKeyGenerator();
TokenMaxLifeValuesHolder holder2 = new TokenMaxLifeValuesHolder();
holder2.setKeyRotationIntervalInMSecs(ROTATION_INTERVAL_MSECS);
tokenManager2.setTokenMaxLifeValuesHolder(holder2);
tokenManager2.setDbClient(dbClient);
tokenManager2.setCoordinator(coordinator);
encoder2.setCoordinator(coordinator);
tokenKeyGenerator2.setTokenMaxLifeValuesHolder(holder2);
encoder2.setTokenKeyGenerator(tokenKeyGenerator2);
encoder2.managerInit();
tokenManager2.setTokenEncoder(encoder2);
StorageOSUserDAO userDAO = new StorageOSUserDAO();
userDAO.setUserName("user1");
// first, verify both managers are starting with the same key.
final String token1 = tokenManager1.getToken(userDAO);
Assert.assertNotNull(token1);
TokenOnWire tw1 = encoder1.decode(token1);
String key1 = tw1.getEncryptionKeyId();
final String token2 = tokenManager2.getToken(userDAO);
Assert.assertNotNull(token2);
TokenOnWire tw2 = encoder2.decode(token2);
String key2 = tw2.getEncryptionKeyId();
Assert.assertEquals(key1, key2);
}
Also used :
TokenMaxLifeValuesHolder(com.emc.storageos.security.authentication.TokenMaxLifeValuesHolder)
CassandraTokenManager(com.emc.storageos.auth.impl.CassandraTokenManager)
StorageOSUserDAO(com.emc.storageos.db.client.model.StorageOSUserDAO)
DbClient(com.emc.storageos.db.client.DbClient)
Base64TokenEncoder(com.emc.storageos.security.authentication.Base64TokenEncoder)
TokenKeyGenerator(com.emc.storageos.security.authentication.TokenKeyGenerator)
TokenOnWire(com.emc.storageos.security.authentication.TokenOnWire)
Example 9 with StorageOSUserDAO
use of com.emc.storageos.db.client.model.StorageOSUserDAO in project coprhd-controller by CoprHD.
the class TokenManagerTests method testProxyTokens.
/**
* Basic tests for proxy tokens
*/
@Test
public void testProxyTokens() throws Exception {
commonDefaultSetupForSingleNodeTests();
// Create a regular token
StorageOSUserDAO userDAO = new StorageOSUserDAO();
userDAO.setUserName("user111");
userDAO.setIsLocal(true);
userDAO.addAttribute("attr1=val1");
userDAO.addGroup("group1");
userDAO.setId((URIUtil.createId(StorageOSUserDAO.class)));
_dbClient.persistObject(userDAO);
final String token = _tokenManager.getToken(userDAO);
Assert.assertNotNull(token);
TokenOnWire tw = _encoder.decode(token);
Token tokenObj = _dbClient.queryObject(Token.class, tw.getTokenId());
Assert.assertNotNull(tokenObj);
// Check that the system knows it as a non-proxy token
Assert.assertFalse(BaseToken.isProxyToken(tokenObj));
// Do the same with a proxy token
final String proxyToken = _tokenManager.getProxyToken(userDAO);
Assert.assertNotNull(proxyToken);
TokenOnWire ptw = _encoder.decode(proxyToken);
ProxyToken proxyTokenObj = _dbClient.queryObject(ProxyToken.class, ptw.getTokenId());
Assert.assertNotNull(proxyTokenObj);
Assert.assertTrue(BaseToken.isProxyToken(proxyTokenObj));
Assert.assertTrue(ptw.isProxyToken());
Assert.assertNotNull(proxyTokenObj.getLastKnownIds());
// Check that user fetched from the id in the proxy token
// matches the user's properties of the userDAO that created the proxytoken
URI userId = proxyTokenObj.peekLastKnownId();
StorageOSUserDAO userFromProxyToken = _dbClient.queryObject(StorageOSUserDAO.class, userId);
Assert.assertNotNull(userFromProxyToken);
Assert.assertEquals(userFromProxyToken.getUserName(), userDAO.getUserName());
Assert.assertEquals(userFromProxyToken.getAttributes().size(), userDAO.getAttributes().size());
Assert.assertTrue(userFromProxyToken.getAttributes().containsAll(userDAO.getAttributes()));
Assert.assertEquals(userFromProxyToken.getGroups().size(), userDAO.getGroups().size());
Assert.assertTrue(userFromProxyToken.getGroups().containsAll(userDAO.getGroups()));
StorageOSUserDAO userFromProxyTokenValidation = _tokenManager.validateToken(proxyToken);
Assert.assertNotNull(userFromProxyTokenValidation);
Assert.assertEquals(userFromProxyTokenValidation.getUserName(), userDAO.getUserName());
Assert.assertEquals(userFromProxyTokenValidation.getAttributes().size(), userDAO.getAttributes().size());
Assert.assertTrue(userFromProxyTokenValidation.getAttributes().containsAll(userDAO.getAttributes()));
Assert.assertEquals(userFromProxyTokenValidation.getGroups().size(), userDAO.getGroups().size());
Assert.assertTrue(userFromProxyTokenValidation.getGroups().containsAll(userDAO.getGroups()));
// Make sure that once a proxy token is created for a user, it gets reused from then on
final String proxyToken2 = _tokenManager.getProxyToken(userDAO);
Assert.assertNotNull(proxyToken2);
Assert.assertEquals(proxyToken2, proxyToken);
// simulate logout by deleting the authtoken that we created earlier
_tokenManager.deleteToken(token.toString());
StorageOSUserDAO deletedUser = _tokenManager.validateToken(token);
Assert.assertNull(deletedUser);
StorageOSUserDAO userIsStillThere = _tokenManager.validateToken(proxyToken2);
Assert.assertNotNull(userIsStillThere);
Assert.assertEquals(userIsStillThere.getUserName(), userDAO.getUserName());
Assert.assertFalse(userIsStillThere.getInactive());
// Relogin. Get new auth and proxy tokens. Force expiration of auth token.
// Test that proxy token still works.
StorageOSUserDAO userDAO2 = new StorageOSUserDAO();
userDAO2.setUserName("user222");
userDAO2.setIsLocal(true);
userDAO2.setId((URIUtil.createId(StorageOSUserDAO.class)));
_dbClient.persistObject(userDAO2);
final String shortLivedTokenRaw = _tokenManager.getToken(userDAO2);
Assert.assertNotNull(shortLivedTokenRaw);
TokenOnWire sltw = _encoder.decode(shortLivedTokenRaw);
final String proxyToken3 = _tokenManager.getProxyToken(userDAO2);
Assert.assertNotNull(proxyToken3);
Token shortLivedToken = _dbClient.queryObject(Token.class, sltw.getTokenId());
Assert.assertNotNull(shortLivedToken);
shortLivedToken.setLastAccessTime((System.currentTimeMillis() / (60 * 1000)) - 3);
_dbClient.persistObject(shortLivedToken);
// validate that auth token is gone
deletedUser = _tokenManager.validateToken(shortLivedTokenRaw);
Assert.assertNull(deletedUser);
// validate that proxy token still works.
userIsStillThere = _tokenManager.validateToken(proxyToken3);
Assert.assertNotNull(userIsStillThere);
Assert.assertEquals(userIsStillThere.getUserName(), userDAO2.getUserName());
Assert.assertFalse(userIsStillThere.getInactive());
// Test that after proxy token gets deleted, the userDao is gone or marked inactive
// (its auth token has been expired above so proxy token was the last token)
_tokenManager.deleteAllTokensForUser(userDAO2.getUserName(), true);
StorageOSUserDAO inactiveUser = _dbClient.queryObject(StorageOSUserDAO.class, userDAO2.getId());
Assert.assertTrue(inactiveUser == null || inactiveUser.getInactive() == true);
// case sensitive username and proxy token optional deletion tests
StorageOSUserDAO userDAOBlah = new StorageOSUserDAO();
userDAOBlah.setUserName("user-blah");
userDAOBlah.setIsLocal(true);
final String blahToken = _tokenManager.getToken(userDAOBlah);
Assert.assertNotNull(blahToken);
TokenOnWire decoded = _encoder.decode(blahToken);
final String blahProxyToken = _tokenManager.getProxyToken(userDAOBlah);
Assert.assertNotNull(blahProxyToken);
userDAOBlah = new StorageOSUserDAO();
userDAOBlah.setUserName("User-Blah");
userDAOBlah.setIsLocal(true);
final String blahToken2 = _tokenManager.getToken(userDAOBlah);
Assert.assertNotNull(blahToken2);
TokenOnWire decoded2 = _encoder.decode(blahToken2);
final String blahProxyToken2 = _tokenManager.getProxyToken(userDAOBlah);
Assert.assertNotNull(blahProxyToken2);
Token blahTokenObj = _dbClient.queryObject(Token.class, decoded.getTokenId());
Token blahTokenObj2 = _dbClient.queryObject(Token.class, decoded2.getTokenId());
Assert.assertEquals(blahTokenObj.getUserId(), blahTokenObj2.getUserId());
Assert.assertEquals(blahProxyToken, blahProxyToken2);
_tokenManager.deleteAllTokensForUser("user-BLAH", false);
blahTokenObj = _dbClient.queryObject(Token.class, decoded.getTokenId());
blahTokenObj2 = _dbClient.queryObject(Token.class, decoded2.getTokenId());
Assert.assertNull(blahTokenObj);
Assert.assertNull(blahTokenObj2);
Assert.assertNull(_tokenManager.validateToken(blahToken));
Assert.assertNotNull(_tokenManager.validateToken(blahProxyToken));
_tokenManager.deleteAllTokensForUser("user-BLAH", true);
Assert.assertNull(_tokenManager.validateToken(blahProxyToken));
}
Also used :
StorageOSUserDAO(com.emc.storageos.db.client.model.StorageOSUserDAO)
ProxyToken(com.emc.storageos.db.client.model.ProxyToken)
TokenOnWire(com.emc.storageos.security.authentication.TokenOnWire)
SignedToken(com.emc.storageos.security.authentication.Base64TokenEncoder.SignedToken)
ProxyToken(com.emc.storageos.db.client.model.ProxyToken)
Token(com.emc.storageos.db.client.model.Token)
BaseToken(com.emc.storageos.db.client.model.BaseToken)
URI(java.net.URI)
Test(org.junit.Test)
Example 10 with StorageOSUserDAO
use of com.emc.storageos.db.client.model.StorageOSUserDAO in project coprhd-controller by CoprHD.
the class TokenManagerTests method testTokens.
/**
* main set of tests for tokens
*/
@Test
public void testTokens() throws Exception {
commonDefaultSetupForSingleNodeTests();
// Test - new ticket issue
StorageOSUserDAO userDAO = new StorageOSUserDAO();
userDAO.setUserName("user1");
userDAO.setIsLocal(true);
long now = System.currentTimeMillis() / (60 * 1000);
final String token = _tokenManager.getToken(userDAO);
Assert.assertNotNull(token);
TokenOnWire tw1 = _encoder.decode(token);
Token tokenObj = _dbClient.queryObject(Token.class, tw1.getTokenId());
Assert.assertNotNull(tokenObj);
Assert.assertNotNull(tokenObj.getUserId());
Assert.assertTrue(tokenObj.getExpirationTime() >= (now + 4));
final URI userId = tokenObj.getUserId();
// verify token
StorageOSUserDAO gotUser = _tokenManager.validateToken(token);
Assert.assertNotNull(gotUser);
Assert.assertEquals(userId, gotUser.getId());
// Test - update user info, reuse token
StringSet groups = new StringSet();
groups.add("gr1");
groups.add("gr2");
userDAO.setGroups(groups);
StringSet attributes = new StringSet();
attributes.add("atrr1");
attributes.add("attr2");
userDAO.setAttributes(attributes);
String token2 = _tokenManager.getToken(userDAO);
// different tokens for same user record
Assert.assertFalse(token.equals(token2));
TokenOnWire tw2 = _encoder.decode(token2);
Assert.assertFalse(tw1.getTokenId().equals(tw2.getTokenId()));
tokenObj = _dbClient.queryObject(Token.class, tw2.getTokenId());
Assert.assertNotNull(tokenObj);
Assert.assertNotNull(tokenObj.getUserId());
Assert.assertEquals(userId, tokenObj.getUserId());
StorageOSUserDAO userInfo = _dbClient.queryObject(StorageOSUserDAO.class, userId);
Assert.assertNotNull(userInfo);
Assert.assertEquals(userId, userInfo.getId());
Assert.assertFalse(userInfo.getInactive());
Assert.assertEquals(groups.size(), userInfo.getGroups().size());
Assert.assertEquals(attributes.size(), userInfo.getAttributes().size());
Assert.assertTrue(userInfo.getIsLocal());
// verify token
gotUser = _tokenManager.validateToken(token2);
Assert.assertNotNull(gotUser);
Assert.assertEquals(userId, gotUser.getId());
// Test - update user info, new token
userDAO = new StorageOSUserDAO();
userDAO.setUserName("user1");
groups = new StringSet();
groups.add("gr1");
userDAO.setGroups(groups);
attributes = new StringSet();
attributes.add("atrr1");
attributes.add("attr2");
attributes.add("attr3");
userDAO.setAttributes(attributes);
// new token
final String token3 = _tokenManager.getToken(userDAO);
Assert.assertFalse(token2.equals(token3));
TokenOnWire tw3 = _encoder.decode(token3);
tokenObj = _dbClient.queryObject(Token.class, tw3.getTokenId());
Assert.assertNotNull(tokenObj);
Assert.assertNotNull(tokenObj.getUserId());
Assert.assertEquals(userId, tokenObj.getUserId());
userInfo = _dbClient.queryObject(StorageOSUserDAO.class, userId);
Assert.assertNotNull(userInfo);
Assert.assertEquals(userId, userInfo.getId());
Assert.assertFalse(userInfo.getInactive());
Assert.assertEquals(groups.size(), userInfo.getGroups().size());
Assert.assertEquals(attributes.size(), userInfo.getAttributes().size());
Assert.assertTrue(userInfo.getIsLocal());
// verify token
gotUser = _tokenManager.validateToken(token3);
Assert.assertNotNull(gotUser);
Assert.assertEquals(userId, gotUser.getId());
// Test - idle time timeout
tokenObj = _dbClient.queryObject(Token.class, tw1.getTokenId());
// extend expiration by 10min, so that will not happen
now = (System.currentTimeMillis() / (60 * 1000));
tokenObj.setLastAccessTime(now);
tokenObj.setExpirationTime(now + 5);
_dbClient.persistObject(tokenObj);
int count = 8;
while (count-- > 0) {
// validate every 30 sec, for the next 4 min
Thread.sleep(30 * 1000);
gotUser = _tokenManager.validateToken(token);
Assert.assertNotNull(gotUser);
}
// set last access time back
tokenObj = _dbClient.queryObject(Token.class, tw1.getTokenId());
tokenObj.setLastAccessTime((System.currentTimeMillis() / (60 * 1000)) - 3);
_dbClient.persistObject(tokenObj);
// validate token on the old token - should fail
gotUser = _tokenManager.validateToken(token);
Assert.assertNull(gotUser);
// token object should be deleted from db,
// but user info should not be effected because we have another token pointing to it
tokenObj = _dbClient.queryObject(Token.class, tw1.getTokenId());
Assert.assertNull(tokenObj);
userInfo = _dbClient.queryObject(StorageOSUserDAO.class, userId);
Assert.assertNotNull(userInfo);
Assert.assertFalse(userInfo.getInactive());
// Test - deletion of token
// should set userinfo inactive - because this is the last token pointing to it
_tokenManager.deleteToken(token2);
_tokenManager.deleteToken(token3);
userInfo = _dbClient.queryObject(StorageOSUserDAO.class, userId);
Assert.assertNotNull(userInfo);
Assert.assertTrue(userInfo.getInactive());
// Test - with inactive user info - new token request
// new token and new user info created - with possible race condition to create more than one each
int numThreads = 5;
final List<String> tokens = Collections.synchronizedList(new ArrayList<String>());
final List<URI> userIds = Collections.synchronizedList(new ArrayList<URI>());
ExecutorService executor = Executors.newFixedThreadPool(numThreads);
final CountDownLatch wait = new CountDownLatch(numThreads);
for (int index = 0; index < numThreads; index++) {
executor.submit(new Callable<Object>() {
@Override
public Object call() throws Exception {
wait.countDown();
wait.await();
StorageOSUserDAO userDAO = new StorageOSUserDAO();
userDAO.setUserName("user1");
String token4 = _tokenManager.getToken(userDAO);
TokenOnWire tw4 = _encoder.decode(token4);
Assert.assertFalse(token3.equals(token4));
Assert.assertFalse(token.equals(token4));
Token tokenObj = _dbClient.queryObject(Token.class, tw4.getTokenId());
Assert.assertNotNull(tokenObj);
Assert.assertNotNull(tokenObj.getUserId());
Assert.assertFalse(userId.equals(tokenObj.getUserId()));
StorageOSUserDAO userInfo = _dbClient.queryObject(StorageOSUserDAO.class, tokenObj.getUserId());
Assert.assertNotNull(userInfo);
Assert.assertEquals(userDAO.getUserName(), userInfo.getUserName());
Assert.assertFalse(userInfo.getInactive());
Assert.assertFalse(userInfo.getIsLocal());
tokens.add(token4);
userIds.add(userInfo.getId());
return null;
}
});
}
executor.shutdown();
Assert.assertTrue(executor.awaitTermination(60, TimeUnit.SECONDS));
Assert.assertTrue(!tokens.isEmpty());
Assert.assertTrue(!userIds.isEmpty());
// Test - delete all tokens
_tokenManager.deleteAllTokensForUser(userDAO.getUserName(), true);
List<URI> tokensURIs = new ArrayList<URI>();
for (String rawToken : tokens) {
tokensURIs.add(_encoder.decode(rawToken).getTokenId());
}
List<Token> allTokens = _dbClient.queryObject(Token.class, tokensURIs);
Assert.assertTrue(allTokens.isEmpty());
List<StorageOSUserDAO> users = _dbClient.queryObject(StorageOSUserDAO.class, userIds);
for (StorageOSUserDAO user : users) {
Assert.assertTrue(user.getInactive());
URIQueryResultList tokensForUser = new URIQueryResultList();
_dbClient.queryByConstraint(ContainmentConstraint.Factory.getUserIdTokenConstraint(userId), tokensForUser);
Assert.assertFalse(tokensForUser.iterator().hasNext());
}
// Test - expired token deleting
userDAO = new StorageOSUserDAO();
userDAO.setUserName("user1");
String dt1 = _tokenManager.getToken(userDAO);
TokenOnWire twdt1 = _encoder.decode(dt1);
tokenObj = _dbClient.queryObject(Token.class, twdt1.getTokenId());
Assert.assertNotNull(tokenObj);
Assert.assertNotNull(tokenObj.getUserId());
URI du1 = tokenObj.getUserId();
userDAO = new StorageOSUserDAO();
userDAO.setUserName("user2");
String dt2 = _tokenManager.getToken(userDAO);
TokenOnWire twdt2 = _encoder.decode(dt2);
tokenObj = _dbClient.queryObject(Token.class, twdt2.getTokenId());
Assert.assertNotNull(tokenObj);
Assert.assertNotNull(tokenObj.getUserId());
URI du2 = tokenObj.getUserId();
Thread.sleep(3 * 60 * 1000);
_tokenManager.runCleanupNow();
tokenObj = _dbClient.queryObject(Token.class, twdt1.getTokenId());
Assert.assertNull(tokenObj);
tokenObj = _dbClient.queryObject(Token.class, twdt2.getTokenId());
Assert.assertNull(tokenObj);
userDAO = _dbClient.queryObject(StorageOSUserDAO.class, du1);
Assert.assertTrue(userDAO.getInactive());
userDAO = _dbClient.queryObject(StorageOSUserDAO.class, du2);
Assert.assertTrue(userDAO.getInactive());
// test limits
userDAO = new StorageOSUserDAO();
userDAO.setUserName("user1");
for (int i = 0; i < 100; i++) {
dt1 = _tokenManager.getToken(userDAO);
twdt1 = _encoder.decode(dt1);
tokenObj = _dbClient.queryObject(Token.class, twdt1.getTokenId());
Assert.assertNotNull(tokenObj);
Assert.assertNotNull(tokenObj.getUserId());
}
// next get, will throw limit exception
try {
dt1 = _tokenManager.getToken(userDAO);
Assert.fail("The token limit is exceeded. The token for user1 should not be generated.");
} catch (UnauthorizedException ex) {
// this exception is an expected one.
Assert.assertTrue(true);
}
}
Also used :
SignedToken(com.emc.storageos.security.authentication.Base64TokenEncoder.SignedToken)
ProxyToken(com.emc.storageos.db.client.model.ProxyToken)
Token(com.emc.storageos.db.client.model.Token)
BaseToken(com.emc.storageos.db.client.model.BaseToken)
URI(java.net.URI)
ContainmentConstraint(com.emc.storageos.db.client.constraint.ContainmentConstraint)
AlternateIdConstraint(com.emc.storageos.db.client.constraint.AlternateIdConstraint)
UnauthorizedException(com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException)
IOException(java.io.IOException)
URIQueryResultList(com.emc.storageos.db.client.constraint.URIQueryResultList)
StorageOSUserDAO(com.emc.storageos.db.client.model.StorageOSUserDAO)
StringSet(com.emc.storageos.db.client.model.StringSet)
UnauthorizedException(com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException)
TokenOnWire(com.emc.storageos.security.authentication.TokenOnWire)
Test(org.junit.Test)
Aggregations
StorageOSUserDAO (com.emc.storageos.db.client.model.StorageOSUserDAO)37
Token (com.emc.storageos.db.client.model.Token)15
ProxyToken (com.emc.storageos.db.client.model.ProxyToken)12
Test (org.junit.Test)12
TokenOnWire (com.emc.storageos.security.authentication.TokenOnWire)11
URI (java.net.URI)10
BaseToken (com.emc.storageos.db.client.model.BaseToken)9
UsernamePasswordCredentials (org.apache.commons.httpclient.UsernamePasswordCredentials)9
SignedToken (com.emc.storageos.security.authentication.Base64TokenEncoder.SignedToken)8
CassandraTokenManager (com.emc.storageos.auth.impl.CassandraTokenManager)7
Base64TokenEncoder (com.emc.storageos.security.authentication.Base64TokenEncoder)7
TokenKeyGenerator (com.emc.storageos.security.authentication.TokenKeyGenerator)7
TokenMaxLifeValuesHolder (com.emc.storageos.security.authentication.TokenMaxLifeValuesHolder)7
CoordinatorClient (com.emc.storageos.coordinator.client.service.CoordinatorClient)6
DbClient (com.emc.storageos.db.client.DbClient)6
AlternateIdConstraint (com.emc.storageos.db.client.constraint.AlternateIdConstraint)5
ContainmentConstraint (com.emc.storageos.db.client.constraint.ContainmentConstraint)5
UnauthorizedException (com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException)5
StringSet (com.emc.storageos.db.client.model.StringSet)4
DatabaseException (com.emc.storageos.db.exceptions.DatabaseException)4
