Examples with Token com.emc.storageos.db.client.model.Token used on opensource projects

Example 11 with Token

use of com.emc.storageos.db.client.model.Token in project coprhd-controller by CoprHD.

the class CassandraTokenValidator method deleteTokenInternal.

/**
 * Delete the given token from db, if this is last token referring the userDAO,
 * and there are no proxy token associated, mark the userDAO for deletion
 *
 * @param token
 */
protected void deleteTokenInternal(Token token) {
    URI userId = token.getUserId();
    _dbClient.removeObject(token);
    List<Token> tokens = getTokensForUserId(userId);
    List<ProxyToken> pTokens = getProxyTokensForUserId(userId);
    if (CollectionUtils.isEmpty(tokens) && CollectionUtils.isEmpty(pTokens)) {
        _log.info("There are no more tokens referring to the user id {}, marking it inactive");
        StorageOSUserDAO userDAO = _dbClient.queryObject(StorageOSUserDAO.class, userId);
        _dbClient.markForDeletion(userDAO);
    }
}

Example 12 with Token

use of com.emc.storageos.db.client.model.Token in project coprhd-controller by CoprHD.

the class CassandraTokenValidator method foreignTokenCacheLookup.

/**
 * Looks in the cache for token/user record. Returns null if not found or found but cache expired
 *
 * @param tw
 * @return user record
 */
private StorageOSUserDAO foreignTokenCacheLookup(TokenOnWire tw) {
    BaseToken bToken = fetchTokenLocal(tw);
    if (bToken == null || !Token.class.isInstance(bToken)) {
        _log.info("Token: no hit from cache");
        return null;
    }
    Token token = (Token) bToken;
    Long expirationTime = token.getCacheExpirationTime();
    if (expirationTime != null && expirationTime > getCurrentTimeInMins()) {
        StorageOSUserDAO user = resolveUser(token);
        _log.info("Got user from cached token: {}", user != null ? user.getUserName() : "no hit from cache");
        return user;
    }
    _log.info("Cache expired for foreign token {}", token.getId());
    return null;
}

Example 13 with Token

use of com.emc.storageos.db.client.model.Token in project coprhd-controller by CoprHD.

the class CassandraTokenValidator method fetchTokenLocal.

/**
 * Retrieves a token and checks expiration
 *
 * @param tw
 * @return
 */
private BaseToken fetchTokenLocal(TokenOnWire tw) {
    BaseToken verificationToken = null;
    URI tkId = tw.getTokenId();
    if (!tw.isProxyToken()) {
        verificationToken = _dbClient.queryObject(Token.class, tkId);
        if (null != verificationToken && !checkExpiration(((Token) verificationToken), true)) {
            _log.warn("Token found in database but is expired: {}", verificationToken.getId());
            return null;
        }
    } else {
        verificationToken = _dbClient.queryObject(ProxyToken.class, tkId);
        if (null != verificationToken && !checkExpiration((ProxyToken) verificationToken)) {
            _log.warn("ProxyToken found in database but is expired: {}", verificationToken.getId());
            return null;
        }
    }
    if (verificationToken == null) {
        _log.error("Could not find token with id {} for validation", tkId);
    }
    return verificationToken;
}

Example 14 with Token

use of com.emc.storageos.db.client.model.Token in project coprhd-controller by CoprHD.

the class TokenManagerTests method testConcurrentIntraVDCTokenCaching.

/**
 * testConcurrentIntraVDCTokenCaching
 * Tests that multiple nodes in a single foreign VDC can cache the same token without collision
 *
 * @throws Exception
 */
@Test
public void testConcurrentIntraVDCTokenCaching() throws Exception {
    // common setup and create a token
    commonDefaultSetupForSingleNodeTests();
    VirtualDataCenter localVdc = VdcUtil.getLocalVdc();
    localVdc.setShortId("externalVDCId");
    _dbClient.persistObject(localVdc);
    VdcUtil.invalidateVdcUrnCache();
    StorageOSUserDAO userDAO = new StorageOSUserDAO();
    userDAO.setUserName("user1@domain.com");
    userDAO.setIsLocal(false);
    String token = _tokenManager.getToken(userDAO);
    Assert.assertNotNull(token);
    TokenOnWire tw1 = _encoder.decode(token);
    final Token tokenObj = _dbClient.queryObject(Token.class, tw1.getTokenId());
    Assert.assertNotNull(tokenObj);
    URI userId = tokenObj.getUserId();
    Assert.assertNotNull(userId);
    final StorageOSUserDAO gotUser = _tokenManager.validateToken(token);
    Assert.assertNotNull(gotUser);
    // because we are running this on the same "db" as opposed to 2 different VDCs,
    // there will be a conflict when caching the token, since the original is already there
    // with the same id. So we are changing the token id and user record id for this
    // purpose.
    tokenObj.setId(URIUtil.createId(Token.class));
    gotUser.setId(URIUtil.createId(StorageOSUserDAO.class));
    tokenObj.setUserId(gotUser.getId());
    TokenOnWire tokenToBeCached = TokenOnWire.createTokenOnWire(tokenObj);
    // this re-encoded alternate token is the token that will be cached and validated
    // from cache.
    final String newEncoded = _encoder.encode(tokenToBeCached);
    final DbClient dbClient = getDbClient();
    // note: the same coordinator is being used in all threads. This means that
    // token keys will be present in this simulated foreign vdc eventhough we didn't
    // explicitly cache them. This should normally fail since we don't have the keys
    // but to focus this test on just the token validation from cache, we leave this be.
    // A separate test will deal with multiple TestCoordinator() representing different
    // zk, in other words true multiple VDCs.
    final CoordinatorClient coordinator = new TestCoordinator();
    // change it back to vdc1, so that it will not match the vdcid in the token
    // created earlier and therefore will be considered a foreign token.
    localVdc.setShortId("vdc1");
    _dbClient.persistObject(localVdc);
    VdcUtil.invalidateVdcUrnCache();
    int numThreads = 5;
    ExecutorService executor = Executors.newFixedThreadPool(numThreads);
    final CountDownLatch waiter = new CountDownLatch(numThreads);
    final class InitTester implements Callable {

        @Override
        public Object call() throws Exception {
            // create node artifacts
            TokenMaxLifeValuesHolder holder = new TokenMaxLifeValuesHolder();
            holder.setForeignTokenCacheExpirationInMins(1);
            InterVDCTokenCacheHelper cacheHelper = new InterVDCTokenCacheHelper();
            cacheHelper.setCoordinator(coordinator);
            cacheHelper.setDbClient(dbClient);
            cacheHelper.setMaxLifeValuesHolder(holder);
            TokenKeyGenerator tokenKeyGenerator1 = new TokenKeyGenerator();
            tokenKeyGenerator1.setTokenMaxLifeValuesHolder(holder);
            Base64TokenEncoder encoder1 = new Base64TokenEncoder();
            encoder1.setCoordinator(coordinator);
            encoder1.setInterVDCTokenCacheHelper(cacheHelper);
            encoder1.setTokenKeyGenerator(tokenKeyGenerator1);
            encoder1.managerInit();
            CassandraTokenManager tokenManager1 = new CassandraTokenManager();
            tokenManager1.setDbClient(dbClient);
            tokenManager1.setCoordinator(coordinator);
            tokenManager1.setTokenMaxLifeValuesHolder(holder);
            tokenManager1.setInterVDCTokenCacheHelper(cacheHelper);
            tokenManager1.setTokenEncoder(encoder1);
            TokenResponseArtifacts artifacts = new TokenResponseArtifacts(gotUser, tokenObj, null);
            // synchronize all threads
            waiter.countDown();
            waiter.await();
            // Cache the token artifacts. Each thread will try at the same time
            // End result is, the token/user values will all be the same anyway
            // but the important is there is no concurrency issue between the first
            // thread that will try to add to the cache, and the others that will simply
            // update it.
            cacheHelper.cacheForeignTokenAndKeys(artifacts, null);
            // First validation should work. It validates from the cache.
            StorageOSUserDAO userFromDB = tokenManager1.validateToken(newEncoded);
            Assert.assertNotNull(userFromDB);
            Assert.assertEquals(userFromDB.getUserName(), gotUser.getUserName());
            // wait longer than cache expiration (longer than 1 minute in our case)
            // token's cache expiration should be expired
            Thread.sleep((holder.getForeignTokenCacheExpirationInMins() + 1) * 60000);
            userFromDB = tokenManager1.validateToken(newEncoded);
            Assert.assertNull(userFromDB);
            return null;
        }
    }
    for (int i = 0; i < numThreads; i++) {
        executor.submit(new InitTester());
    }
    executor.shutdown();
    Assert.assertTrue(executor.awaitTermination(180, TimeUnit.SECONDS));
}

Example 15 with Token

use of com.emc.storageos.db.client.model.Token in project coprhd-controller by CoprHD.

the class TokenManagerTests method testRequestedTokenMapCleanup.

/**
 * This test checks that when the TokenManager's cleanup thread is called,
 * it deletes not only expired tokens but also their related RequestedTokenMap
 * entry if it exists (and doesn't crash if there isn't one).
 */
@Test
public void testRequestedTokenMapCleanup() throws Exception {
    commonDefaultSetupForSingleNodeTests();
    // create a token
    StorageOSUserDAO userDAO = new StorageOSUserDAO();
    userDAO.setUserName("user1");
    userDAO.setIsLocal(true);
    final String token = _tokenManager.getToken(userDAO);
    Assert.assertNotNull(token);
    TokenOnWire tw1 = _encoder.decode(token);
    Token tokenObj = _dbClient.queryObject(Token.class, tw1.getTokenId());
    Assert.assertNotNull(tokenObj);
    // add a requested map for this token
    RequestedTokenMap map = new RequestedTokenMap();
    map.setId(URIUtil.createId(RequestedTokenMap.class));
    map.setTokenID(tokenObj.getId().toString());
    map.addVDCID("vdc1");
    _dbClient.persistObject(map);
    // create a second token, no requested map entry this time.
    final String token2 = _tokenManager.getToken(userDAO);
    Assert.assertNotNull(token2);
    TokenOnWire tw2 = _encoder.decode(token2);
    Token tokenObj2 = _dbClient.queryObject(Token.class, tw2.getTokenId());
    Assert.assertNotNull(tokenObj2);
    Thread.sleep(3 * 60 * 1000);
    _tokenManager.runCleanupNow();
    Assert.assertNull(_dbClient.queryObject(Token.class, tw1.getTokenId()));
    Assert.assertNull(_requestedTokenMapHelper.getTokenMap(tw1.getTokenId().toString()));
    Assert.assertNull(_dbClient.queryObject(RequestedTokenMap.class, map.getId()));
    Assert.assertNull(_dbClient.queryObject(Token.class, tw2.getTokenId()));
    Assert.assertNull(_requestedTokenMapHelper.getTokenMap(tw2.getTokenId().toString()));
}