Example 1 with InterVDCTokenCacheHelper
use of com.emc.storageos.security.geo.InterVDCTokenCacheHelper in project coprhd-controller by CoprHD.
the class TokenManagerTests method testLegitimateTokenKeyIdRange.
@Test
public void testLegitimateTokenKeyIdRange() throws Exception {
CoordinatorClient coordinator = new TestCoordinator();
TokenMaxLifeValuesHolder holder = new TokenMaxLifeValuesHolder();
TokenKeyGenerator tokenKeyGenerator1 = new TokenKeyGenerator();
tokenKeyGenerator1.setTokenMaxLifeValuesHolder(holder);
Base64TokenEncoder encoder1 = new Base64TokenEncoder();
encoder1.setCoordinator(coordinator);
encoder1.setTokenKeyGenerator(tokenKeyGenerator1);
encoder1.managerInit();
TokenKeysBundle bundle = tokenKeyGenerator1.readBundle();
InterVDCTokenCacheHelper cacheHelper = new InterVDCTokenCacheHelper();
cacheHelper.setCoordinator(coordinator);
cacheHelper.setMaxLifeValuesHolder(holder);
// assumption, there should be one key to start with:
Assert.assertEquals(1, bundle.getKeyEntries().size());
// POS try with the exact key that is in the bundle
Assert.assertTrue(cacheHelper.sanitizeRequestedKeyIds(bundle, bundle.getKeyEntries().get(0)));
// POS try with a key that is a little in the future
String inputKeyStr = bundle.getCurrentKeyEntry();
Long inputKey = Long.parseLong(inputKeyStr);
inputKey += 3000;
Assert.assertTrue(cacheHelper.sanitizeRequestedKeyIds(bundle, inputKey.toString()));
// NEG try with a key that is more than a rotation +20 minutes in the future
inputKeyStr = bundle.getCurrentKeyEntry();
inputKey = Long.parseLong(inputKeyStr);
inputKey += tokenKeyGenerator1.getKeyRotationIntervalInMSecs() + CassandraTokenValidator.FOREIGN_TOKEN_KEYS_BUNDLE_REFRESH_RATE_IN_MINS * 60 * 1000 + 3000;
Assert.assertFalse(cacheHelper.sanitizeRequestedKeyIds(bundle, inputKey.toString()));
// NEG try with a key that is in the past
inputKeyStr = bundle.getCurrentKeyEntry();
inputKey = Long.parseLong(inputKeyStr);
inputKey -= 1000;
Assert.assertFalse(cacheHelper.sanitizeRequestedKeyIds(bundle, inputKey.toString()));
// rotate the keys
tokenKeyGenerator1.rotateKeys();
bundle = tokenKeyGenerator1.readBundle();
// assumption, there should be 2 keys now:
Assert.assertEquals(2, bundle.getKeyEntries().size());
// POS try with the previous and current key
Assert.assertTrue(cacheHelper.sanitizeRequestedKeyIds(bundle, bundle.getKeyEntries().get(0)));
Assert.assertTrue(cacheHelper.sanitizeRequestedKeyIds(bundle, bundle.getKeyEntries().get(1)));
// POS try with a key that is a little bit in the future of the current key
inputKeyStr = bundle.getCurrentKeyEntry();
inputKey = Long.parseLong(inputKeyStr);
inputKey += 3000;
Assert.assertTrue(cacheHelper.sanitizeRequestedKeyIds(bundle, inputKey.toString()));
// NEG try with a key that is more than a rotation + 20 minutes in the future
inputKeyStr = bundle.getCurrentKeyEntry();
inputKey = Long.parseLong(inputKeyStr);
inputKey += tokenKeyGenerator1.getKeyRotationIntervalInMSecs() + CassandraTokenValidator.FOREIGN_TOKEN_KEYS_BUNDLE_REFRESH_RATE_IN_MINS * 60 * 1000 + 3000;
Assert.assertFalse(cacheHelper.sanitizeRequestedKeyIds(bundle, inputKey.toString()));
// NEG try with a key that is in the recent past of the current key,
// so in between low and high bounds without being any of them
inputKeyStr = bundle.getCurrentKeyEntry();
inputKey = Long.parseLong(inputKeyStr);
inputKey -= 1000;
Assert.assertFalse(cacheHelper.sanitizeRequestedKeyIds(bundle, inputKey.toString()));
// POS try with a key that is one rotation in the future of the current key
inputKeyStr = bundle.getCurrentKeyEntry();
inputKey = Long.parseLong(inputKeyStr);
inputKey += tokenKeyGenerator1.getKeyRotationIntervalInMSecs();
Assert.assertTrue(cacheHelper.sanitizeRequestedKeyIds(bundle, inputKey.toString()));
// NEG try with a key that is in the past of previous key
inputKeyStr = bundle.getKeyEntries().get(0);
inputKey = Long.parseLong(inputKeyStr);
inputKey -= 1000;
Assert.assertFalse(cacheHelper.sanitizeRequestedKeyIds(bundle, inputKey.toString()));
}
Also used :
TokenMaxLifeValuesHolder(com.emc.storageos.security.authentication.TokenMaxLifeValuesHolder)
InterVDCTokenCacheHelper(com.emc.storageos.security.geo.InterVDCTokenCacheHelper)
TokenKeysBundle(com.emc.storageos.security.authentication.TokenKeyGenerator.TokenKeysBundle)
CoordinatorClient(com.emc.storageos.coordinator.client.service.CoordinatorClient)
TokenKeyGenerator(com.emc.storageos.security.authentication.TokenKeyGenerator)
Base64TokenEncoder(com.emc.storageos.security.authentication.Base64TokenEncoder)
Test(org.junit.Test)
Example 2 with InterVDCTokenCacheHelper
use of com.emc.storageos.security.geo.InterVDCTokenCacheHelper in project coprhd-controller by CoprHD.
the class TokenManagerTests method concurrentTokenKeyBundleMapUpdatesSingleCache.
/**
* Here, we test that in one node of a VDC (one cache), multiple threads
* can add various tokenkeys bundle from 5 other vdcs at the same time
* and the result is a consistent 5 entries in the cache
*
* @throws Exception
*/
@Test
public void concurrentTokenKeyBundleMapUpdatesSingleCache() throws Exception {
// Create 10 distinct bundles (recreating a new TestCoordinator each time
// to simulate 10 vdcs
final HashMap<String, TokenKeysBundle> verifyingMap = new HashMap<String, TokenKeysBundle>();
for (int i = 0; i < 10; i++) {
CoordinatorClient coordinator = new TestCoordinator();
TokenMaxLifeValuesHolder holder = new TokenMaxLifeValuesHolder();
TokenKeyGenerator tokenKeyGenerator1 = new TokenKeyGenerator();
tokenKeyGenerator1.setTokenMaxLifeValuesHolder(holder);
Base64TokenEncoder encoder1 = new Base64TokenEncoder();
encoder1.setCoordinator(coordinator);
encoder1.setTokenKeyGenerator(tokenKeyGenerator1);
encoder1.managerInit();
TokenKeysBundle bundle = tokenKeyGenerator1.readBundle();
verifyingMap.put(String.format("vdc%d", i), bundle);
}
// 1 db, 1 coordinator, 1 cache. Shared across 10 threads
// We are simulating the various services of a node all wanting to
// cache the same stuff at the same time
final DbClient sharedDbClient = getDbClient();
final CoordinatorClient sharedCoordinator = new TestCoordinator();
final InterVDCTokenCacheHelper sharedCacheHelper = new InterVDCTokenCacheHelper();
sharedCacheHelper.setCoordinator(sharedCoordinator);
sharedCacheHelper.setDbClient(sharedDbClient);
TokenMaxLifeValuesHolder holder = new TokenMaxLifeValuesHolder();
sharedCacheHelper.setMaxLifeValuesHolder(holder);
int numThreads = 10;
ExecutorService executor = Executors.newFixedThreadPool(numThreads);
final CountDownLatch waiter = new CountDownLatch(numThreads);
final class InitTester implements Callable {
@Override
public Object call() throws Exception {
// synchronize all threads
waiter.countDown();
waiter.await();
for (int i = 0; i < verifyingMap.size(); i++) {
String vdc = String.format("vdc%d", i);
TokenResponseArtifacts rspArtifacts = new TokenResponseArtifacts(null, null, verifyingMap.get(vdc));
sharedCacheHelper.cacheForeignTokenAndKeys(rspArtifacts, vdc);
}
return null;
}
}
for (int i = 0; i < numThreads; i++) {
executor.submit(new InitTester());
}
executor.shutdown();
Assert.assertTrue(executor.awaitTermination(30, TimeUnit.SECONDS));
if (verifyingMap.size() != sharedCacheHelper.getAllCachedBundles().size()) {
log.error("Mismatched cache and verifying map size: ");
for (Entry<String, TokenKeysBundle> e : sharedCacheHelper.getAllCachedBundles().entrySet()) {
log.error("vdc entry: {}", e.getKey());
}
}
Assert.assertEquals(verifyingMap.size(), sharedCacheHelper.getAllCachedBundles().size());
for (int i = 0; i < verifyingMap.size(); i++) {
String vdc = String.format("vdc%d", i);
TokenKeysBundle fromCache = sharedCacheHelper.getTokenKeysBundle(vdc);
Assert.assertNotNull(fromCache);
Assert.assertTrue(fromCache.getKeyEntries().size() == verifyingMap.get(vdc).getKeyEntries().size() && fromCache.getKeyEntries().get(0).equals(verifyingMap.get(vdc).getKeyEntries().get(0)));
}
}
Also used :
TokenMaxLifeValuesHolder(com.emc.storageos.security.authentication.TokenMaxLifeValuesHolder)
DbClient(com.emc.storageos.db.client.DbClient)
TokenKeysBundle(com.emc.storageos.security.authentication.TokenKeyGenerator.TokenKeysBundle)
TokenKeyGenerator(com.emc.storageos.security.authentication.TokenKeyGenerator)
ContainmentConstraint(com.emc.storageos.db.client.constraint.ContainmentConstraint)
AlternateIdConstraint(com.emc.storageos.db.client.constraint.AlternateIdConstraint)
InterVDCTokenCacheHelper(com.emc.storageos.security.geo.InterVDCTokenCacheHelper)
CoordinatorClient(com.emc.storageos.coordinator.client.service.CoordinatorClient)
Base64TokenEncoder(com.emc.storageos.security.authentication.Base64TokenEncoder)
TokenResponseArtifacts(com.emc.storageos.security.geo.TokenResponseBuilder.TokenResponseArtifacts)
Test(org.junit.Test)
Example 3 with InterVDCTokenCacheHelper
use of com.emc.storageos.security.geo.InterVDCTokenCacheHelper in project coprhd-controller by CoprHD.
the class TokenManagerTests method testCrossVDCTokenValidation.
/**
* testCrossVDCTokenValidation
* Tests that a token from VDC2 and VDC3 can both be validated in VDC1
* given that VDC1's cache has these tokens and keys available.
*
* @throws Exception
*/
@Test
public void testCrossVDCTokenValidation() throws Exception {
commonDefaultSetupForSingleNodeTests();
TokenMaxLifeValuesHolder holder = new TokenMaxLifeValuesHolder();
// VDC1 (validator)
CoordinatorClient coordinatorVDC1 = new TestCoordinator();
InterVDCTokenCacheHelper cacheHelperVDC1 = new InterVDCTokenCacheHelper();
cacheHelperVDC1.setCoordinator(coordinatorVDC1);
cacheHelperVDC1.setDbClient(_dbClient);
cacheHelperVDC1.setMaxLifeValuesHolder(holder);
TokenKeyGenerator tokenKeyGeneratorVDC1 = new TokenKeyGenerator();
tokenKeyGeneratorVDC1.setTokenMaxLifeValuesHolder(holder);
Base64TokenEncoder encoderVDC1 = new Base64TokenEncoder();
encoderVDC1.setCoordinator(coordinatorVDC1);
encoderVDC1.setInterVDCTokenCacheHelper(cacheHelperVDC1);
encoderVDC1.setTokenKeyGenerator(tokenKeyGeneratorVDC1);
encoderVDC1.managerInit();
CassandraTokenManager tokenManagerVDC1 = new CassandraTokenManager();
tokenManagerVDC1.setDbClient(_dbClient);
tokenManagerVDC1.setCoordinator(coordinatorVDC1);
tokenManagerVDC1.setInterVDCTokenCacheHelper(cacheHelperVDC1);
tokenManagerVDC1.setTokenEncoder(encoderVDC1);
tokenManagerVDC1.setTokenMaxLifeValuesHolder(holder);
// VDC2 (creator of token)
CoordinatorClient coordinatorVDC2 = new TestCoordinator();
TokenKeyGenerator tokenKeyGeneratorVDC2 = new TokenKeyGenerator();
tokenKeyGeneratorVDC2.setTokenMaxLifeValuesHolder(holder);
Base64TokenEncoder encoderVDC2 = new Base64TokenEncoder();
encoderVDC2.setCoordinator(coordinatorVDC2);
encoderVDC2.setTokenKeyGenerator(tokenKeyGeneratorVDC2);
encoderVDC2.managerInit();
CassandraTokenManager tokenManagerVDC2 = new CassandraTokenManager();
tokenManagerVDC2.setDbClient(_dbClient);
tokenManagerVDC2.setCoordinator(coordinatorVDC2);
tokenManagerVDC2.setTokenEncoder(encoderVDC2);
tokenManagerVDC2.setTokenMaxLifeValuesHolder(holder);
// VDC3 (creator of token)
CoordinatorClient coordinatorVDC3 = new TestCoordinator();
TokenKeyGenerator tokenKeyGeneratorVDC3 = new TokenKeyGenerator();
tokenKeyGeneratorVDC3.setTokenMaxLifeValuesHolder(holder);
Base64TokenEncoder encoderVDC3 = new Base64TokenEncoder();
encoderVDC3.setCoordinator(coordinatorVDC3);
encoderVDC3.setTokenKeyGenerator(tokenKeyGeneratorVDC3);
encoderVDC3.managerInit();
CassandraTokenManager tokenManagerVDC3 = new CassandraTokenManager();
tokenManagerVDC3.setDbClient(_dbClient);
tokenManagerVDC3.setCoordinator(coordinatorVDC3);
tokenManagerVDC3.setTokenEncoder(encoderVDC3);
tokenManagerVDC3.setTokenMaxLifeValuesHolder(holder);
// VDC2 create a token
// set VdcUtil localvdcid to vdc2 to resulting token is identified as such
VirtualDataCenter localVdc = VdcUtil.getLocalVdc();
localVdc.setShortId("vdc2");
_dbClient.persistObject(localVdc);
VdcUtil.invalidateVdcUrnCache();
StorageOSUserDAO userDAOVDC2 = new StorageOSUserDAO();
userDAOVDC2.setUserName("user1@domain.com");
userDAOVDC2.setIsLocal(false);
String tokenVDC2 = tokenManagerVDC2.getToken(userDAOVDC2);
Assert.assertNotNull(tokenVDC2);
TokenOnWire twVDC2 = encoderVDC2.decode(tokenVDC2);
final Token tokenObjVDC2 = _dbClient.queryObject(Token.class, twVDC2.getTokenId());
Assert.assertNotNull(tokenObjVDC2);
URI userIdVDC2 = tokenObjVDC2.getUserId();
Assert.assertNotNull(userIdVDC2);
final StorageOSUserDAO gotUserVDC2 = tokenManagerVDC2.validateToken(tokenVDC2);
Assert.assertNotNull(gotUserVDC2);
// because we are running this on the same "db" as opposed to 2 different VDCs,
// there will be a conflict when caching the token, since the original is already there
// with the same id. So we are changing the token id and user record id for this
// purpose.
tokenObjVDC2.setId(URIUtil.createId(Token.class));
gotUserVDC2.setId(URIUtil.createId(StorageOSUserDAO.class));
tokenObjVDC2.setUserId(gotUserVDC2.getId());
TokenOnWire tokenToBeCachedVDC2 = TokenOnWire.createTokenOnWire(tokenObjVDC2);
// this re-encoded alternate token is the token that will be cached and validated
// from cache.
final String newEncodedVDC2 = encoderVDC2.encode(tokenToBeCachedVDC2);
// VDC3 create a token
// set VdcUtil localvdcid to vdc3 to resulting token is identified as such
localVdc.setShortId("vdc3");
_dbClient.persistObject(localVdc);
VdcUtil.invalidateVdcUrnCache();
StorageOSUserDAO userDAOVDC3 = new StorageOSUserDAO();
userDAOVDC3.setUserName("user2@domain.com");
userDAOVDC3.setIsLocal(false);
String tokenVDC3 = tokenManagerVDC3.getToken(userDAOVDC3);
Assert.assertNotNull(tokenVDC3);
TokenOnWire twVDC3 = encoderVDC3.decode(tokenVDC3);
final Token tokenObjVDC3 = _dbClient.queryObject(Token.class, twVDC3.getTokenId());
Assert.assertNotNull(tokenObjVDC3);
URI userIdVDC3 = tokenObjVDC3.getUserId();
Assert.assertNotNull(userIdVDC3);
final StorageOSUserDAO gotUserVDC3 = tokenManagerVDC3.validateToken(tokenVDC3);
Assert.assertNotNull(gotUserVDC3);
tokenObjVDC3.setId(URIUtil.createId(Token.class));
gotUserVDC3.setId(URIUtil.createId(StorageOSUserDAO.class));
tokenObjVDC3.setUserId(gotUserVDC3.getId());
TokenOnWire tokenToBeCachedVDC3 = TokenOnWire.createTokenOnWire(tokenObjVDC3);
// this re-encoded alternate token is the token that will be cached and validated
// from cache.
final String newEncodedVDC3 = encoderVDC3.encode(tokenToBeCachedVDC3);
// Cache VDC2 &3's tokens and keys in VDC1.cache
TokenKeysBundle bundleVDC2 = tokenKeyGeneratorVDC2.readBundle();
TokenKeysBundle bundleVDC3 = tokenKeyGeneratorVDC3.readBundle();
TokenResponseArtifacts artifactsVDC2 = new TokenResponseArtifacts(gotUserVDC2, tokenObjVDC2, bundleVDC2);
TokenResponseArtifacts artifactsVDC3 = new TokenResponseArtifacts(gotUserVDC3, tokenObjVDC3, bundleVDC3);
cacheHelperVDC1.cacheForeignTokenAndKeys(artifactsVDC2, "vdc2");
cacheHelperVDC1.cacheForeignTokenAndKeys(artifactsVDC3, "vdc3");
Assert.assertEquals(2, cacheHelperVDC1.getAllCachedBundles().size());
// Validate both tokens using VDC1
// set VdcUtil localvdcid to vdc1 to resulting token is identified as such
localVdc.setShortId("vdc1");
_dbClient.persistObject(localVdc);
VdcUtil.invalidateVdcUrnCache();
StorageOSUserDAO userValidate = tokenManagerVDC1.validateToken(newEncodedVDC2);
Assert.assertNotNull(userValidate);
Assert.assertEquals(userValidate.getUserName(), userDAOVDC2.getUserName());
StorageOSUserDAO userValidate2 = tokenManagerVDC1.validateToken(newEncodedVDC3);
Assert.assertNotNull(userValidate2);
Assert.assertEquals(userValidate2.getUserName(), userDAOVDC3.getUserName());
}
Also used :
TokenMaxLifeValuesHolder(com.emc.storageos.security.authentication.TokenMaxLifeValuesHolder)
CassandraTokenManager(com.emc.storageos.auth.impl.CassandraTokenManager)
TokenKeysBundle(com.emc.storageos.security.authentication.TokenKeyGenerator.TokenKeysBundle)
TokenKeyGenerator(com.emc.storageos.security.authentication.TokenKeyGenerator)
SignedToken(com.emc.storageos.security.authentication.Base64TokenEncoder.SignedToken)
ProxyToken(com.emc.storageos.db.client.model.ProxyToken)
Token(com.emc.storageos.db.client.model.Token)
BaseToken(com.emc.storageos.db.client.model.BaseToken)
URI(java.net.URI)
StorageOSUserDAO(com.emc.storageos.db.client.model.StorageOSUserDAO)
InterVDCTokenCacheHelper(com.emc.storageos.security.geo.InterVDCTokenCacheHelper)
VirtualDataCenter(com.emc.storageos.db.client.model.VirtualDataCenter)
CoordinatorClient(com.emc.storageos.coordinator.client.service.CoordinatorClient)
Base64TokenEncoder(com.emc.storageos.security.authentication.Base64TokenEncoder)
TokenOnWire(com.emc.storageos.security.authentication.TokenOnWire)
TokenResponseArtifacts(com.emc.storageos.security.geo.TokenResponseBuilder.TokenResponseArtifacts)
Test(org.junit.Test)
Example 4 with InterVDCTokenCacheHelper
use of com.emc.storageos.security.geo.InterVDCTokenCacheHelper in project coprhd-controller by CoprHD.
the class TokenManagerTests method testConcurrentIntraVDCTokenCaching.
/**
* testConcurrentIntraVDCTokenCaching
* Tests that multiple nodes in a single foreign VDC can cache the same token without collision
*
* @throws Exception
*/
@Test
public void testConcurrentIntraVDCTokenCaching() throws Exception {
// common setup and create a token
commonDefaultSetupForSingleNodeTests();
VirtualDataCenter localVdc = VdcUtil.getLocalVdc();
localVdc.setShortId("externalVDCId");
_dbClient.persistObject(localVdc);
VdcUtil.invalidateVdcUrnCache();
StorageOSUserDAO userDAO = new StorageOSUserDAO();
userDAO.setUserName("user1@domain.com");
userDAO.setIsLocal(false);
String token = _tokenManager.getToken(userDAO);
Assert.assertNotNull(token);
TokenOnWire tw1 = _encoder.decode(token);
final Token tokenObj = _dbClient.queryObject(Token.class, tw1.getTokenId());
Assert.assertNotNull(tokenObj);
URI userId = tokenObj.getUserId();
Assert.assertNotNull(userId);
final StorageOSUserDAO gotUser = _tokenManager.validateToken(token);
Assert.assertNotNull(gotUser);
// because we are running this on the same "db" as opposed to 2 different VDCs,
// there will be a conflict when caching the token, since the original is already there
// with the same id. So we are changing the token id and user record id for this
// purpose.
tokenObj.setId(URIUtil.createId(Token.class));
gotUser.setId(URIUtil.createId(StorageOSUserDAO.class));
tokenObj.setUserId(gotUser.getId());
TokenOnWire tokenToBeCached = TokenOnWire.createTokenOnWire(tokenObj);
// this re-encoded alternate token is the token that will be cached and validated
// from cache.
final String newEncoded = _encoder.encode(tokenToBeCached);
final DbClient dbClient = getDbClient();
// note: the same coordinator is being used in all threads. This means that
// token keys will be present in this simulated foreign vdc eventhough we didn't
// explicitly cache them. This should normally fail since we don't have the keys
// but to focus this test on just the token validation from cache, we leave this be.
// A separate test will deal with multiple TestCoordinator() representing different
// zk, in other words true multiple VDCs.
final CoordinatorClient coordinator = new TestCoordinator();
// change it back to vdc1, so that it will not match the vdcid in the token
// created earlier and therefore will be considered a foreign token.
localVdc.setShortId("vdc1");
_dbClient.persistObject(localVdc);
VdcUtil.invalidateVdcUrnCache();
int numThreads = 5;
ExecutorService executor = Executors.newFixedThreadPool(numThreads);
final CountDownLatch waiter = new CountDownLatch(numThreads);
final class InitTester implements Callable {
@Override
public Object call() throws Exception {
// create node artifacts
TokenMaxLifeValuesHolder holder = new TokenMaxLifeValuesHolder();
holder.setForeignTokenCacheExpirationInMins(1);
InterVDCTokenCacheHelper cacheHelper = new InterVDCTokenCacheHelper();
cacheHelper.setCoordinator(coordinator);
cacheHelper.setDbClient(dbClient);
cacheHelper.setMaxLifeValuesHolder(holder);
TokenKeyGenerator tokenKeyGenerator1 = new TokenKeyGenerator();
tokenKeyGenerator1.setTokenMaxLifeValuesHolder(holder);
Base64TokenEncoder encoder1 = new Base64TokenEncoder();
encoder1.setCoordinator(coordinator);
encoder1.setInterVDCTokenCacheHelper(cacheHelper);
encoder1.setTokenKeyGenerator(tokenKeyGenerator1);
encoder1.managerInit();
CassandraTokenManager tokenManager1 = new CassandraTokenManager();
tokenManager1.setDbClient(dbClient);
tokenManager1.setCoordinator(coordinator);
tokenManager1.setTokenMaxLifeValuesHolder(holder);
tokenManager1.setInterVDCTokenCacheHelper(cacheHelper);
tokenManager1.setTokenEncoder(encoder1);
TokenResponseArtifacts artifacts = new TokenResponseArtifacts(gotUser, tokenObj, null);
// synchronize all threads
waiter.countDown();
waiter.await();
// Cache the token artifacts. Each thread will try at the same time
// End result is, the token/user values will all be the same anyway
// but the important is there is no concurrency issue between the first
// thread that will try to add to the cache, and the others that will simply
// update it.
cacheHelper.cacheForeignTokenAndKeys(artifacts, null);
// First validation should work. It validates from the cache.
StorageOSUserDAO userFromDB = tokenManager1.validateToken(newEncoded);
Assert.assertNotNull(userFromDB);
Assert.assertEquals(userFromDB.getUserName(), gotUser.getUserName());
// wait longer than cache expiration (longer than 1 minute in our case)
// token's cache expiration should be expired
Thread.sleep((holder.getForeignTokenCacheExpirationInMins() + 1) * 60000);
userFromDB = tokenManager1.validateToken(newEncoded);
Assert.assertNull(userFromDB);
return null;
}
}
for (int i = 0; i < numThreads; i++) {
executor.submit(new InitTester());
}
executor.shutdown();
Assert.assertTrue(executor.awaitTermination(180, TimeUnit.SECONDS));
}
Also used :
TokenMaxLifeValuesHolder(com.emc.storageos.security.authentication.TokenMaxLifeValuesHolder)
CassandraTokenManager(com.emc.storageos.auth.impl.CassandraTokenManager)
DbClient(com.emc.storageos.db.client.DbClient)
SignedToken(com.emc.storageos.security.authentication.Base64TokenEncoder.SignedToken)
ProxyToken(com.emc.storageos.db.client.model.ProxyToken)
Token(com.emc.storageos.db.client.model.Token)
BaseToken(com.emc.storageos.db.client.model.BaseToken)
TokenKeyGenerator(com.emc.storageos.security.authentication.TokenKeyGenerator)
URI(java.net.URI)
ContainmentConstraint(com.emc.storageos.db.client.constraint.ContainmentConstraint)
AlternateIdConstraint(com.emc.storageos.db.client.constraint.AlternateIdConstraint)
StorageOSUserDAO(com.emc.storageos.db.client.model.StorageOSUserDAO)
InterVDCTokenCacheHelper(com.emc.storageos.security.geo.InterVDCTokenCacheHelper)
VirtualDataCenter(com.emc.storageos.db.client.model.VirtualDataCenter)
CoordinatorClient(com.emc.storageos.coordinator.client.service.CoordinatorClient)
TokenOnWire(com.emc.storageos.security.authentication.TokenOnWire)
Base64TokenEncoder(com.emc.storageos.security.authentication.Base64TokenEncoder)
TokenResponseArtifacts(com.emc.storageos.security.geo.TokenResponseBuilder.TokenResponseArtifacts)
Test(org.junit.Test)
Aggregations
CoordinatorClient (com.emc.storageos.coordinator.client.service.CoordinatorClient)4
Base64TokenEncoder (com.emc.storageos.security.authentication.Base64TokenEncoder)4
TokenKeyGenerator (com.emc.storageos.security.authentication.TokenKeyGenerator)4
TokenMaxLifeValuesHolder (com.emc.storageos.security.authentication.TokenMaxLifeValuesHolder)4
InterVDCTokenCacheHelper (com.emc.storageos.security.geo.InterVDCTokenCacheHelper)4
Test (org.junit.Test)4
TokenKeysBundle (com.emc.storageos.security.authentication.TokenKeyGenerator.TokenKeysBundle)3
TokenResponseArtifacts (com.emc.storageos.security.geo.TokenResponseBuilder.TokenResponseArtifacts)3
CassandraTokenManager (com.emc.storageos.auth.impl.CassandraTokenManager)2
DbClient (com.emc.storageos.db.client.DbClient)2
AlternateIdConstraint (com.emc.storageos.db.client.constraint.AlternateIdConstraint)2
ContainmentConstraint (com.emc.storageos.db.client.constraint.ContainmentConstraint)2
BaseToken (com.emc.storageos.db.client.model.BaseToken)2
ProxyToken (com.emc.storageos.db.client.model.ProxyToken)2
StorageOSUserDAO (com.emc.storageos.db.client.model.StorageOSUserDAO)2
Token (com.emc.storageos.db.client.model.Token)2
VirtualDataCenter (com.emc.storageos.db.client.model.VirtualDataCenter)2
SignedToken (com.emc.storageos.security.authentication.Base64TokenEncoder.SignedToken)2
TokenOnWire (com.emc.storageos.security.authentication.TokenOnWire)2
URI (java.net.URI)2
