use of org.apache.knox.gateway.services.security.token.TokenStateService in project knox by apache.
the class DefaultTokenStateServiceTest method testTokenPermissiveness.
@Test
public void testTokenPermissiveness() throws Exception {
final long expiry = System.currentTimeMillis() + TimeUnit.SECONDS.toMillis(300);
final JWT token = getJWTToken(expiry);
TokenStateService tss = new DefaultTokenStateService();
try {
tss.init(createMockGatewayConfig(true), Collections.emptyMap());
} catch (ServiceLifecycleException e) {
fail("Error creating TokenStateService: " + e.getMessage());
}
assertEquals(TimeUnit.MILLISECONDS.toSeconds(expiry), TimeUnit.MILLISECONDS.toSeconds(tss.getTokenExpiration(token)));
}
use of org.apache.knox.gateway.services.security.token.TokenStateService in project knox by apache.
the class JournalBasedTokenStateServiceTest method testTokenEvictionIncludesPreviouslyPersistedJournalEntries.
/*
* Verify that the token state reaper includes previously-persisted token state, so it's not left in the file
* system forever.
*/
@Test
public void testTokenEvictionIncludesPreviouslyPersistedJournalEntries() throws Exception {
final int TOKEN_COUNT = 5;
final long evictionInterval = TimeUnit.SECONDS.toMillis(3);
final long maxTokenLifetime = evictionInterval * 3;
final Set<JWTToken> testTokens = new HashSet<>();
for (int i = 0; i < TOKEN_COUNT; i++) {
testTokens.add(createMockToken(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(60)));
}
TokenStateJournal testJournal = TokenStateJournalFactory.create(createMockGatewayConfig(false, getGatewaySecurityDir(), getTokenStatePersistenceInterval()));
// Add a journal entry prior to initializing the TokenStateService
final JWTToken uncachedToken = createMockToken(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(60));
final String uncachedTokenId = uncachedToken.getClaim(JWTToken.KNOX_ID_CLAIM);
testJournal.add(uncachedTokenId, System.currentTimeMillis(), uncachedToken.getExpiresDate().getTime(), maxTokenLifetime, null);
assertEquals("Expected the uncached journal entry", 1, testJournal.get().size());
// Create and initialize the TokenStateService
TokenStateService tss = createTokenStateService();
TokenStateJournal journal = getJournalField(tss);
Map<String, Long> tokenExpirations = getTokenExpirationsField(tss);
Map<String, Long> maxTokenLifetimes = getMaxTokenLifetimesField(tss);
assertEquals("Expected the previously-persisted journal entry to have been loaded into the cache.", 1, tokenExpirations.size());
assertEquals("Expected the previously-persisted journal entry to have been loaded into the cache.", 1, maxTokenLifetimes.size());
try {
tss.start();
// Add the expired tokens
for (JWTToken token : testTokens) {
tss.addToken(token.getClaim(JWTToken.KNOX_ID_CLAIM), System.currentTimeMillis(), token.getExpiresDate().getTime(), maxTokenLifetime);
}
assertEquals("Expected the tokens to have been added in the base class cache.", TOKEN_COUNT + 1, tokenExpirations.size());
assertEquals("Expected the tokens lifetimes to have been added in the base class cache.", TOKEN_COUNT + 1, maxTokenLifetimes.size());
assertEquals("Expected the uncached journal entry in addition to the cached tokens", TOKEN_COUNT + 1, journal.get().size());
// Sleep to allow the eviction evaluation to be performed, but only one iteration
Thread.sleep(evictionInterval + (evictionInterval / 4));
} finally {
tss.stop();
}
assertEquals("Expected the tokens to have been removed from the base class cache as a result of eviction.", 0, tokenExpirations.size());
assertEquals("Expected the tokens lifetimes to have been removed from the base class cache as a result of eviction.", 0, maxTokenLifetimes.size());
assertEquals("Expected the journal entries to have been removed as a result of the eviction", 0, journal.get().size());
}
use of org.apache.knox.gateway.services.security.token.TokenStateService in project knox by apache.
the class JournalBasedTokenStateServiceTest method testUpdateExpirationUsesCache.
@Test
public void testUpdateExpirationUsesCache() throws Exception {
final int TOKEN_COUNT = 10;
TokenStateService tss = createTokenStateService();
Map<String, Long> tokenExpirations = getTokenExpirationsField(tss);
final long evictionInterval = TimeUnit.SECONDS.toMillis(3);
final long maxTokenLifetime = evictionInterval * 3;
final Set<JWTToken> testTokens = new HashSet<>();
for (int i = 0; i < TOKEN_COUNT; i++) {
testTokens.add(createMockToken(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(60)));
}
try {
tss.start();
// Add the expired tokens
for (JWTToken token : testTokens) {
tss.addToken(token.getClaim(JWTToken.KNOX_ID_CLAIM), System.currentTimeMillis(), token.getExpiresDate().getTime(), maxTokenLifetime);
}
assertEquals("Expected the tokens expirations to have been added in the base class cache.", TOKEN_COUNT, tokenExpirations.size());
// Set the cache values to be different from the underlying journal entry value
final long updatedExpiration = System.currentTimeMillis();
for (String tokenId : tokenExpirations.keySet()) {
((JournalBasedTokenStateService) tss).updateExpiration(tokenId, updatedExpiration);
}
// Invoking with true/false validation flags as it should not affect if values are coming from the cache
int count = 0;
for (String tokenId : tokenExpirations.keySet()) {
assertEquals("Expected the cached expiration to have been updated.", updatedExpiration, tss.getTokenExpiration(tokenId, count++ % 2 == 0));
}
} finally {
tss.stop();
}
}
Aggregations