Examples with TokenStateJournal org.apache.knox.gateway.services.token.state.TokenStateJournal used on opensource projects

Example 1 with TokenStateJournal

use of org.apache.knox.gateway.services.token.state.TokenStateJournal in project knox by apache.

the class AliasBasedTokenStateServiceTest method testLoadTokenStateJournalDuringInitWithInvalidEntries.

@Test
public void testLoadTokenStateJournalDuringInitWithInvalidEntries() throws Exception {
    final int TOKEN_COUNT = 5;
    AliasService aliasService = EasyMock.createMock(AliasService.class);
    aliasService.getAliasesForCluster(anyString());
    EasyMock.expectLastCall().andReturn(Collections.emptyList()).anyTimes();
    EasyMock.replay(aliasService);
    // Create some test tokens
    final Set<JWTToken> testTokens = new HashSet<>();
    for (int i = 0; i < TOKEN_COUNT; i++) {
        JWTToken token = createMockToken(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(60));
        testTokens.add(token);
    }
    // Persist the token state journal entries before initializing the TokenStateService
    TokenStateJournal journal = TokenStateJournalFactory.create(createMockGatewayConfig(false));
    for (JWTToken token : testTokens) {
        journal.add(token.getClaim(JWTToken.KNOX_ID_CLAIM), System.currentTimeMillis(), token.getExpiresDate().getTime(), System.currentTimeMillis() + TimeUnit.HOURS.toMillis(24), null);
    }
    // Add an entry with an invalid token identifier
    journal.add("   ", System.currentTimeMillis(), System.currentTimeMillis(), System.currentTimeMillis(), null);
    // Add an entry with an invalid issue time
    journal.add(new TestJournalEntry(UUID.randomUUID().toString(), "invalidLongValue", String.valueOf(System.currentTimeMillis()), String.valueOf(System.currentTimeMillis()), new TokenMetadata("testUser")));
    // Add an entry with an invalid expiration time
    journal.add(new TestJournalEntry(UUID.randomUUID().toString(), String.valueOf(System.currentTimeMillis()), "invalidLongValue", String.valueOf(System.currentTimeMillis()), new TokenMetadata("testUser")));
    // Add an entry with an invalid max lifetime
    journal.add(new TestJournalEntry(UUID.randomUUID().toString(), String.valueOf(System.currentTimeMillis()), String.valueOf(System.currentTimeMillis()), "invalidLongValue", new TokenMetadata("testUser")));
    AliasBasedTokenStateService tss = new NoEvictionAliasBasedTokenStateService();
    tss.setAliasService(aliasService);
    // Initialize the service, and presumably load the previously-persisted journal entries
    initTokenStateService(tss);
    Map<String, Long> tokenExpirations = getTokenExpirationsField(tss);
    Map<String, Long> maxTokenLifetimes = getMaxTokenLifetimesField(tss);
    Map<String, Long> tokenIssueTimes = getTokenIssueTimesField(tss, true);
    Set<AliasBasedTokenStateService.TokenState> unpersistedState = getUnpersistedStateField(tss);
    assertEquals("Expected the tokens expirations to have been added in the base class cache.", TOKEN_COUNT, tokenExpirations.size());
    assertEquals("Expected the tokens lifetimes to have been added in the base class cache.", TOKEN_COUNT, maxTokenLifetimes.size());
    assertEquals("Expected the tokens issue times to have been added in the base class cache.", TOKEN_COUNT, tokenIssueTimes.size());
    assertEquals("Expected the unpersisted state to have been added.", // Two TokenState entries per token (expiration, max lifetime, issue time)
    (TOKEN_COUNT * 3), unpersistedState.size());
    // Verify that the expected methods were invoked
    EasyMock.verify(aliasService);
}

Example 2 with TokenStateJournal

use of org.apache.knox.gateway.services.token.state.TokenStateJournal in project knox by apache.

the class JournalBasedTokenStateServiceTest method getJournalField.

private static TokenStateJournal getJournalField(TokenStateService tss) throws Exception {
    Field journalField = JournalBasedTokenStateService.class.getDeclaredField("journal");
    journalField.setAccessible(true);
    return (TokenStateJournal) journalField.get(tss);
}

Example 3 with TokenStateJournal

use of org.apache.knox.gateway.services.token.state.TokenStateJournal in project knox by apache.

the class JournalBasedTokenStateServiceTest method testBulkTokenStateEviction.

@Test
public void testBulkTokenStateEviction() throws Exception {
    final int TOKEN_COUNT = 5;
    final long evictionInterval = TimeUnit.SECONDS.toMillis(3);
    final long maxTokenLifetime = evictionInterval * 3;
    final Set<JWTToken> testTokens = new HashSet<>();
    for (int i = 0; i < TOKEN_COUNT; i++) {
        testTokens.add(createMockToken(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(60)));
    }
    TokenStateService tss = createTokenStateService();
    TokenStateJournal journal = getJournalField(tss);
    try {
        tss.start();
        // Add the expired tokens
        for (JWTToken token : testTokens) {
            tss.addToken(token.getClaim(JWTToken.KNOX_ID_CLAIM), System.currentTimeMillis(), token.getExpiresDate().getTime(), maxTokenLifetime);
            assertTrue("Expected the token to have expired.", tss.isExpired(token));
        }
        assertEquals(TOKEN_COUNT, journal.get().size());
        // Sleep to allow the eviction evaluation to be performed
        Thread.sleep(evictionInterval + (evictionInterval / 2));
    } finally {
        tss.stop();
    }
    assertEquals(0, journal.get().size());
}

Example 4 with TokenStateJournal

use of org.apache.knox.gateway.services.token.state.TokenStateJournal in project knox by apache.

the class AbstractFileTokenStateJournalTest method testSingleJournalEntryRoundTrip.

@Test
public void testSingleJournalEntryRoundTrip() throws Exception {
    GatewayConfig config = getGatewayConfig();
    TokenStateJournal journal = createTokenStateJournal(config);
    final String tokenId = String.valueOf(UUID.randomUUID());
    // Verify that the token state has not yet been journaled
    assertNull(journal.get(tokenId));
    long issueTime = System.currentTimeMillis();
    long expiration = issueTime + TimeUnit.MINUTES.toMillis(5);
    long maxLifetime = issueTime + (5 * TimeUnit.MINUTES.toMillis(5));
    JournalEntry original = createTestJournalEntry(tokenId, issueTime, expiration, maxLifetime);
    journal.add(original);
    // Get the token state from the journal, and validate its contents
    JournalEntry entry = journal.get(tokenId);
    assertNotNull(entry);
    assertEquals(original.getTokenId(), entry.getTokenId());
    assertEquals(original.getIssueTime(), entry.getIssueTime());
    assertEquals(original.getExpiration(), entry.getExpiration());
    assertEquals(original.getMaxLifetime(), entry.getMaxLifetime());
    journal.remove(entry);
    // Verify that the token state can no longer be gotten from the journal
    assertNull(journal.get(tokenId));
}

Example 5 with TokenStateJournal

use of org.apache.knox.gateway.services.token.state.TokenStateJournal in project knox by apache.

the class AbstractFileTokenStateJournalTest method testGetUnknownToken.

@Test
public void testGetUnknownToken() throws Exception {
    GatewayConfig config = getGatewayConfig();
    TokenStateJournal journal = createTokenStateJournal(config);
    assertNull(journal.get(UUID.randomUUID().toString()));
}