Examples with TokenStateJournal org.apache.knox.gateway.services.token.state.TokenStateJournal used on opensource projects

Example 6 with TokenStateJournal

use of org.apache.knox.gateway.services.token.state.TokenStateJournal in project knox by apache.

the class AbstractFileTokenStateJournalTest method testUpdateTokenState.

@Test
public void testUpdateTokenState() throws Exception {
    GatewayConfig config = getGatewayConfig();
    TokenStateJournal journal = createTokenStateJournal(config);
    final String tokenId = String.valueOf(UUID.randomUUID());
    // Verify that the token state has not yet been journaled
    assertNull(journal.get(tokenId));
    long issueTime = System.currentTimeMillis();
    long expiration = issueTime + TimeUnit.MINUTES.toMillis(5);
    long maxLifetime = issueTime + (5 * TimeUnit.MINUTES.toMillis(5));
    journal.add(tokenId, issueTime, expiration, maxLifetime, null);
    // Get the token state from the journal, and validate its contents
    JournalEntry entry = journal.get(tokenId);
    assertNotNull(entry);
    assertEquals(tokenId, entry.getTokenId());
    assertEquals(issueTime, Long.parseLong(entry.getIssueTime()));
    assertEquals(expiration, Long.parseLong(entry.getExpiration()));
    assertEquals(maxLifetime, Long.parseLong(entry.getMaxLifetime()));
    long updatedExpiration = System.currentTimeMillis() + TimeUnit.MINUTES.toMillis(5);
    journal.add(tokenId, issueTime, updatedExpiration, maxLifetime, null);
    // Get and validate the updated token state
    entry = journal.get(tokenId);
    assertNotNull(entry);
    assertEquals(tokenId, entry.getTokenId());
    assertEquals(issueTime, Long.parseLong(entry.getIssueTime()));
    assertEquals(updatedExpiration, Long.parseLong(entry.getExpiration()));
    assertEquals(maxLifetime, Long.parseLong(entry.getMaxLifetime()));
    // Verify that the token state can no longer be gotten from the journal
    journal.remove(tokenId);
    assertNull(journal.get(tokenId));
}

Example 7 with TokenStateJournal

use of org.apache.knox.gateway.services.token.state.TokenStateJournal in project knox by apache.

the class AliasBasedTokenStateServiceTest method testLoadTokenStateJournalDuringInit.

@Test
public void testLoadTokenStateJournalDuringInit() throws Exception {
    final int TOKEN_COUNT = 10;
    AliasService aliasService = EasyMock.createMock(AliasService.class);
    aliasService.getAliasesForCluster(anyString());
    EasyMock.expectLastCall().andReturn(Collections.emptyList()).anyTimes();
    EasyMock.replay(aliasService);
    // Create some test tokens
    final Set<JWTToken> testTokens = new HashSet<>();
    for (int i = 0; i < TOKEN_COUNT; i++) {
        JWTToken token = createMockToken(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(60));
        testTokens.add(token);
    }
    // Persist the token state journal entries before initializing the TokenStateService
    TokenStateJournal journal = TokenStateJournalFactory.create(createMockGatewayConfig(false));
    for (JWTToken token : testTokens) {
        journal.add(token.getClaim(JWTToken.KNOX_ID_CLAIM), System.currentTimeMillis(), token.getExpiresDate().getTime(), System.currentTimeMillis() + TimeUnit.HOURS.toMillis(24), null);
    }
    AliasBasedTokenStateService tss = new NoEvictionAliasBasedTokenStateService();
    tss.setAliasService(aliasService);
    // Initialize the service, and presumably load the previously-persisted journal entries
    initTokenStateService(tss);
    Map<String, Long> tokenExpirations = getTokenExpirationsField(tss);
    Map<String, Long> maxTokenLifetimes = getMaxTokenLifetimesField(tss);
    Map<String, Long> tokenIssueTimes = getTokenIssueTimesField(tss, true);
    Set<AliasBasedTokenStateService.TokenState> unpersistedState = getUnpersistedStateField(tss);
    assertEquals("Expected the tokens expirations to have been added in the base class cache.", TOKEN_COUNT, tokenExpirations.size());
    assertEquals("Expected the tokens lifetimes to have been added in the base class cache.", TOKEN_COUNT, maxTokenLifetimes.size());
    assertEquals("Expected the tokens issue times to have been added in the base class cache.", TOKEN_COUNT, tokenIssueTimes.size());
    assertEquals("Expected the unpersisted state to have been added.", // Two TokenState entries per token (expiration, max lifetime, issue time)
    (TOKEN_COUNT * 3), unpersistedState.size());
    // Verify that the expected methods were invoked
    EasyMock.verify(aliasService);
}

Example 8 with TokenStateJournal

use of org.apache.knox.gateway.services.token.state.TokenStateJournal in project knox by apache.

the class JournalBasedTokenStateServiceTest method testTokenEvictionIncludesPreviouslyPersistedJournalEntries.

/*
     * Verify that the token state reaper includes previously-persisted token state, so it's not left in the file
     * system forever.
     */
@Test
public void testTokenEvictionIncludesPreviouslyPersistedJournalEntries() throws Exception {
    final int TOKEN_COUNT = 5;
    final long evictionInterval = TimeUnit.SECONDS.toMillis(3);
    final long maxTokenLifetime = evictionInterval * 3;
    final Set<JWTToken> testTokens = new HashSet<>();
    for (int i = 0; i < TOKEN_COUNT; i++) {
        testTokens.add(createMockToken(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(60)));
    }
    TokenStateJournal testJournal = TokenStateJournalFactory.create(createMockGatewayConfig(false, getGatewaySecurityDir(), getTokenStatePersistenceInterval()));
    // Add a journal entry prior to initializing the TokenStateService
    final JWTToken uncachedToken = createMockToken(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(60));
    final String uncachedTokenId = uncachedToken.getClaim(JWTToken.KNOX_ID_CLAIM);
    testJournal.add(uncachedTokenId, System.currentTimeMillis(), uncachedToken.getExpiresDate().getTime(), maxTokenLifetime, null);
    assertEquals("Expected the uncached journal entry", 1, testJournal.get().size());
    // Create and initialize the TokenStateService
    TokenStateService tss = createTokenStateService();
    TokenStateJournal journal = getJournalField(tss);
    Map<String, Long> tokenExpirations = getTokenExpirationsField(tss);
    Map<String, Long> maxTokenLifetimes = getMaxTokenLifetimesField(tss);
    assertEquals("Expected the previously-persisted journal entry to have been loaded into the cache.", 1, tokenExpirations.size());
    assertEquals("Expected the previously-persisted journal entry to have been loaded into the cache.", 1, maxTokenLifetimes.size());
    try {
        tss.start();
        // Add the expired tokens
        for (JWTToken token : testTokens) {
            tss.addToken(token.getClaim(JWTToken.KNOX_ID_CLAIM), System.currentTimeMillis(), token.getExpiresDate().getTime(), maxTokenLifetime);
        }
        assertEquals("Expected the tokens to have been added in the base class cache.", TOKEN_COUNT + 1, tokenExpirations.size());
        assertEquals("Expected the tokens lifetimes to have been added in the base class cache.", TOKEN_COUNT + 1, maxTokenLifetimes.size());
        assertEquals("Expected the uncached journal entry in addition to the cached tokens", TOKEN_COUNT + 1, journal.get().size());
        // Sleep to allow the eviction evaluation to be performed, but only one iteration
        Thread.sleep(evictionInterval + (evictionInterval / 4));
    } finally {
        tss.stop();
    }
    assertEquals("Expected the tokens to have been removed from the base class cache as a result of eviction.", 0, tokenExpirations.size());
    assertEquals("Expected the tokens lifetimes to have been removed from the base class cache as a result of eviction.", 0, maxTokenLifetimes.size());
    assertEquals("Expected the journal entries to have been removed as a result of the eviction", 0, journal.get().size());
}

Example 9 with TokenStateJournal

use of org.apache.knox.gateway.services.token.state.TokenStateJournal in project knox by apache.

the class AbstractFileTokenStateJournalTest method testSingleTokenRoundTrip.

@Test
public void testSingleTokenRoundTrip() throws Exception {
    GatewayConfig config = getGatewayConfig();
    TokenStateJournal journal = createTokenStateJournal(config);
    final String tokenId = String.valueOf(UUID.randomUUID());
    // Verify that the token state has not yet been journaled
    assertNull(journal.get(tokenId));
    long issueTime = System.currentTimeMillis();
    long expiration = issueTime + TimeUnit.MINUTES.toMillis(5);
    long maxLifetime = issueTime + (5 * TimeUnit.MINUTES.toMillis(5));
    journal.add(tokenId, issueTime, expiration, maxLifetime, null);
    // Get the token state from the journal, and validate its contents
    JournalEntry entry = journal.get(tokenId);
    assertNotNull(entry);
    assertEquals(tokenId, entry.getTokenId());
    assertEquals(issueTime, Long.parseLong(entry.getIssueTime()));
    assertEquals(expiration, Long.parseLong(entry.getExpiration()));
    assertEquals(maxLifetime, Long.parseLong(entry.getMaxLifetime()));
    journal.remove(tokenId);
    // Verify that the token state can no longer be gotten from the journal
    assertNull(journal.get(tokenId));
}

Example 10 with TokenStateJournal

use of org.apache.knox.gateway.services.token.state.TokenStateJournal in project knox by apache.

the class AbstractFileTokenStateJournalTest method testMultipleTokensRoundTrip.

@Test
public void testMultipleTokensRoundTrip() throws Exception {
    GatewayConfig config = getGatewayConfig();
    TokenStateJournal journal = createTokenStateJournal(config);
    final List<String> tokenIds = new ArrayList<>();
    for (int i = 0; i < 10; i++) {
        tokenIds.add(String.valueOf(UUID.randomUUID()));
    }
    Map<String, JournalEntry> journalEntries = new HashMap<>();
    // Verify that the token state has not yet been journaled, and create a JournalEntry for it
    for (String tokenId : tokenIds) {
        assertNull(journal.get(tokenId));
        long issueTime = System.currentTimeMillis();
        long expiration = issueTime + TimeUnit.MINUTES.toMillis(5);
        long maxLifetime = issueTime + (5 * TimeUnit.MINUTES.toMillis(5));
        journalEntries.put(tokenId, createTestJournalEntry(tokenId, issueTime, expiration, maxLifetime));
    }
    for (JournalEntry entry : journalEntries.values()) {
        journal.add(entry);
    }
    for (Map.Entry<String, JournalEntry> journalEntry : journalEntries.entrySet()) {
        final String tokenId = journalEntry.getKey();
        // Get the token state from the journal, and validate its contents
        JournalEntry entry = journal.get(tokenId);
        assertNotNull(entry);
        JournalEntry original = journalEntry.getValue();
        assertEquals(original.getTokenId(), entry.getTokenId());
        assertEquals(original.getIssueTime(), entry.getIssueTime());
        assertEquals(original.getExpiration(), entry.getExpiration());
        assertEquals(original.getMaxLifetime(), entry.getMaxLifetime());
    }
    // Test loading of persisted token state
    List<JournalEntry> loadedEntries = journal.get();
    assertNotNull(loadedEntries);
    assertFalse(loadedEntries.isEmpty());
    assertEquals(10, loadedEntries.size());
    for (JournalEntry loaded : loadedEntries) {
        JournalEntry original = journalEntries.get(loaded.getTokenId());
        assertNotNull(original);
        assertEquals(original.getTokenId(), loaded.getTokenId());
        assertEquals(original.getIssueTime(), loaded.getIssueTime());
        assertEquals(original.getExpiration(), loaded.getExpiration());
        assertEquals(original.getMaxLifetime(), loaded.getMaxLifetime());
    }
    for (String tokenId : tokenIds) {
        journal.remove(tokenId);
        // Verify that the token state can no longer be gotten from the journal
        assertNull(journal.get(tokenId));
    }
}