Search in sources :

Example 1 with AccessInformation

use of org.apache.synapse.commons.throttle.core.AccessInformation in project wso2-synapse by wso2.

the class ThrottleHandler method process.

/**
 * processing through the throttle
 * 1) concurrent throttling
 * 2) access rate based throttling - domain or ip
 *
 * @param throttle       The Throttle object - holds all configuration and state data
 *                       of the throttle
 * @param messageContext The MessageContext , that holds all data per message basis
 * @throws AxisFault         Throws when access must deny for caller
 * @throws ThrottleException    ThrottleException
 */
public void process(Throttle throttle, MessageContext messageContext) throws ThrottleException, AxisFault {
    String throttleId = throttle.getId();
    ConfigurationContext cc = messageContext.getConfigurationContext();
    // acquiring  cache manager.
    Cache<String, ConcurrentAccessController> cache;
    CacheManager cacheManager = Caching.getCacheManagerFactory().getCacheManager(THROTTLING_CACHE_MANAGER);
    if (cacheManager != null) {
        cache = cacheManager.getCache(THROTTLING_CACHE);
    } else {
        cache = Caching.getCacheManager().getCache(THROTTLING_CACHE);
    }
    if (log.isDebugEnabled()) {
        log.debug("created throttling cache : " + cache);
    }
    // Get the concurrent access controller
    ConcurrentAccessController cac;
    String key = null;
    key = ThrottleConstants.THROTTLE_PROPERTY_PREFIX + throttleId + ThrottleConstants.CAC_SUFFIX;
    cac = cache.get(key);
    // check for concurrent access
    boolean canAccess = doConcurrentThrottling(cac, messageContext);
    if (canAccess) {
        if (messageContext.getFLOW() == MessageContext.IN_FLOW) {
            // gets the remote caller domain name
            String domain = null;
            HttpServletRequest request = (HttpServletRequest) messageContext.getPropertyNonReplicable(HTTPConstants.MC_HTTP_SERVLETREQUEST);
            if (request != null) {
                domain = request.getRemoteHost();
            }
            // Domain name based throttling
            // check whether a configuration has been defined for this domain name or not
            String callerId = null;
            if (domain != null) {
                // loads the ThrottleContext
                ThrottleContext throttleCtxt = throttle.getThrottleContext(ThrottleConstants.DOMAIN_BASED_THROTTLE_KEY);
                if (throttleCtxt != null) {
                    // Loads the ThrottleConfiguration
                    ThrottleConfiguration throttleConfig = throttleCtxt.getThrottleConfiguration();
                    if (throttleConfig != null) {
                        // check for configuration for this caller
                        callerId = throttleConfig.getConfigurationKeyOfCaller(domain);
                        if (callerId != null) {
                            // If this is a clustered env.
                            throttleCtxt.setThrottleId(throttleId);
                            AccessInformation infor = accessRateController.canAccess(throttleCtxt, callerId, ThrottleConstants.DOMAIN_BASE);
                            StatCollector.collect(infor, domain, ThrottleConstants.DOMAIN_BASE);
                            // check for the permission for access
                            if (!infor.isAccessAllowed()) {
                                // if the access has denied by rate based throttling
                                if (cac != null) {
                                    cac.incrementAndGet();
                                    cache.put(key, cac);
                                    if (debugOn) {
                                        log.debug("Added the state of ConcurrentAccessController " + "to cache with key : " + key);
                                    }
                                }
                                throw new AxisFault(" Access deny for a " + "caller with Domain " + domain + " " + " : Reason : " + infor.getFaultReason());
                            }
                        } else {
                            if (debugOn) {
                                log.debug("Could not find the Throttle Context for domain-Based " + "Throttling for domain name " + domain + " Throttling for this " + "domain name may not be configured from policy");
                            }
                        }
                    }
                }
            } else {
                if (debugOn) {
                    log.debug("Could not find the domain of the caller - IP-based throttling may occur");
                }
            }
            if (callerId == null) {
                String ip = (String) messageContext.getProperty(MessageContext.REMOTE_ADDR);
                if (ip != null) {
                    // loads IP based throttle context
                    ThrottleContext context = throttle.getThrottleContext(ThrottleConstants.IP_BASED_THROTTLE_KEY);
                    if (context != null) {
                        // Loads the ThrottleConfiguration
                        ThrottleConfiguration config = context.getThrottleConfiguration();
                        if (config != null) {
                            // check for configuration for this ip
                            callerId = config.getConfigurationKeyOfCaller(ip);
                            if (callerId != null) {
                                context.setThrottleId(throttleId);
                                AccessInformation infor = accessRateController.canAccess(context, callerId, ThrottleConstants.IP_BASE);
                                // check for the permission for access
                                StatCollector.collect(infor, ip, ThrottleConstants.IP_BASE);
                                if (!infor.isAccessAllowed()) {
                                    // if the access has denied by rate based throttling
                                    if (cac != null) {
                                        cac.incrementAndGet();
                                        // set back if this is a clustered env
                                        cache.put(key, cac);
                                        if (debugOn) {
                                            log.debug("Added the state of ConcurrentAccessController " + "to cache with key : " + key);
                                        }
                                    }
                                    throw new AxisFault(" Access deny for a " + "caller with IP " + ip + " " + " : Reason : " + infor.getFaultReason());
                                }
                            }
                        }
                    } else {
                        if (debugOn) {
                            log.debug("Could not find the throttle Context for IP-Based throttling");
                        }
                    }
                } else {
                    if (debugOn) {
                        log.debug("Could not find the IP address of the caller " + "- throttling will not occur");
                    }
                }
            }
        }
        // just replicate the current state of ConcurrentAccessController
        if (cac != null) {
            cache.put(key, cac);
            if (debugOn) {
                log.debug("Added the state of ConcurrentAccessController " + "to cache with key : " + key);
            }
        }
        // finally engage rolebased access throttling if available
        doRoleBasedAccessThrottling(throttle, messageContext);
    } else {
        // replicate the current state of ConcurrentAccessController
        if (cac != null) {
            cache.put(key, cac);
            if (debugOn) {
                log.debug("Added the state of ConcurrentAccessController " + "to cache with key : " + key);
            }
        }
        throw new AxisFault("Access has currently been denied since " + " maximum concurrent access have exceeded");
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ThrottleContext(org.apache.synapse.commons.throttle.core.ThrottleContext) AxisFault(org.apache.axis2.AxisFault) ConfigurationContext(org.apache.axis2.context.ConfigurationContext) AccessInformation(org.apache.synapse.commons.throttle.core.AccessInformation) CacheManager(javax.cache.CacheManager) ThrottleConfiguration(org.apache.synapse.commons.throttle.core.ThrottleConfiguration) ConcurrentAccessController(org.apache.synapse.commons.throttle.core.ConcurrentAccessController)

Example 2 with AccessInformation

use of org.apache.synapse.commons.throttle.core.AccessInformation in project wso2-synapse by wso2.

the class ThrottleHandler method doRoleBasedAccessThrottling.

/**
 * Helper method for handling role based Access throttling
 *
 * @param messageContext             MessageContext - message level states
 * @return true if access is allowed through concurrent throttling ,o.w false
 */
private boolean doRoleBasedAccessThrottling(Throttle throttle, MessageContext messageContext) throws AxisFault, ThrottleException {
    boolean canAccess = true;
    if (throttle.getThrottleContext(ThrottleConstants.ROLE_BASED_THROTTLE_KEY) == null) {
        // if no role base throttle config return immediately
        return canAccess;
    }
    ConfigurationContext cc = messageContext.getConfigurationContext();
    String throttleId = throttle.getId();
    // acquiring  cache manager.
    Cache<String, ConcurrentAccessController> cache;
    CacheManager cacheManager = Caching.getCacheManagerFactory().getCacheManager(THROTTLING_CACHE_MANAGER);
    if (cacheManager != null) {
        cache = cacheManager.getCache(THROTTLING_CACHE);
    } else {
        cache = Caching.getCacheManager().getCache(THROTTLING_CACHE);
    }
    if (log.isDebugEnabled()) {
        log.debug("created throttling cache : " + cache);
    }
    String key = null;
    ConcurrentAccessController cac = null;
    key = ThrottleConstants.THROTTLE_PROPERTY_PREFIX + throttleId + ThrottleConstants.CAC_SUFFIX;
    cac = cache.get(key);
    if (messageContext.getFLOW() == MessageContext.IN_FLOW) {
        // gets the remote caller role name
        String consumerKey = null;
        boolean isAuthenticated = false;
        String roleID = null;
        HttpServletRequest request = (HttpServletRequest) messageContext.getPropertyNonReplicable(HTTPConstants.MC_HTTP_SERVLETREQUEST);
        if (request != null) {
            String oAuthHeader = request.getHeader("OAuth");
            // consumerKey = Utils.extractCustomerKeyFromAuthHeader(oAuthHeader);
            // roleID = Utils.extractCustomerKeyFromAuthHeader(oAuthHeader);
            DummyAuthenticator authFuture = new DummyAuthenticator(oAuthHeader);
            consumerKey = authFuture.getAPIKey();
            new DummyHandler().authenticateUser(authFuture);
            roleID = (String) authFuture.getAuthorizedRoles().get(0);
            isAuthenticated = authFuture.isAuthenticated();
        }
        if (!isAuthenticated) {
            throw new AxisFault(" Access deny for a " + "caller with consumer Key: " + consumerKey + " " + " : Reason : Authentication failure");
        }
        // Domain name based throttling
        // check whether a configuration has been defined for this role name or not
        String consumerRoleID = null;
        if (consumerKey != null && isAuthenticated) {
            // loads the ThrottleContext
            ThrottleContext context = throttle.getThrottleContext(ThrottleConstants.ROLE_BASED_THROTTLE_KEY);
            if (context != null) {
                // Loads the ThrottleConfiguration
                ThrottleConfiguration config = context.getThrottleConfiguration();
                if (config != null) {
                    // check for configuration for this caller
                    consumerRoleID = config.getConfigurationKeyOfCaller(roleID);
                    if (consumerRoleID != null) {
                        context.setThrottleId(throttleId);
                        AccessInformation infor = roleBasedAccessController.canAccess(context, consumerKey, consumerRoleID);
                        StatCollector.collect(infor, consumerKey, ThrottleConstants.ROLE_BASE);
                        // check for the permission for access
                        if (!infor.isAccessAllowed()) {
                            // if the access has denied by rate based throttling
                            if (cac != null) {
                                cac.incrementAndGet();
                                cache.put(key, cac);
                                if (debugOn) {
                                    log.debug("Added the state of ConcurrentAccessController " + "to cache with key : " + key);
                                }
                            }
                            throw new AxisFault(" Access deny for a " + "caller with Domain " + consumerKey + " " + " : Reason : " + infor.getFaultReason());
                        }
                    } else {
                        if (debugOn) {
                            log.debug("Could not find the Throttle Context for role-Based " + "Throttling for role name " + consumerKey + " Throttling for this " + "role name may not be configured from policy");
                        }
                    }
                }
            }
        } else {
            if (debugOn) {
                log.debug("Could not find the role of the caller - role based throttling NOT applied");
            }
        }
    }
    return canAccess;
}
Also used : AxisFault(org.apache.axis2.AxisFault) ThrottleContext(org.apache.synapse.commons.throttle.core.ThrottleContext) ConfigurationContext(org.apache.axis2.context.ConfigurationContext) AccessInformation(org.apache.synapse.commons.throttle.core.AccessInformation) DummyAuthenticator(org.apache.synapse.commons.throttle.module.utils.impl.DummyAuthenticator) ThrottleConfiguration(org.apache.synapse.commons.throttle.core.ThrottleConfiguration) HttpServletRequest(javax.servlet.http.HttpServletRequest) DummyHandler(org.apache.synapse.commons.throttle.module.utils.impl.DummyHandler) CacheManager(javax.cache.CacheManager) ConcurrentAccessController(org.apache.synapse.commons.throttle.core.ConcurrentAccessController)

Example 3 with AccessInformation

use of org.apache.synapse.commons.throttle.core.AccessInformation in project wso2-synapse by wso2.

the class StatCollector method main.

public static void main(String[] args) {
    AccessInformation acAllwd = new AccessInformation();
    acAllwd.setAccessAllowed(true);
    AccessInformation acDenied = new AccessInformation();
    acDenied.setAccessAllowed(false);
    StatCollector.collect(acAllwd, "nq21LN39VlKe6OezcOndBx", ThrottleConstants.ROLE_BASE);
    StatCollector.collect(acAllwd, "nq21LN39VlKe6OezcOndBx", ThrottleConstants.ROLE_BASE);
    StatCollector.collect(acAllwd, "nq21LN39VlKe6OezcOndBx", ThrottleConstants.ROLE_BASE);
    StatCollector.collect(acAllwd, "nq21LN39VlKe6OezcOndBx", ThrottleConstants.ROLE_BASE);
    StatCollector.collect(acAllwd, "asdadsadg33332424Gasdad", ThrottleConstants.ROLE_BASE);
    StatCollector.collect(acAllwd, "asdadsadg33332424Gasdad", ThrottleConstants.ROLE_BASE);
    StatCollector.collect(acAllwd, "asdadsadg33332424Gasdad", ThrottleConstants.ROLE_BASE);
    StatCollector.collect(acAllwd, "asdadsadg33332424Gasdad", ThrottleConstants.ROLE_BASE);
    StatCollector.collect(acDenied, "nq21LN39VlKe6OezcOndBx", ThrottleConstants.ROLE_BASE);
    StatCollector.collect(acDenied, "nq21LN39VlKe6OezcOndBx", ThrottleConstants.ROLE_BASE);
    StatCollector.collect(acDenied, "asdadsadg33332424Gasdad", ThrottleConstants.ROLE_BASE);
    StatCollector.collect(acDenied, "asdadsadg33332424Gasdad", ThrottleConstants.ROLE_BASE);
    StatCollector.collect(acAllwd, "asdadsadg33332424Gasdad", ThrottleConstants.ROLE_BASE);
    StatCollector.displayStats(ThrottleConstants.ROLE_BASE);
}
Also used : AccessInformation(org.apache.synapse.commons.throttle.core.AccessInformation)

Example 4 with AccessInformation

use of org.apache.synapse.commons.throttle.core.AccessInformation in project wso2-synapse by wso2.

the class ThrottleMediator method doThrottleByAccessRate.

/**
 * Helper method that handles the access-rate based throttling
 *
 * @param synCtx MessageContext(Synapse)
 * @param axisMC MessageContext(Axis2)
 * @param cc     ConfigurationContext
 * @param synLog the Synapse log to use
 * @return ue if the caller can access ,o.w. false
 */
private boolean doThrottleByAccessRate(MessageContext synCtx, org.apache.axis2.context.MessageContext axisMC, ConfigurationContext cc, SynapseLog synLog) {
    String callerId = null;
    boolean canAccess = true;
    // remote ip of the caller
    String remoteIP = (String) axisMC.getPropertyNonReplicable(org.apache.axis2.context.MessageContext.REMOTE_ADDR);
    // domain name of the caller
    String domainName = (String) axisMC.getPropertyNonReplicable(NhttpConstants.REMOTE_HOST);
    Map headers = (Map) axisMC.getProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS);
    if (headers != null) {
        String xForwardHeader = (String) headers.get(NhttpConstants.HEADER_X_FORWARDED_FOR);
        String xForwardHost = (String) headers.get(NhttpConstants.HEADER_X_FORWARDED_HOST);
        remoteIP = (xForwardHeader != null) ? xForwardHeader : remoteIP;
        domainName = (xForwardHost != null) ? xForwardHost : domainName;
    }
    // this domain name ,then throttling will occur according to that configuration
    if (domainName != null) {
        // do the domain based throttling
        if (synLog.isTraceOrDebugEnabled()) {
            synLog.traceOrDebug("The Domain Name of the caller is :" + domainName);
        }
        // loads the DomainBasedThrottleContext
        ThrottleContext context = throttle.getThrottleContext(ThrottleConstants.DOMAIN_BASED_THROTTLE_KEY);
        if (context != null) {
            // loads the DomainBasedThrottleConfiguration
            ThrottleConfiguration config = context.getThrottleConfiguration();
            if (config != null) {
                // checks the availability of a policy configuration for  this domain name
                callerId = config.getConfigurationKeyOfCaller(domainName);
                if (callerId != null) {
                    // If this is a clustered env.
                    if (isClusteringEnable) {
                        context.setConfigurationContext(cc);
                        context.setThrottleId(id);
                    }
                    try {
                        // Checks for access state
                        AccessInformation accessInformation = accessControler.canAccess(context, callerId, ThrottleConstants.DOMAIN_BASE);
                        canAccess = accessInformation.isAccessAllowed();
                        if (synLog.isTraceOrDebugEnabled()) {
                            synLog.traceOrDebug("Access " + (canAccess ? "allowed" : "denied") + " for Domain Name : " + domainName);
                        }
                        // if the access has denied by rate based throttling
                        if (!canAccess && concurrentAccessController != null) {
                            concurrentAccessController.incrementAndGet();
                            if (isClusteringEnable) {
                                dataHolder.setConcurrentAccessController(key, concurrentAccessController);
                            }
                        }
                    } catch (ThrottleException e) {
                        handleException("Error occurred during throttling", e, synCtx);
                    }
                }
            }
        }
    } else {
        synLog.traceOrDebug("The Domain name of the caller cannot be found");
    }
    // therefore trying to find a configuration policy based on remote caller ip
    if (callerId == null) {
        // do the IP-based throttling
        if (remoteIP == null) {
            if (synLog.isTraceOrDebugEnabled()) {
                synLog.traceOrDebug("The IP address of the caller cannot be found");
            }
            canAccess = true;
        } else {
            if (synLog.isTraceOrDebugEnabled()) {
                synLog.traceOrDebug("The IP Address of the caller is :" + remoteIP);
            }
            try {
                // Loads the IPBasedThrottleContext
                ThrottleContext context = throttle.getThrottleContext(ThrottleConstants.IP_BASED_THROTTLE_KEY);
                if (context != null) {
                    // Loads the IPBasedThrottleConfiguration
                    ThrottleConfiguration config = context.getThrottleConfiguration();
                    if (config != null) {
                        // Checks the availability of a policy configuration for  this ip
                        callerId = config.getConfigurationKeyOfCaller(remoteIP);
                        if (callerId != null) {
                            // For clustered env.
                            if (isClusteringEnable) {
                                context.setConfigurationContext(cc);
                                context.setThrottleId(id);
                            }
                            // Checks access state
                            AccessInformation accessInformation = accessControler.canAccess(context, callerId, ThrottleConstants.IP_BASE);
                            canAccess = accessInformation.isAccessAllowed();
                            if (synLog.isTraceOrDebugEnabled()) {
                                synLog.traceOrDebug("Access " + (canAccess ? "allowed" : "denied") + " for IP : " + remoteIP);
                            }
                            // if the access has denied by rate based throttling
                            if (!canAccess && concurrentAccessController != null) {
                                concurrentAccessController.incrementAndGet();
                                if (isClusteringEnable) {
                                    dataHolder.setConcurrentAccessController(key, concurrentAccessController);
                                }
                            }
                        }
                    }
                }
            } catch (ThrottleException e) {
                handleException("Error occurred during throttling", e, synCtx);
            }
        }
    }
    return canAccess;
}
Also used : ThrottleContext(org.apache.synapse.commons.throttle.core.ThrottleContext) AccessInformation(org.apache.synapse.commons.throttle.core.AccessInformation) ThrottleException(org.apache.synapse.commons.throttle.core.ThrottleException) ThrottleConfiguration(org.apache.synapse.commons.throttle.core.ThrottleConfiguration) Map(java.util.Map)

Aggregations

AccessInformation (org.apache.synapse.commons.throttle.core.AccessInformation)4 ThrottleConfiguration (org.apache.synapse.commons.throttle.core.ThrottleConfiguration)3 ThrottleContext (org.apache.synapse.commons.throttle.core.ThrottleContext)3 CacheManager (javax.cache.CacheManager)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 AxisFault (org.apache.axis2.AxisFault)2 ConfigurationContext (org.apache.axis2.context.ConfigurationContext)2 ConcurrentAccessController (org.apache.synapse.commons.throttle.core.ConcurrentAccessController)2 Map (java.util.Map)1 ThrottleException (org.apache.synapse.commons.throttle.core.ThrottleException)1 DummyAuthenticator (org.apache.synapse.commons.throttle.module.utils.impl.DummyAuthenticator)1 DummyHandler (org.apache.synapse.commons.throttle.module.utils.impl.DummyHandler)1