use of org.apache.synapse.commons.throttle.core.ThrottleConfiguration in project wso2-synapse by wso2.
the class ThrottleHandler method process.
/**
* processing through the throttle
* 1) concurrent throttling
* 2) access rate based throttling - domain or ip
*
* @param throttle The Throttle object - holds all configuration and state data
* of the throttle
* @param messageContext The MessageContext , that holds all data per message basis
* @throws AxisFault Throws when access must deny for caller
* @throws ThrottleException ThrottleException
*/
public void process(Throttle throttle, MessageContext messageContext) throws ThrottleException, AxisFault {
String throttleId = throttle.getId();
ConfigurationContext cc = messageContext.getConfigurationContext();
// acquiring cache manager.
Cache<String, ConcurrentAccessController> cache;
CacheManager cacheManager = Caching.getCacheManagerFactory().getCacheManager(THROTTLING_CACHE_MANAGER);
if (cacheManager != null) {
cache = cacheManager.getCache(THROTTLING_CACHE);
} else {
cache = Caching.getCacheManager().getCache(THROTTLING_CACHE);
}
if (log.isDebugEnabled()) {
log.debug("created throttling cache : " + cache);
}
// Get the concurrent access controller
ConcurrentAccessController cac;
String key = null;
key = ThrottleConstants.THROTTLE_PROPERTY_PREFIX + throttleId + ThrottleConstants.CAC_SUFFIX;
cac = cache.get(key);
// check for concurrent access
boolean canAccess = doConcurrentThrottling(cac, messageContext);
if (canAccess) {
if (messageContext.getFLOW() == MessageContext.IN_FLOW) {
// gets the remote caller domain name
String domain = null;
HttpServletRequest request = (HttpServletRequest) messageContext.getPropertyNonReplicable(HTTPConstants.MC_HTTP_SERVLETREQUEST);
if (request != null) {
domain = request.getRemoteHost();
}
// Domain name based throttling
// check whether a configuration has been defined for this domain name or not
String callerId = null;
if (domain != null) {
// loads the ThrottleContext
ThrottleContext throttleCtxt = throttle.getThrottleContext(ThrottleConstants.DOMAIN_BASED_THROTTLE_KEY);
if (throttleCtxt != null) {
// Loads the ThrottleConfiguration
ThrottleConfiguration throttleConfig = throttleCtxt.getThrottleConfiguration();
if (throttleConfig != null) {
// check for configuration for this caller
callerId = throttleConfig.getConfigurationKeyOfCaller(domain);
if (callerId != null) {
// If this is a clustered env.
throttleCtxt.setThrottleId(throttleId);
AccessInformation infor = accessRateController.canAccess(throttleCtxt, callerId, ThrottleConstants.DOMAIN_BASE);
StatCollector.collect(infor, domain, ThrottleConstants.DOMAIN_BASE);
// check for the permission for access
if (!infor.isAccessAllowed()) {
// if the access has denied by rate based throttling
if (cac != null) {
cac.incrementAndGet();
cache.put(key, cac);
if (debugOn) {
log.debug("Added the state of ConcurrentAccessController " + "to cache with key : " + key);
}
}
throw new AxisFault(" Access deny for a " + "caller with Domain " + domain + " " + " : Reason : " + infor.getFaultReason());
}
} else {
if (debugOn) {
log.debug("Could not find the Throttle Context for domain-Based " + "Throttling for domain name " + domain + " Throttling for this " + "domain name may not be configured from policy");
}
}
}
}
} else {
if (debugOn) {
log.debug("Could not find the domain of the caller - IP-based throttling may occur");
}
}
if (callerId == null) {
String ip = (String) messageContext.getProperty(MessageContext.REMOTE_ADDR);
if (ip != null) {
// loads IP based throttle context
ThrottleContext context = throttle.getThrottleContext(ThrottleConstants.IP_BASED_THROTTLE_KEY);
if (context != null) {
// Loads the ThrottleConfiguration
ThrottleConfiguration config = context.getThrottleConfiguration();
if (config != null) {
// check for configuration for this ip
callerId = config.getConfigurationKeyOfCaller(ip);
if (callerId != null) {
context.setThrottleId(throttleId);
AccessInformation infor = accessRateController.canAccess(context, callerId, ThrottleConstants.IP_BASE);
// check for the permission for access
StatCollector.collect(infor, ip, ThrottleConstants.IP_BASE);
if (!infor.isAccessAllowed()) {
// if the access has denied by rate based throttling
if (cac != null) {
cac.incrementAndGet();
// set back if this is a clustered env
cache.put(key, cac);
if (debugOn) {
log.debug("Added the state of ConcurrentAccessController " + "to cache with key : " + key);
}
}
throw new AxisFault(" Access deny for a " + "caller with IP " + ip + " " + " : Reason : " + infor.getFaultReason());
}
}
}
} else {
if (debugOn) {
log.debug("Could not find the throttle Context for IP-Based throttling");
}
}
} else {
if (debugOn) {
log.debug("Could not find the IP address of the caller " + "- throttling will not occur");
}
}
}
}
// just replicate the current state of ConcurrentAccessController
if (cac != null) {
cache.put(key, cac);
if (debugOn) {
log.debug("Added the state of ConcurrentAccessController " + "to cache with key : " + key);
}
}
// finally engage rolebased access throttling if available
doRoleBasedAccessThrottling(throttle, messageContext);
} else {
// replicate the current state of ConcurrentAccessController
if (cac != null) {
cache.put(key, cac);
if (debugOn) {
log.debug("Added the state of ConcurrentAccessController " + "to cache with key : " + key);
}
}
throw new AxisFault("Access has currently been denied since " + " maximum concurrent access have exceeded");
}
}
use of org.apache.synapse.commons.throttle.core.ThrottleConfiguration in project wso2-synapse by wso2.
the class ThrottleHandler method doRoleBasedAccessThrottling.
/**
* Helper method for handling role based Access throttling
*
* @param messageContext MessageContext - message level states
* @return true if access is allowed through concurrent throttling ,o.w false
*/
private boolean doRoleBasedAccessThrottling(Throttle throttle, MessageContext messageContext) throws AxisFault, ThrottleException {
boolean canAccess = true;
if (throttle.getThrottleContext(ThrottleConstants.ROLE_BASED_THROTTLE_KEY) == null) {
// if no role base throttle config return immediately
return canAccess;
}
ConfigurationContext cc = messageContext.getConfigurationContext();
String throttleId = throttle.getId();
// acquiring cache manager.
Cache<String, ConcurrentAccessController> cache;
CacheManager cacheManager = Caching.getCacheManagerFactory().getCacheManager(THROTTLING_CACHE_MANAGER);
if (cacheManager != null) {
cache = cacheManager.getCache(THROTTLING_CACHE);
} else {
cache = Caching.getCacheManager().getCache(THROTTLING_CACHE);
}
if (log.isDebugEnabled()) {
log.debug("created throttling cache : " + cache);
}
String key = null;
ConcurrentAccessController cac = null;
key = ThrottleConstants.THROTTLE_PROPERTY_PREFIX + throttleId + ThrottleConstants.CAC_SUFFIX;
cac = cache.get(key);
if (messageContext.getFLOW() == MessageContext.IN_FLOW) {
// gets the remote caller role name
String consumerKey = null;
boolean isAuthenticated = false;
String roleID = null;
HttpServletRequest request = (HttpServletRequest) messageContext.getPropertyNonReplicable(HTTPConstants.MC_HTTP_SERVLETREQUEST);
if (request != null) {
String oAuthHeader = request.getHeader("OAuth");
// consumerKey = Utils.extractCustomerKeyFromAuthHeader(oAuthHeader);
// roleID = Utils.extractCustomerKeyFromAuthHeader(oAuthHeader);
DummyAuthenticator authFuture = new DummyAuthenticator(oAuthHeader);
consumerKey = authFuture.getAPIKey();
new DummyHandler().authenticateUser(authFuture);
roleID = (String) authFuture.getAuthorizedRoles().get(0);
isAuthenticated = authFuture.isAuthenticated();
}
if (!isAuthenticated) {
throw new AxisFault(" Access deny for a " + "caller with consumer Key: " + consumerKey + " " + " : Reason : Authentication failure");
}
// Domain name based throttling
// check whether a configuration has been defined for this role name or not
String consumerRoleID = null;
if (consumerKey != null && isAuthenticated) {
// loads the ThrottleContext
ThrottleContext context = throttle.getThrottleContext(ThrottleConstants.ROLE_BASED_THROTTLE_KEY);
if (context != null) {
// Loads the ThrottleConfiguration
ThrottleConfiguration config = context.getThrottleConfiguration();
if (config != null) {
// check for configuration for this caller
consumerRoleID = config.getConfigurationKeyOfCaller(roleID);
if (consumerRoleID != null) {
context.setThrottleId(throttleId);
AccessInformation infor = roleBasedAccessController.canAccess(context, consumerKey, consumerRoleID);
StatCollector.collect(infor, consumerKey, ThrottleConstants.ROLE_BASE);
// check for the permission for access
if (!infor.isAccessAllowed()) {
// if the access has denied by rate based throttling
if (cac != null) {
cac.incrementAndGet();
cache.put(key, cac);
if (debugOn) {
log.debug("Added the state of ConcurrentAccessController " + "to cache with key : " + key);
}
}
throw new AxisFault(" Access deny for a " + "caller with Domain " + consumerKey + " " + " : Reason : " + infor.getFaultReason());
}
} else {
if (debugOn) {
log.debug("Could not find the Throttle Context for role-Based " + "Throttling for role name " + consumerKey + " Throttling for this " + "role name may not be configured from policy");
}
}
}
}
} else {
if (debugOn) {
log.debug("Could not find the role of the caller - role based throttling NOT applied");
}
}
}
return canAccess;
}
use of org.apache.synapse.commons.throttle.core.ThrottleConfiguration in project wso2-synapse by wso2.
the class ThrottleMediator method doThrottleByAccessRate.
/**
* Helper method that handles the access-rate based throttling
*
* @param synCtx MessageContext(Synapse)
* @param axisMC MessageContext(Axis2)
* @param cc ConfigurationContext
* @param synLog the Synapse log to use
* @return ue if the caller can access ,o.w. false
*/
private boolean doThrottleByAccessRate(MessageContext synCtx, org.apache.axis2.context.MessageContext axisMC, ConfigurationContext cc, SynapseLog synLog) {
String callerId = null;
boolean canAccess = true;
// remote ip of the caller
String remoteIP = (String) axisMC.getPropertyNonReplicable(org.apache.axis2.context.MessageContext.REMOTE_ADDR);
// domain name of the caller
String domainName = (String) axisMC.getPropertyNonReplicable(NhttpConstants.REMOTE_HOST);
Map headers = (Map) axisMC.getProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS);
if (headers != null) {
String xForwardHeader = (String) headers.get(NhttpConstants.HEADER_X_FORWARDED_FOR);
String xForwardHost = (String) headers.get(NhttpConstants.HEADER_X_FORWARDED_HOST);
remoteIP = (xForwardHeader != null) ? xForwardHeader : remoteIP;
domainName = (xForwardHost != null) ? xForwardHost : domainName;
}
// this domain name ,then throttling will occur according to that configuration
if (domainName != null) {
// do the domain based throttling
if (synLog.isTraceOrDebugEnabled()) {
synLog.traceOrDebug("The Domain Name of the caller is :" + domainName);
}
// loads the DomainBasedThrottleContext
ThrottleContext context = throttle.getThrottleContext(ThrottleConstants.DOMAIN_BASED_THROTTLE_KEY);
if (context != null) {
// loads the DomainBasedThrottleConfiguration
ThrottleConfiguration config = context.getThrottleConfiguration();
if (config != null) {
// checks the availability of a policy configuration for this domain name
callerId = config.getConfigurationKeyOfCaller(domainName);
if (callerId != null) {
// If this is a clustered env.
if (isClusteringEnable) {
context.setConfigurationContext(cc);
context.setThrottleId(id);
}
try {
// Checks for access state
AccessInformation accessInformation = accessControler.canAccess(context, callerId, ThrottleConstants.DOMAIN_BASE);
canAccess = accessInformation.isAccessAllowed();
if (synLog.isTraceOrDebugEnabled()) {
synLog.traceOrDebug("Access " + (canAccess ? "allowed" : "denied") + " for Domain Name : " + domainName);
}
// if the access has denied by rate based throttling
if (!canAccess && concurrentAccessController != null) {
concurrentAccessController.incrementAndGet();
if (isClusteringEnable) {
dataHolder.setConcurrentAccessController(key, concurrentAccessController);
}
}
} catch (ThrottleException e) {
handleException("Error occurred during throttling", e, synCtx);
}
}
}
}
} else {
synLog.traceOrDebug("The Domain name of the caller cannot be found");
}
// therefore trying to find a configuration policy based on remote caller ip
if (callerId == null) {
// do the IP-based throttling
if (remoteIP == null) {
if (synLog.isTraceOrDebugEnabled()) {
synLog.traceOrDebug("The IP address of the caller cannot be found");
}
canAccess = true;
} else {
if (synLog.isTraceOrDebugEnabled()) {
synLog.traceOrDebug("The IP Address of the caller is :" + remoteIP);
}
try {
// Loads the IPBasedThrottleContext
ThrottleContext context = throttle.getThrottleContext(ThrottleConstants.IP_BASED_THROTTLE_KEY);
if (context != null) {
// Loads the IPBasedThrottleConfiguration
ThrottleConfiguration config = context.getThrottleConfiguration();
if (config != null) {
// Checks the availability of a policy configuration for this ip
callerId = config.getConfigurationKeyOfCaller(remoteIP);
if (callerId != null) {
// For clustered env.
if (isClusteringEnable) {
context.setConfigurationContext(cc);
context.setThrottleId(id);
}
// Checks access state
AccessInformation accessInformation = accessControler.canAccess(context, callerId, ThrottleConstants.IP_BASE);
canAccess = accessInformation.isAccessAllowed();
if (synLog.isTraceOrDebugEnabled()) {
synLog.traceOrDebug("Access " + (canAccess ? "allowed" : "denied") + " for IP : " + remoteIP);
}
// if the access has denied by rate based throttling
if (!canAccess && concurrentAccessController != null) {
concurrentAccessController.incrementAndGet();
if (isClusteringEnable) {
dataHolder.setConcurrentAccessController(key, concurrentAccessController);
}
}
}
}
}
} catch (ThrottleException e) {
handleException("Error occurred during throttling", e, synCtx);
}
}
}
return canAccess;
}
Aggregations