use of org.apache.synapse.commons.throttle.module.utils.impl.DummyAuthenticator in project wso2-synapse by wso2.
the class ThrottleHandler method doRoleBasedAccessThrottling.
/**
* Helper method for handling role based Access throttling
*
* @param messageContext MessageContext - message level states
* @return true if access is allowed through concurrent throttling ,o.w false
*/
private boolean doRoleBasedAccessThrottling(Throttle throttle, MessageContext messageContext) throws AxisFault, ThrottleException {
boolean canAccess = true;
if (throttle.getThrottleContext(ThrottleConstants.ROLE_BASED_THROTTLE_KEY) == null) {
// if no role base throttle config return immediately
return canAccess;
}
ConfigurationContext cc = messageContext.getConfigurationContext();
String throttleId = throttle.getId();
// acquiring cache manager.
Cache<String, ConcurrentAccessController> cache;
CacheManager cacheManager = Caching.getCacheManagerFactory().getCacheManager(THROTTLING_CACHE_MANAGER);
if (cacheManager != null) {
cache = cacheManager.getCache(THROTTLING_CACHE);
} else {
cache = Caching.getCacheManager().getCache(THROTTLING_CACHE);
}
if (log.isDebugEnabled()) {
log.debug("created throttling cache : " + cache);
}
String key = null;
ConcurrentAccessController cac = null;
key = ThrottleConstants.THROTTLE_PROPERTY_PREFIX + throttleId + ThrottleConstants.CAC_SUFFIX;
cac = cache.get(key);
if (messageContext.getFLOW() == MessageContext.IN_FLOW) {
// gets the remote caller role name
String consumerKey = null;
boolean isAuthenticated = false;
String roleID = null;
HttpServletRequest request = (HttpServletRequest) messageContext.getPropertyNonReplicable(HTTPConstants.MC_HTTP_SERVLETREQUEST);
if (request != null) {
String oAuthHeader = request.getHeader("OAuth");
// consumerKey = Utils.extractCustomerKeyFromAuthHeader(oAuthHeader);
// roleID = Utils.extractCustomerKeyFromAuthHeader(oAuthHeader);
DummyAuthenticator authFuture = new DummyAuthenticator(oAuthHeader);
consumerKey = authFuture.getAPIKey();
new DummyHandler().authenticateUser(authFuture);
roleID = (String) authFuture.getAuthorizedRoles().get(0);
isAuthenticated = authFuture.isAuthenticated();
}
if (!isAuthenticated) {
throw new AxisFault(" Access deny for a " + "caller with consumer Key: " + consumerKey + " " + " : Reason : Authentication failure");
}
// Domain name based throttling
// check whether a configuration has been defined for this role name or not
String consumerRoleID = null;
if (consumerKey != null && isAuthenticated) {
// loads the ThrottleContext
ThrottleContext context = throttle.getThrottleContext(ThrottleConstants.ROLE_BASED_THROTTLE_KEY);
if (context != null) {
// Loads the ThrottleConfiguration
ThrottleConfiguration config = context.getThrottleConfiguration();
if (config != null) {
// check for configuration for this caller
consumerRoleID = config.getConfigurationKeyOfCaller(roleID);
if (consumerRoleID != null) {
context.setThrottleId(throttleId);
AccessInformation infor = roleBasedAccessController.canAccess(context, consumerKey, consumerRoleID);
StatCollector.collect(infor, consumerKey, ThrottleConstants.ROLE_BASE);
// check for the permission for access
if (!infor.isAccessAllowed()) {
// if the access has denied by rate based throttling
if (cac != null) {
cac.incrementAndGet();
cache.put(key, cac);
if (debugOn) {
log.debug("Added the state of ConcurrentAccessController " + "to cache with key : " + key);
}
}
throw new AxisFault(" Access deny for a " + "caller with Domain " + consumerKey + " " + " : Reason : " + infor.getFaultReason());
}
} else {
if (debugOn) {
log.debug("Could not find the Throttle Context for role-Based " + "Throttling for role name " + consumerKey + " Throttling for this " + "role name may not be configured from policy");
}
}
}
}
} else {
if (debugOn) {
log.debug("Could not find the role of the caller - role based throttling NOT applied");
}
}
}
return canAccess;
}
Aggregations