Author: coheigea
Date: Tue May 29 10:31:15 2012
New Revision: 1343652
URL: http://svn.apache.org/viewvc?rev=1343652&view=rev
Log:
Making sure that the EhCache stuff gets shut down properly in Fediz
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/EHCacheTokenReplayCache.java
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/InMemoryTokenReplayCache.java
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationConfigurator.java
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
cxf/fediz/trunk/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/EHCacheTokenReplayCache.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/EHCacheTokenReplayCache.java?rev=1343652&r1=1343651&r2=1343652&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/EHCacheTokenReplayCache.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/EHCacheTokenReplayCache.java
Tue May 29 10:31:15 2012
@@ -19,7 +19,6 @@
package org.apache.cxf.fediz.core;
-import java.io.Closeable;
import java.io.IOException;
import java.net.URL;
@@ -34,7 +33,7 @@ import org.apache.ws.security.util.Loade
* An in-memory EHCache implementation of the TokenReplayCache interface.
* The default TTL is 60 minutes and the max TTL is 12 hours.
*/
-public class EHCacheTokenReplayCache implements TokenReplayCache<String>,
Closeable {
+public class EHCacheTokenReplayCache implements TokenReplayCache<String> {
public static final long DEFAULT_TTL = 3600L;
public static final long MAX_TTL = DEFAULT_TTL * 12L;
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java?rev=1343652&r1=1343651&r2=1343652&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
Tue May 29 10:31:15 2012
@@ -53,25 +53,11 @@ public class FederationProcessorImpl imp
private static final Logger LOG =
LoggerFactory.getLogger(FederationProcessorImpl.class);
- private TokenReplayCache<String> replayCache;
-
/**
* Default constructor
*/
public FederationProcessorImpl() {
super();
- replayCache = new EHCacheTokenReplayCache();
- }
-
- /**
- *
- * @param replayCache
- * plugable token cache allowing to provide a replicated cache
to
- * be used in clustered scenarios
- */
- public FederationProcessorImpl(TokenReplayCache<String> replayCache) {
- super();
- this.replayCache = replayCache;
}
@Override
@@ -174,7 +160,7 @@ public class FederationProcessorImpl imp
// Check whether token has already been processed once, prevent
// replay attack
- if (replayCache.getId(response.getUniqueTokenId()) == null) {
+ if
(config.getTokenReplayCache().getId(response.getUniqueTokenId()) == null) {
// not cached
Date expires = null;
if (lifeTime != null && lifeTime.getExpires() != null) {
@@ -185,9 +171,9 @@ public class FederationProcessorImpl imp
if (expires != null) {
Date currentTime = new Date();
long ttl = expires.getTime() - currentTime.getTime();
- replayCache.putId(response.getUniqueTokenId(), ttl /
1000L);
+
config.getTokenReplayCache().putId(response.getUniqueTokenId(), ttl / 1000L);
} else {
- replayCache.putId(response.getUniqueTokenId());
+
config.getTokenReplayCache().putId(response.getUniqueTokenId());
}
} else {
LOG.error("Replay attack with token id: "
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/InMemoryTokenReplayCache.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/InMemoryTokenReplayCache.java?rev=1343652&r1=1343651&r2=1343652&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/InMemoryTokenReplayCache.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/InMemoryTokenReplayCache.java
Tue May 29 10:31:15 2012
@@ -19,6 +19,7 @@
package org.apache.cxf.fediz.core;
+import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
@@ -67,5 +68,14 @@ public final class InMemoryTokenReplayCa
cache.add(id);
}
+ @Override
+ public void close() throws IOException {
+ if (cache != null) {
+ cache.clear();
+ cache = null;
+ }
+ instance = null;
+ }
+
}
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java?rev=1343652&r1=1343651&r2=1343652&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java
Tue May 29 10:31:15 2012
@@ -19,11 +19,16 @@
package org.apache.cxf.fediz.core;
-public interface TokenReplayCache<T> {
+import java.io.Closeable;
+import java.io.IOException;
+
+public interface TokenReplayCache<T> extends Closeable {
T getId(T id);
void putId(T id);
void putId(T id, long timeToLive);
+
+ void close() throws IOException;
}
\ No newline at end of file
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationConfigurator.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationConfigurator.java?rev=1343652&r1=1343651&r2=1343652&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationConfigurator.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationConfigurator.java
Tue May 29 10:31:15 2012
@@ -36,16 +36,27 @@ public class FederationConfigurator {
private FedizConfig rootConfig;
private JAXBContext jaxbContext;
+
+ private List<FederationContext> federationContextList;
public FedizConfig loadConfig(File f) throws JAXBException {
rootConfig = (FedizConfig)
getJaxbContext().createUnmarshaller().unmarshal(f);
+ parseFederationContextList();
return rootConfig;
}
public FedizConfig loadConfig(Reader reader) throws JAXBException {
rootConfig = (FedizConfig)
getJaxbContext().createUnmarshaller().unmarshal(reader);
+ parseFederationContextList();
return rootConfig;
}
+
+ private void parseFederationContextList() {
+ federationContextList = new ArrayList<FederationContext>();
+ for (ContextConfig config : rootConfig.getContextConfig()) {
+ federationContextList.add(new FederationContext(config));
+ }
+ }
public void saveConfiguration(File f) throws JAXBException {
if (f.canWrite()) {
@@ -65,19 +76,23 @@ public class FederationConfigurator {
}
public List<FederationContext> getFederationContextList() {
- List<FederationContext> ctxList = new ArrayList<FederationContext>();
- for (ContextConfig config : rootConfig.getContextConfig()) {
- ctxList.add(new FederationContext(config));
- }
- return ctxList;
+ return federationContextList;
}
public FederationContext getFederationContext(String contextName) {
- ContextConfig config = getContextConfig(contextName);
- if (config == null) {
- return null;
+ if (contextName == null || contextName.isEmpty()) {
+ throw new IllegalArgumentException("Invalid Context Name '" +
contextName + "'");
+ }
+ if (rootConfig == null) {
+ throw new IllegalArgumentException("No configuration loaded");
}
- return new FederationContext(config);
+ for (FederationContext fedContext : federationContextList) {
+ if (fedContext.getName().equals(contextName)) {
+ return fedContext;
+ }
+ }
+
+ return null;
}
public ContextConfig getContextConfig(String contextName) throws
IllegalArgumentException {
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java?rev=1343652&r1=1343651&r2=1343652&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
Tue May 29 10:31:15 2012
@@ -19,10 +19,14 @@
package org.apache.cxf.fediz.core.config;
+import java.io.Closeable;
+import java.io.IOException;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.List;
+import org.apache.cxf.fediz.core.EHCacheTokenReplayCache;
+import org.apache.cxf.fediz.core.TokenReplayCache;
import org.apache.cxf.fediz.core.config.jaxb.CertificateStores;
import org.apache.cxf.fediz.core.config.jaxb.ContextConfig;
import org.apache.cxf.fediz.core.config.jaxb.FederationProtocolType;
@@ -31,13 +35,16 @@ import org.apache.cxf.fediz.core.config.
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType;
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuers;
-public class FederationContext {
+import org.apache.ws.security.util.Loader;
+
+public class FederationContext implements Closeable {
private ContextConfig config;
private boolean detectExpiredTokens = true;
private boolean detectReplayedTokens = true;
private String relativePath;
+ private TokenReplayCache<String> replayCache;
public FederationContext(ContextConfig config) {
this.config = config;
@@ -83,6 +90,29 @@ public class FederationContext {
}
return null;
}
+
+ @SuppressWarnings("unchecked")
+ public TokenReplayCache<String> getTokenReplayCache() {
+ if (replayCache != null) {
+ return replayCache;
+ }
+ String replayCacheString = config.getTokenReplayCache();
+ if (replayCacheString == null || "".equals(replayCacheString)) {
+ replayCache = new EHCacheTokenReplayCache();
+ } else {
+ try {
+ Class<?> replayCacheClass =
Loader.loadClass(replayCacheString);
+ replayCache = (TokenReplayCache<String>)
replayCacheClass.newInstance();
+ } catch (ClassNotFoundException e) {
+ replayCache = new EHCacheTokenReplayCache();
+ } catch (InstantiationException e) {
+ replayCache = new EHCacheTokenReplayCache();
+ } catch (IllegalAccessException e) {
+ replayCache = new EHCacheTokenReplayCache();
+ }
+ }
+ return replayCache;
+ }
public String getName() {
return config.getName();
@@ -174,4 +204,11 @@ public class FederationContext {
return relativePath;
}
+ @Override
+ public void close() throws IOException {
+ if (replayCache != null) {
+ replayCache.close();
+ }
+ }
+
}
Modified:
cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd?rev=1343652&r1=1343651&r2=1343652&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd Tue
May 29 10:31:15 2012
@@ -16,6 +16,7 @@
<xs:element ref="certificateValidation" />
<xs:element ref="certificateStores" />
<xs:element ref="maximumClockSkew" />
+ <xs:element ref="tokenReplayCache" />
<xs:element ref="serviceCertificate" />
<xs:element ref="trustedIssuers" />
<xs:element ref="protocol" />
@@ -76,6 +77,8 @@
<xs:element name="maximumClockSkew" type="xs:integer" />
+
+ <xs:element name="tokenReplayCache" type="xs:string" />
<!-- keystore type -->
<xs:element name="serviceCertificate" type="KeyManagersType" />
@@ -229,7 +232,7 @@
<xs:attribute name="password" type="xs:string">
<xs:annotation>
<xs:documentation>
- This attribute specifes the integrity
password for
+ This attribute specifies the integrity
password for
the keystore.
This is not the password that unlock
keys within the
keystore.
Modified:
cxf/fediz/trunk/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java?rev=1343652&r1=1343651&r2=1343652&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
(original)
+++
cxf/fediz/trunk/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
Tue May 29 10:31:15 2012
@@ -110,6 +110,23 @@ public class FederationAuthenticator ext
super.startInternal();
}
+
+ @Override
+ protected synchronized void stopInternal() throws LifecycleException {
+ if (configurator != null) {
+ List<FederationContext> fedContextList =
configurator.getFederationContextList();
+ if (fedContextList != null) {
+ for (FederationContext fedContext : fedContextList) {
+ try {
+ fedContext.close();
+ } catch (IOException ex) {
+ //
+ }
+ }
+ }
+ }
+ super.stopInternal();
+ }
private FederationContext getContextConfiguration(String contextName) {
if (configurator == null) {
