[jboss-cvs] JBossAS SVN: r94416 - in branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security: plugins and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Oct 6 11:23:48 EDT 2009
Author: mmoyses
Date: 2009-10-06 11:23:48 -0400 (Tue, 06 Oct 2009)
New Revision: 94416
Added:
branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/auth/AuthenticationCacheFlushThread.java
branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/auth/AuthenticationTimedCachePolicy.java
Modified:
branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/plugins/JaasSecurityManagerServiceMBean.java
Log:
JBPAPP-2890: active flushing of the authentication cache
Added: branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/auth/AuthenticationCacheFlushThread.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/auth/AuthenticationCacheFlushThread.java (rev 0)
+++ branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/auth/AuthenticationCacheFlushThread.java 2009-10-06 15:23:48 UTC (rev 94416)
@@ -0,0 +1,97 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth;
+
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map.Entry;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.plugins.JaasSecurityManagerService;
+import org.jboss.security.plugins.SecurityDomainContext;
+import org.jboss.util.CachePolicy;
+import org.jboss.util.TimedCachePolicy;
+
+import EDU.oswego.cs.dl.util.concurrent.ConcurrentReaderHashMap;
+
+public class AuthenticationCacheFlushThread extends Thread
+{
+ private static Logger log = Logger.getLogger(AuthenticationCacheFlushThread.class);
+
+ private static ConcurrentReaderHashMap securityMgrMap;
+
+ public AuthenticationCacheFlushThread(ConcurrentReaderHashMap securityMgrMap)
+ {
+ super("AuthenticationCacheFlushThread");
+ this.securityMgrMap = securityMgrMap;
+ }
+
+ public void run()
+ {
+ if (log.isDebugEnabled())
+ log.debug("Starting authentication cache flush thread");
+ while (true)
+ {
+ if (log.isTraceEnabled())
+ log.trace("Running authentication cache flush thread");
+ // scan all security domains
+ for (Iterator iterator = securityMgrMap.entrySet().iterator(); iterator.hasNext();)
+ {
+ Entry entry = (Entry) iterator.next();
+ String securityDomain = (String) entry.getKey();
+ SecurityDomainContext securityDomainCtx = (SecurityDomainContext) entry.getValue();
+ CachePolicy cache = securityDomainCtx.getAuthenticationCache();
+ AuthenticationTimedCachePolicy timedCache = null;
+ if (cache instanceof TimedCachePolicy)
+ {
+ timedCache = (AuthenticationTimedCachePolicy) cache;
+ }
+ if (timedCache != null)
+ {
+ if (log.isDebugEnabled())
+ log.debug("Scanning security domain " + securityDomain + " for expired entries");
+ List expiredEntries = timedCache.getInvalidKeys();
+ if (log.isTraceEnabled())
+ log.trace("Found " + expiredEntries.size() + " expired entries");
+ for (Iterator iterator2 = expiredEntries.iterator(); iterator2.hasNext();)
+ {
+ Object expiredEntry = iterator2.next();
+ timedCache.remove(expiredEntry);
+ }
+ }
+ }
+ try
+ {
+ if (this.isInterrupted() == false)
+ Thread.sleep(JaasSecurityManagerService.getAuthCacheFlushPeriod() * 1000);
+ else
+ break;
+ }
+ catch (InterruptedException ie)
+ {
+ break;
+ }
+ }
+ if (log.isDebugEnabled())
+ log.debug("Stopping authentication cache flush thread");
+ }
+}
Added: branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/auth/AuthenticationTimedCachePolicy.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/auth/AuthenticationTimedCachePolicy.java (rev 0)
+++ branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/auth/AuthenticationTimedCachePolicy.java 2009-10-06 15:23:48 UTC (rev 94416)
@@ -0,0 +1,61 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+import org.jboss.util.TimedCachePolicy;
+
+/**
+ * Implementation of TimedCachePolicy that also returns invalid keys
+ *
+ * @author <a href="mmoyses at redhat.com">Marcus Moyses</a>
+ * @version $Revision: 1 $
+ */
+public class AuthenticationTimedCachePolicy extends TimedCachePolicy
+{
+ public AuthenticationTimedCachePolicy(int defaultCacheTimeout, boolean b, int defaultCacheResolution)
+ {
+ super(defaultCacheTimeout,b, defaultCacheResolution);
+ }
+
+ public List getInvalidKeys()
+ {
+ ArrayList invalidKeys = new ArrayList();
+ synchronized (entryMap)
+ {
+ Iterator iter = entryMap.entrySet().iterator();
+ while (iter.hasNext())
+ {
+ Map.Entry entry = (Map.Entry) iter.next();
+ TimedEntry value = (TimedEntry) entry.getValue();
+ if (value.isCurrent(now) == false)
+ invalidKeys.add(entry.getKey());
+ }
+ }
+ return invalidKeys;
+ }
+
+}
Modified: branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java 2009-10-06 15:05:13 UTC (rev 94415)
+++ branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java 2009-10-06 15:23:48 UTC (rev 94416)
@@ -21,6 +21,7 @@
*/
package org.jboss.security.plugins;
+import java.beans.PropertyEditorManager;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
@@ -28,11 +29,10 @@
import java.security.Principal;
import java.util.Enumeration;
import java.util.Hashtable;
-import java.util.Set;
+import java.util.Iterator;
import java.util.List;
import java.util.Map;
-import java.util.Iterator;
-import java.beans.PropertyEditorManager;
+import java.util.Set;
import javax.naming.CommunicationException;
import javax.naming.Context;
@@ -47,15 +47,17 @@
import javax.naming.Reference;
import javax.naming.StringRefAddr;
import javax.naming.spi.ObjectFactory;
+import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import org.jboss.logging.Logger;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.SecurityAssociation;
+import org.jboss.security.SecurityDomain;
import org.jboss.security.SecurityProxyFactory;
-import org.jboss.security.SecurityDomain;
+import org.jboss.security.auth.AuthenticationCacheFlushThread;
+import org.jboss.security.auth.AuthenticationTimedCachePolicy;
import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler;
import org.jboss.security.jacc.SubjectPolicyContextHandler;
import org.jboss.security.propertyeditor.PrincipalEditor;
@@ -63,6 +65,7 @@
import org.jboss.system.ServiceMBeanSupport;
import org.jboss.util.CachePolicy;
import org.jboss.util.TimedCachePolicy;
+
import EDU.oswego.cs.dl.util.concurrent.ConcurrentReaderHashMap;
/**
@@ -118,6 +121,11 @@
/** The default unauthenticated principal */
private static String defaultUnauthenticatedPrincipal = "Unauthenticated Principal";
+
+ /** Frequency of the thread cleaning the authentication cache of expired entries */
+ private static int defaultCacheFlushPeriod = 0;
+ /** Thread to cleanup the authentication cache */
+ private static AuthenticationCacheFlushThread authCacheFlushThread;
static
{
@@ -284,7 +292,42 @@
+ securityDomain + "'");
}
}
+
+ /**
+ * Get the authentication cache flush period
+ * @return period in seconds
+ */
+ public int getDefaultCacheFlushPeriod()
+ {
+ return defaultCacheFlushPeriod;
+ }
+ /**
+ * Set the authentication cache flush period
+ *
+ * @param flushPeriodInSecs
+ */
+ public void setDefaultCacheFlushPeriod(int flushPeriodInSecs)
+ {
+ this.defaultCacheFlushPeriod = flushPeriodInSecs;
+ if (defaultCacheFlushPeriod == 0 && authCacheFlushThread != null)
+ {
+ authCacheFlushThread.interrupt();
+ authCacheFlushThread = null;
+ }
+ if (defaultCacheFlushPeriod > 0 && authCacheFlushThread == null)
+ {
+ authCacheFlushThread = new AuthenticationCacheFlushThread(securityDomainCtxMap);
+ authCacheFlushThread.start();
+ }
+ }
+
+ /** Static method to make attribute globally available */
+ public static int getAuthCacheFlushPeriod()
+ {
+ return defaultCacheFlushPeriod;
+ }
+
/** flush the cache policy for the indicated security domain if one exists.
* @param securityDomain the name of the security domain cache
*/
@@ -453,6 +496,12 @@
ref = new Reference("javax.naming.Context", refAddr, factoryName, null);
ctx.rebind(DEFAULT_CACHE_POLICY_PATH, ref);
log.debug("cachePolicyCtxPath="+cacheJndiName);
+ // start the authentication cache flush thread
+ if (defaultCacheFlushPeriod > 0 && authCacheFlushThread == null)
+ {
+ authCacheFlushThread = new AuthenticationCacheFlushThread(securityDomainCtxMap);
+ authCacheFlushThread.start();
+ }
// Bind the default SecurityProxyFactory instance under java:/SecurityProxyFactory
SecurityProxyFactory proxyFactory = (SecurityProxyFactory) securityProxyFactoryClass.newInstance();
@@ -485,6 +534,11 @@
{
ic.close();
}
+ if (authCacheFlushThread != null)
+ {
+ authCacheFlushThread.interrupt();
+ authCacheFlushThread = null;
+ }
}
/** Register a SecurityDomain implmentation. This is synchronized to ensure
@@ -806,7 +860,7 @@
*/
public Object invoke(Object obj, Method method, Object[] args) throws Throwable
{
- TimedCachePolicy cachePolicy = new TimedCachePolicy(defaultCacheTimeout,
+ TimedCachePolicy cachePolicy = new AuthenticationTimedCachePolicy(defaultCacheTimeout,
true, defaultCacheResolution);
cachePolicy.create();
cachePolicy.start();
Modified: branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/plugins/JaasSecurityManagerServiceMBean.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/plugins/JaasSecurityManagerServiceMBean.java 2009-10-06 15:05:13 UTC (rev 94415)
+++ branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/plugins/JaasSecurityManagerServiceMBean.java 2009-10-06 15:23:48 UTC (rev 94416)
@@ -23,6 +23,7 @@
import java.security.Principal;
import java.util.List;
+
import javax.management.ObjectName;
import org.jboss.mx.util.ObjectNameFactory;
@@ -198,4 +199,16 @@
* @return
*/
String displayJCAInformation();
+
+ /**
+ * Get the authentication cache flush period
+ * @return period in seconds
+ */
+ int getDefaultCacheFlushPeriod();
+
+ /**
+ * Set the authentication cache flush period
+ * @param flushPeriodInSecs
+ */
+ void setDefaultCacheFlushPeriod(int flushPeriodInSecs);
}
More information about the jboss-cvs-commits
mailing list