[jboss-cvs] JBossAS SVN: r94167 - in trunk/security/src/main/java/org/jboss/security: integration and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Sep 30 11:48:44 EDT 2009
Author: mmoyses
Date: 2009-09-30 11:48:43 -0400 (Wed, 30 Sep 2009)
New Revision: 94167
Added:
trunk/security/src/main/java/org/jboss/security/auth/AuthenticationCacheFlushThread.java
trunk/security/src/main/java/org/jboss/security/auth/AuthenticationTimedCachePolicy.java
Modified:
trunk/security/src/main/java/org/jboss/security/integration/JNDIBasedSecurityManagement.java
trunk/security/src/main/java/org/jboss/security/integration/SecurityConstantsBridge.java
trunk/security/src/main/java/org/jboss/security/plugins/JaasSecurityManagerService.java
trunk/security/src/main/java/org/jboss/security/plugins/JaasSecurityManagerServiceMBean.java
Log:
JBAS-3986: created thread for active flushing of the authentication cache
Added: trunk/security/src/main/java/org/jboss/security/auth/AuthenticationCacheFlushThread.java
===================================================================
--- trunk/security/src/main/java/org/jboss/security/auth/AuthenticationCacheFlushThread.java (rev 0)
+++ trunk/security/src/main/java/org/jboss/security/auth/AuthenticationCacheFlushThread.java 2009-09-30 15:48:43 UTC (rev 94167)
@@ -0,0 +1,95 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth;
+
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map.Entry;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.integration.SecurityConstantsBridge;
+import org.jboss.security.plugins.SecurityDomainContext;
+import org.jboss.util.CachePolicy;
+import org.jboss.util.TimedCachePolicy;
+
+public class AuthenticationCacheFlushThread extends Thread
+{
+ private static Logger log = Logger.getLogger(AuthenticationCacheFlushThread.class);
+
+ private static ConcurrentHashMap<String,SecurityDomainContext> securityMgrMap;
+
+ public AuthenticationCacheFlushThread(ConcurrentHashMap<String,SecurityDomainContext> securityMgrMap)
+ {
+ super("AuthenticationCacheFlushThread");
+ this.securityMgrMap = securityMgrMap;
+ }
+
+ public void run()
+ {
+ if (log.isDebugEnabled())
+ log.debug("Starting authentication cache flush thread");
+ while (true)
+ {
+ if (log.isTraceEnabled())
+ log.trace("Running authentication cache flush thread");
+ // scan all security domains
+ for (Entry<String, SecurityDomainContext> entry : securityMgrMap.entrySet())
+ {
+ String securityDomain = entry.getKey();
+ SecurityDomainContext securityDomainCtx = entry.getValue();
+ CachePolicy cache = securityDomainCtx.getAuthenticationCache();
+ AuthenticationTimedCachePolicy timedCache = null;
+ if (cache instanceof TimedCachePolicy)
+ {
+ timedCache = (AuthenticationTimedCachePolicy) cache;
+ }
+ if (timedCache != null)
+ {
+ if (log.isDebugEnabled())
+ log.debug("Scanning security domain " + securityDomain + " for expired entries");
+ List expiredEntries = timedCache.getInvalidKeys();
+ if (log.isTraceEnabled())
+ log.trace("Found " + expiredEntries.size() + " expired entries");
+ for (Iterator iterator = expiredEntries.iterator(); iterator.hasNext();)
+ {
+ Object expiredEntry = iterator.next();
+ timedCache.remove(expiredEntry);
+ }
+ }
+ }
+ try
+ {
+ if (this.isInterrupted() == false)
+ Thread.sleep(SecurityConstantsBridge.defaultCacheFlushPeriod * 1000);
+ else
+ break;
+ }
+ catch (InterruptedException ie)
+ {
+ break;
+ }
+ }
+ if (log.isDebugEnabled())
+ log.debug("Stopping authentication cache flush thread");
+ }
+}
Added: trunk/security/src/main/java/org/jboss/security/auth/AuthenticationTimedCachePolicy.java
===================================================================
--- trunk/security/src/main/java/org/jboss/security/auth/AuthenticationTimedCachePolicy.java (rev 0)
+++ trunk/security/src/main/java/org/jboss/security/auth/AuthenticationTimedCachePolicy.java 2009-09-30 15:48:43 UTC (rev 94167)
@@ -0,0 +1,61 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+import org.jboss.util.TimedCachePolicy;
+
+/**
+ * Implementation of TimedCachePolicy that also returns invalid keys
+ *
+ * @author <a href="mmoyses at redhat.com">Marcus Moyses</a>
+ * @version $Revision: 1 $
+ */
+public class AuthenticationTimedCachePolicy extends TimedCachePolicy
+{
+ public AuthenticationTimedCachePolicy(int defaultCacheTimeout, boolean b, int defaultCacheResolution)
+ {
+ super(defaultCacheTimeout,b, defaultCacheResolution);
+ }
+
+ public List getInvalidKeys()
+ {
+ ArrayList invalidKeys = new ArrayList();
+ synchronized (entryMap)
+ {
+ Iterator iter = entryMap.entrySet().iterator();
+ while (iter.hasNext())
+ {
+ Map.Entry entry = (Map.Entry) iter.next();
+ TimedEntry value = (TimedEntry) entry.getValue();
+ if (value.isCurrent(now) == false)
+ invalidKeys.add(entry.getKey());
+ }
+ }
+ return invalidKeys;
+ }
+
+}
Modified: trunk/security/src/main/java/org/jboss/security/integration/JNDIBasedSecurityManagement.java
===================================================================
--- trunk/security/src/main/java/org/jboss/security/integration/JNDIBasedSecurityManagement.java 2009-09-30 15:29:06 UTC (rev 94166)
+++ trunk/security/src/main/java/org/jboss/security/integration/JNDIBasedSecurityManagement.java 2009-09-30 15:48:43 UTC (rev 94167)
@@ -43,6 +43,8 @@
import org.jboss.security.ISecurityManagement;
import org.jboss.security.SecurityConstants;
import org.jboss.security.audit.AuditManager;
+import org.jboss.security.auth.AuthenticationCacheFlushThread;
+import org.jboss.security.auth.AuthenticationTimedCachePolicy;
import org.jboss.security.auth.callback.JBossCallbackHandler;
import org.jboss.security.config.SecurityConfiguration;
import org.jboss.security.identitytrust.IdentityTrustManager;
@@ -98,6 +100,9 @@
private transient ConcurrentHashMap<String,AuditManager> auditMgrMap = null;
private transient ConcurrentHashMap<String,IdentityTrustManager> idmMgrMap = null;
+ /** Thread to cleanup the authentication cache */
+ private static AuthenticationCacheFlushThread authCacheFlushThread;
+
public JNDIBasedSecurityManagement()
{
initialize();
@@ -337,6 +342,11 @@
{
SecurityConstantsBridge.defaultCacheResolution = defaultCacheResolution;
}
+
+ public static void setDefaultCacheFlushPeriod(int flushPeriodInSecs)
+ {
+ SecurityConstantsBridge.defaultCacheFlushPeriod = flushPeriodInSecs;
+ }
@ManagementOperation(description = "Create the context for the specified security domain",
params = {@ManagementParameter(name = "securityDomain", description = "The security domain name")})
@@ -512,7 +522,7 @@
private CachePolicy createDefaultCachePolicy()
{
TimedCachePolicy cachePolicy =
- new TimedCachePolicy(SecurityConstantsBridge.defaultCacheTimeout,
+ new AuthenticationTimedCachePolicy(SecurityConstantsBridge.defaultCacheTimeout,
true,
SecurityConstantsBridge.defaultCacheResolution);
cachePolicy.create();
@@ -557,4 +567,20 @@
if(callBackHandler == null)
callBackHandler = new JBossCallbackHandler();
}
+
+ public void start()
+ {
+ // start the authentication cache flush thread
+ if (SecurityConstantsBridge.defaultCacheFlushPeriod > 0)
+ {
+ authCacheFlushThread = new AuthenticationCacheFlushThread(securityMgrMap);
+ authCacheFlushThread.start();
+ }
+ }
+
+ public void stop()
+ {
+ if (authCacheFlushThread != null)
+ authCacheFlushThread.interrupt();
+ }
}
\ No newline at end of file
Modified: trunk/security/src/main/java/org/jboss/security/integration/SecurityConstantsBridge.java
===================================================================
--- trunk/security/src/main/java/org/jboss/security/integration/SecurityConstantsBridge.java 2009-09-30 15:29:06 UTC (rev 94166)
+++ trunk/security/src/main/java/org/jboss/security/integration/SecurityConstantsBridge.java 2009-09-30 15:48:43 UTC (rev 94167)
@@ -33,5 +33,7 @@
public class SecurityConstantsBridge
{
public static int defaultCacheTimeout = 30*60;
- public static int defaultCacheResolution = 60;
+ public static int defaultCacheResolution = 60;
+ /** Frequency of the thread cleaning the authentication cache of expired entries */
+ public static int defaultCacheFlushPeriod = 60*60;
}
Modified: trunk/security/src/main/java/org/jboss/security/plugins/JaasSecurityManagerService.java
===================================================================
--- trunk/security/src/main/java/org/jboss/security/plugins/JaasSecurityManagerService.java 2009-09-30 15:29:06 UTC (rev 94166)
+++ trunk/security/src/main/java/org/jboss/security/plugins/JaasSecurityManagerService.java 2009-09-30 15:48:43 UTC (rev 94167)
@@ -124,6 +124,9 @@
/** The default unauthenticated principal */
private static String defaultUnauthenticatedPrincipal = "Unauthenticated Principal";
+ /** Frequency of the thread cleaning the authentication cache of expired entries */
+ private static int defaultCacheFlushPeriod = 60*60;
+
static
{
// Get a log interface, required for some statics below
@@ -294,8 +297,28 @@
//Set the CacheTimeOut on JNDIBasedSecurityManagement
JNDIBasedSecurityManagement.setCacheTimeout(securityDomain, timeoutInSecs, resInSecs);
- }
+ }
+
+ /**
+ * Get the authentication cache flush period
+ * @return period in seconds
+ */
+ public int getDefaultCacheFlushPeriod()
+ {
+ return defaultCacheFlushPeriod;
+ }
+ /**
+ * Set the authentication cache flush period
+ *
+ * @param flushPeriodInSecs
+ */
+ public void setDefaultCacheFlushPeriod(int flushPeriodInSecs)
+ {
+ this.defaultCacheFlushPeriod = flushPeriodInSecs;
+ SecurityConstantsBridge.defaultCacheFlushPeriod = flushPeriodInSecs;
+ }
+
/** flush the cache policy for the indicated security domain if one exists.
* @param securityDomain the name of the security domain cache
*/
Modified: trunk/security/src/main/java/org/jboss/security/plugins/JaasSecurityManagerServiceMBean.java
===================================================================
--- trunk/security/src/main/java/org/jboss/security/plugins/JaasSecurityManagerServiceMBean.java 2009-09-30 15:29:06 UTC (rev 94166)
+++ trunk/security/src/main/java/org/jboss/security/plugins/JaasSecurityManagerServiceMBean.java 2009-09-30 15:48:43 UTC (rev 94167)
@@ -198,4 +198,16 @@
* @return
*/
String displayJCAInformation();
+
+ /**
+ * Get the authentication cache flush period
+ * @return period in seconds
+ */
+ int getDefaultCacheFlushPeriod();
+
+ /**
+ * Set the authentication cache flush period
+ * @param flushPeriodInSecs
+ */
+ void setDefaultCacheFlushPeriod(int flushPeriodInSecs);
}
More information about the jboss-cvs-commits
mailing list