/**
* Helper method for handling role based Access throttling
*
* @param messageContext MessageContext - message level states
* @return true if access is allowed through concurrent throttling ,o.w false
*/
private boolean doRoleBasedAccessThrottling(
Throttle throttle, MessageContext messageContext, boolean isClusteringEnable)
throws AxisFault, ThrottleException {
boolean canAccess = true;
ConfigurationContext cc = messageContext.getConfigurationContext();
String throttleId = throttle.getId();
String key = null;
ConcurrentAccessController cac = null;
if (isClusteringEnable) {
// for clustered env.,gets it from axis configuration context
key = ThrottleConstants.THROTTLE_PROPERTY_PREFIX + throttleId + ThrottleConstants.CAC_SUFFIX;
cac = (ConcurrentAccessController) cc.getProperty(key);
}
if (messageContext.getFLOW() == MessageContext.IN_FLOW) {
// gets the remote caller role name
String consumerKey = null;
boolean isAuthenticated = false;
String roleID = null;
HttpServletRequest request =
(HttpServletRequest)
messageContext.getPropertyNonReplicable(HTTPConstants.MC_HTTP_SERVLETREQUEST);
if (request != null) {
String oAuthHeader = request.getHeader("OAuth");
// consumerKey = Utils.extractCustomerKeyFromAuthHeader(oAuthHeader);
// roleID = Utils.extractCustomerKeyFromAuthHeader(oAuthHeader);
DummyAuthenticator authFuture = new DummyAuthenticator(oAuthHeader);
consumerKey = authFuture.getAPIKey();
new DummyHandler().authenticateUser(authFuture);
roleID = (String) authFuture.getAuthorizedRoles().get(0);
isAuthenticated = authFuture.isAuthenticated();
}
if (!isAuthenticated) {
throw new AxisFault(
" Access deny for a "
+ "caller with consumer Key: "
+ consumerKey
+ " "
+ " : Reason : Authentication failure");
}
// Domain name based throttling
// check whether a configuration has been defined for this role name or not
String consumerRoleID = null;
if (consumerKey != null && isAuthenticated) {
// loads the ThrottleContext
ThrottleContext context =
throttle.getThrottleContext(ThrottleConstants.ROLE_BASED_THROTTLE_KEY);
if (context != null) {
// Loads the ThrottleConfiguration
ThrottleConfiguration config = context.getThrottleConfiguration();
if (config != null) {
// check for configuration for this caller
consumerRoleID = config.getConfigurationKeyOfCaller(roleID);
if (consumerRoleID != null) {
// If this is a clustered env.
if (isClusteringEnable) {
context.setConfigurationContext(cc);
context.setThrottleId(throttleId);
}
AccessInformation infor =
roleBasedAccessController.canAccess(context, consumerKey, consumerRoleID);
StatCollector.collect(infor, consumerKey, ThrottleConstants.ROLE_BASE);
// check for the permission for access
if (!infor.isAccessAllowed()) {
// In the case of both of concurrency throttling and
// rate based throttling have enabled ,
// if the access rate less than maximum concurrent access ,
// then it is possible to occur death situation.To avoid that reset,
// if the access has denied by rate based throttling
if (cac != null) {
cac.incrementAndGet();
// set back if this is a clustered env
if (isClusteringEnable) {
cc.setProperty(key, cac);
// replicate the current state of ConcurrentAccessController
try {
if (debugOn) {
log.debug(
"Going to replicates the "
+ "states of the ConcurrentAccessController"
+ " with key : "
+ key);
}
Replicator.replicate(cc, new String[] {key});
} catch (ClusteringFault clusteringFault) {
log.error("Error during replicating states ", clusteringFault);
}
}
}
throw new AxisFault(
" Access deny for a "
+ "caller with Domain "
+ consumerKey
+ " "
+ " : Reason : "
+ infor.getFaultReason());
}
} else {
if (debugOn) {
log.debug(
"Could not find the Throttle Context for role-Based "
+ "Throttling for role name "
+ consumerKey
+ " Throttling for this "
+ "role name may not be configured from policy");
}
}
}
}
} else {
if (debugOn) {
log.debug("Could not find the role of the caller - role based throttling NOT applied");
}
}
}
return canAccess;
}
public List<Item> fetchItemForHoldings(int holdingsId) throws Exception {
List<Item> itemList = new ArrayList<Item>();
Map<String, Item> itemHashMap = new HashMap<>();
itemPreparedStatement.setInt(1, holdingsId);
ResultSet resultSet = itemPreparedStatement.executeQuery();
Set<String> highDensityStorageSet = null;
Set<String> donorNoteSet = null;
Set<String> itemNoteSet = null;
Set<String> statisticalSearchSet = null;
org.kuali.ole.docstore.common.document.content.instance.Item itemObj = null;
while (resultSet.next()) {
String id = resultSet.getString("ITEM_ID");
if (itemHashMap.containsKey(id)) {
itemObj =
(org.kuali.ole.docstore.common.document.content.instance.Item)
itemHashMap.get(id).getContentObject();
} else {
itemObj = new org.kuali.ole.docstore.common.document.content.instance.Item();
Item item = new Item();
itemList.add(item);
item.setId("wio-" + resultSet.getString("ITEM_ID"));
item.setContentObject(itemObj);
Location location =
getLocationDetails(
resultSet.getString("LOCATION"), resultSet.getString("LOCATION_LEVEL"));
itemObj.setLocation(location);
CallNumber callNumber = new CallNumber();
callNumber.setNumber(resultSet.getString("CALL_NUMBER"));
callNumber.setPrefix(resultSet.getString("CALL_NUMBER_PREFIX"));
ShelvingOrder shelvingOrder = new ShelvingOrder();
if (resultSet.getString("SHELVING_ORDER") != null
&& !"null".equals(resultSet.getString("SHELVING_ORDER"))) {
shelvingOrder.setCodeValue(resultSet.getString("SHELVING_ORDER"));
shelvingOrder.setFullValue(resultSet.getString("SHELVING_ORDER"));
}
callNumber.setShelvingOrder(shelvingOrder);
ShelvingScheme shelvingScheme = new ShelvingScheme();
if (callNumberType.get(resultSet.getString("CALL_NUMBER_TYPE_ID")) != null) {
String[] strings =
callNumberType.get(resultSet.getString("CALL_NUMBER_TYPE_ID")).split("[|]");
shelvingScheme.setCodeValue(strings[0]);
shelvingScheme.setFullValue(strings[1]);
}
callNumber.setShelvingScheme(shelvingScheme);
itemObj.setCallNumber(callNumber);
itemObj.setBarcodeARSL(resultSet.getString("BARCODE_ARSL"));
itemObj.setEnumeration(resultSet.getString("ENUMERATION"));
itemObj.setChronology(resultSet.getString("CHRONOLOGY"));
itemObj.setCopyNumber(resultSet.getString("COPY_NUMBER"));
AccessInformation accessInformation = new AccessInformation();
accessInformation.setBarcode(resultSet.getString("BARCODE"));
Uri uri = new Uri();
uri.setValue(resultSet.getString("URI"));
accessInformation.setUri(uri);
itemObj.setAccessInformation(accessInformation);
itemObj.setPurchaseOrderLineItemIdentifier(
resultSet.getString("PURCHASE_ORDER_LINE_ITEM_ID"));
itemObj.setVendorLineItemIdentifier(resultSet.getString("VENDOR_LINE_ITEM_ID"));
itemObj.setFund(resultSet.getString("FUND"));
itemObj.setPrice(resultSet.getString("PRICE"));
itemObj.setItemStatusEffectiveDate(
convertDateFormat(resultSet.getString("ITEM_STATUS_DATE_UPDATED")));
if (resultSet.getString("FAST_ADD") != null) {
itemObj.setFastAddFlag(
resultSet.getString("FAST_ADD").equalsIgnoreCase("Y") ? Boolean.TRUE : Boolean.FALSE);
}
itemObj.setCheckinNote(resultSet.getString("CHECK_IN_NOTE"));
if (resultSet.getString("CLAIMS_RETURNED") != null) {
itemObj.setClaimsReturnedFlag(
resultSet.getString("CLAIMS_RETURNED").equalsIgnoreCase("Y")
? Boolean.TRUE
: Boolean.FALSE);
}
String claimsReturnFlagCreatedDate = resultSet.getString("CLAIMS_RETURNED_DATE_CREATED");
itemObj.setClaimsReturnedFlagCreateDate(convertDateFormat(claimsReturnFlagCreatedDate));
itemObj.setClaimsReturnedNote(resultSet.getString("CLAIMS_RETURNED_NOTE"));
itemObj.setCurrentBorrower(resultSet.getString("CURRENT_BORROWER"));
itemObj.setProxyBorrower(resultSet.getString("PROXY_BORROWER"));
String dueDateTime = resultSet.getString("DUE_DATE_TIME");
itemObj.setDueDateTime(convertDateFormat(dueDateTime));
String originalDueDate = resultSet.getString("ORG_DUE_DATE_TIME");
itemObj.setOriginalDueDate(convertDateFormat(originalDueDate));
String checkOutDateTime = resultSet.getString("CHECK_OUT_DATE_TIME");
itemObj.setCheckOutDateTime(convertDateFormat(checkOutDateTime));
itemObj.setDamagedItemNote(resultSet.getString("ITEM_DAMAGED_NOTE"));
if (resultSet.getString("ITEM_DAMAGED_STATUS") != null) {
itemObj.setItemDamagedStatus(
resultSet.getString("ITEM_DAMAGED_STATUS").equalsIgnoreCase("Y")
? Boolean.TRUE
: Boolean.FALSE);
}
if (resultSet.getString("MISSING_PIECES") != null) {
itemObj.setMissingPieceFlag(
resultSet.getString("MISSING_PIECES").equalsIgnoreCase("Y")
? Boolean.TRUE
: Boolean.FALSE);
}
itemObj.setMissingPiecesCount(resultSet.getString("MISSING_PIECES_COUNT"));
itemObj.setMissingPieceFlagNote(resultSet.getString("MISSING_PIECES_NOTE"));
itemObj.setMissingPieceEffectiveDate(resultSet.getString("MISSING_PIECES_EFFECTIVE_DATE"));
itemObj.setNumberOfPieces(resultSet.getString("NUM_PIECES"));
itemObj.setDescriptionOfPieces(resultSet.getString("DESC_OF_PIECES"));
itemObj.setNumberOfRenew(resultSet.getInt("NUM_OF_RENEW"));
highDensityStorageSet = new HashSet<>();
itemNoteSet = new HashSet<>();
statisticalSearchSet = new HashSet<>();
donorNoteSet = new HashSet<>();
ItemStatus itemStatus = new ItemStatus();
if (itemStatusMap.containsKey(resultSet.getString("ITEM_STATUS_ID"))) {
String[] strings = itemStatusMap.get(resultSet.getString("ITEM_STATUS_ID")).split("[|]");
itemStatus.setCodeValue(strings[0]);
itemStatus.setFullValue(strings[1]);
}
itemObj.setItemStatus(itemStatus);
ItemType itemType = new ItemType();
if (itemTypeMap.containsKey(resultSet.getString("ITEM_TYPE_ID"))) {
String[] strings = itemTypeMap.get(resultSet.getString("ITEM_TYPE_ID")).split("[|]");
itemType.setCodeValue(strings[0]);
itemType.setFullValue(strings[1]);
}
itemObj.setItemType(itemType);
ItemType tempItemType = new ItemType();
if (itemTypeMap.containsKey(resultSet.getString("TEMP_ITEM_TYPE_ID"))) {
String[] strings = itemTypeMap.get(resultSet.getString("TEMP_ITEM_TYPE_ID")).split("[|]");
tempItemType.setCodeValue(strings[0]);
tempItemType.setFullValue(strings[1]);
}
itemObj.setTemporaryItemType(tempItemType);
item.setContentObject(itemObj);
item.setCreatedBy(resultSet.getString("CREATED_BY"));
item.setCreatedOn(resultSet.getString("DATE_CREATED"));
if (resultSet.getString("STAFF_ONLY") != null) {
item.setStaffOnly(
(resultSet.getString("STAFF_ONLY").equalsIgnoreCase("Y")
? Boolean.TRUE
: Boolean.FALSE));
}
item.setUpdatedBy(resultSet.getString("UPDATED_BY"));
item.setUpdatedOn(resultSet.getString("DATE_UPDATED"));
item.setLastUpdated(resultSet.getString("DATE_UPDATED"));
}
if (itemNoteSet.add(resultSet.getString("ITEM_NOTE_ID"))) {
Note note = new Note();
note.setValue(resultSet.getString("NOTE"));
note.setType(resultSet.getString("TYPE"));
itemObj.getNote().add(note);
}
if (resultSet.getString("STAT_SEARCH_CODE_ID") != null
&& statisticalSearchSet.add(resultSet.getString("STAT_SEARCH_CODE_ID"))) {
String[] strings =
statisticalSearchCodeMap.get(resultSet.getString("STAT_SEARCH_CODE_ID")).split("[|]");
StatisticalSearchingCode statisticalSearchingCode = new StatisticalSearchingCode();
statisticalSearchingCode.setCodeValue(strings[0]);
statisticalSearchingCode.setFullValue(strings[1]);
itemObj.getStatisticalSearchingCode().add(statisticalSearchingCode);
}
if (donorNoteSet.add(resultSet.getString("ITEM_DONOR_ID"))) {
DonorInfo donorInfo = new DonorInfo();
donorInfo.setDonorCode(resultSet.getString("DONOR_CODE"));
donorInfo.setDonorNote(resultSet.getString("DONOR_NOTE"));
donorInfo.setDonorPublicDisplay(resultSet.getString("DONOR_DISPLAY_NOTE"));
itemObj.getDonorInfo().add(donorInfo);
}
if (highDensityStorageSet.add(resultSet.getString("ITEM_DONOR_ID"))) {
HighDensityStorage highDensityStorage = new HighDensityStorage();
highDensityStorage.setRow(resultSet.getString("HIGH_DENSITY_ROW"));
itemObj.setHighDensityStorage(highDensityStorage);
}
}
resultSet.close();
return itemList;
}
/**
* processing through the throttle 1) concurrent throttling 2) access rate based throttling -
* domain or ip
*
* @param throttle The Throttle object - holds all configuration and state data of the throttle
* @param messageContext The MessageContext , that holds all data per message basis
* @throws AxisFault Throws when access must deny for caller
* @throws ThrottleException ThrottleException
*/
public void process(Throttle throttle, MessageContext messageContext)
throws ThrottleException, AxisFault {
String throttleId = throttle.getId();
ConfigurationContext cc = messageContext.getConfigurationContext();
// check the env - whether clustered or not
boolean isClusteringEnable = false;
ClusteringAgent clusteringAgent = null;
if (cc != null) {
clusteringAgent = cc.getAxisConfiguration().getClusteringAgent();
}
if (clusteringAgent != null && clusteringAgent.getStateManager() != null) {
isClusteringEnable = true;
}
// Get the concurrent access controller
ConcurrentAccessController cac;
String key = null;
if (isClusteringEnable) {
// for clustered env.,gets it from axis configuration context
key = ThrottleConstants.THROTTLE_PROPERTY_PREFIX + throttleId + ThrottleConstants.CAC_SUFFIX;
cac = (ConcurrentAccessController) cc.getProperty(key);
} else {
// for non-clustered env.,gets it from axis configuration context
cac = throttle.getConcurrentAccessController();
}
// check for concurrent access
boolean canAccess = doConcurrentThrottling(cac, messageContext);
if (canAccess) {
// if the concurrent access is success then
// do the access rate based throttling
if (messageContext.getFLOW() == MessageContext.IN_FLOW) {
// gets the remote caller domain name
String domain = null;
HttpServletRequest request =
(HttpServletRequest)
messageContext.getPropertyNonReplicable(HTTPConstants.MC_HTTP_SERVLETREQUEST);
if (request != null) {
domain = request.getRemoteHost();
}
// Domain name based throttling
// check whether a configuration has been defined for this domain name or not
String callerId = null;
if (domain != null) {
// loads the ThrottleContext
ThrottleContext context =
throttle.getThrottleContext(ThrottleConstants.DOMAIN_BASED_THROTTLE_KEY);
if (context != null) {
// Loads the ThrottleConfiguration
ThrottleConfiguration config = context.getThrottleConfiguration();
if (config != null) {
// check for configuration for this caller
callerId = config.getConfigurationKeyOfCaller(domain);
if (callerId != null) {
// If this is a clustered env.
if (isClusteringEnable) {
context.setConfigurationContext(cc);
context.setThrottleId(throttleId);
}
AccessInformation infor =
accessRateController.canAccess(
context, callerId, ThrottleConstants.DOMAIN_BASE);
StatCollector.collect(infor, domain, ThrottleConstants.DOMAIN_BASE);
// check for the permission for access
if (!infor.isAccessAllowed()) {
// In the case of both of concurrency throttling and
// rate based throttling have enabled ,
// if the access rate less than maximum concurrent access ,
// then it is possible to occur death situation.To avoid that reset,
// if the access has denied by rate based throttling
if (cac != null) {
cac.incrementAndGet();
// set back if this is a clustered env
if (isClusteringEnable) {
cc.setProperty(key, cac);
// replicate the current state of ConcurrentAccessController
try {
if (debugOn) {
log.debug(
"Going to replicates the "
+ "states of the ConcurrentAccessController"
+ " with key : "
+ key);
}
Replicator.replicate(cc, new String[] {key});
} catch (ClusteringFault clusteringFault) {
log.error("Error during replicating states ", clusteringFault);
}
}
}
throw new AxisFault(
" Access deny for a "
+ "caller with Domain "
+ domain
+ " "
+ " : Reason : "
+ infor.getFaultReason());
}
} else {
if (debugOn) {
log.debug(
"Could not find the Throttle Context for domain-Based "
+ "Throttling for domain name "
+ domain
+ " Throttling for this "
+ "domain name may not be configured from policy");
}
}
}
}
} else {
if (debugOn) {
log.debug("Could not find the domain of the caller - IP-based throttling may occur");
}
}
// IP based throttling - Only if there is no configuration for caller domain name
if (callerId == null) {
String ip = (String) messageContext.getProperty(MessageContext.REMOTE_ADDR);
if (ip != null) {
// loads IP based throttle context
ThrottleContext context =
throttle.getThrottleContext(ThrottleConstants.IP_BASED_THROTTLE_KEY);
if (context != null) {
// Loads the ThrottleConfiguration
ThrottleConfiguration config = context.getThrottleConfiguration();
if (config != null) {
// check for configuration for this ip
callerId = config.getConfigurationKeyOfCaller(ip);
if (callerId != null) {
// for clustered env.
if (isClusteringEnable) {
context.setConfigurationContext(cc);
context.setThrottleId(throttleId);
}
AccessInformation infor =
accessRateController.canAccess(context, callerId, ThrottleConstants.IP_BASE);
// check for the permission for access
StatCollector.collect(infor, ip, ThrottleConstants.IP_BASE);
if (!infor.isAccessAllowed()) {
// In the case of both of concurrency throttling and
// rate based throttling have enabled ,
// if the access rate less than maximum concurrent access ,
// then it is possible to occur death situation.To avoid that reset,
// if the access has denied by rate based throttling
if (cac != null) {
cac.incrementAndGet();
// set back if this is a clustered env
if (isClusteringEnable) {
cc.setProperty(key, cac);
// replicate the current state of ConcurrentAccessController
try {
if (debugOn) {
log.debug(
"Going to replicates the "
+ "states of the ConcurrentAccessController"
+ " with key : "
+ key);
}
Replicator.replicate(cc, new String[] {key});
} catch (ClusteringFault clusteringFault) {
log.error("Error during replicating states ", clusteringFault);
}
}
}
throw new AxisFault(
" Access deny for a "
+ "caller with IP "
+ ip
+ " "
+ " : Reason : "
+ infor.getFaultReason());
}
}
}
} else {
if (debugOn) {
log.debug("Could not find the throttle Context for IP-Based throttling");
}
}
} else {
if (debugOn) {
log.debug(
"Could not find the IP address of the caller " + "- throttling will not occur");
}
}
}
}
// all the replication functionality of the access rate based throttling handles by itself
// just replicate the current state of ConcurrentAccessController
if (isClusteringEnable && cac != null) {
try {
if (debugOn) {
log.debug(
"Going to replicates the states of the ConcurrentAccessController"
+ " with key : "
+ key);
}
Replicator.replicate(cc, new String[] {key});
} catch (ClusteringFault clusteringFault) {
log.error("Error during replicating states ", clusteringFault);
}
}
// finally engage rolebased access throttling if available
doRoleBasedAccessThrottling(throttle, messageContext, isClusteringEnable);
} else {
// replicate the current state of ConcurrentAccessController
if (isClusteringEnable) {
try {
if (debugOn) {
log.debug(
"Going to replicates the states of the ConcurrentAccessController"
+ " with key : "
+ key);
}
Replicator.replicate(cc, new String[] {key});
} catch (ClusteringFault clusteringFault) {
log.error("Error during replicating states ", clusteringFault);
}
}
throw new AxisFault(
"Access has currently been denied since " + " maximum concurrent access have exceeded");
}
}
/**
* Computes Abusive information metrics from collected access information.
*
* @param requests access informations
* @param top number of max values to be retained
* @return the metrics of abusive accesses.
*/
static AbuseMetrics computeAbuseMetricsFromAccess(
Map<UUID, AccessInformation> requests, int skip, int top) {
AbuseMetrics abuse = new AbuseMetrics();
Map<String, Long> user_map = new TreeMap<String, Long>();
Map<String, Long> ip_map = new TreeMap<String, Long>();
Map<String, Long> requests_map = new TreeMap<String, Long>();
SortedSet<Entry<UUID, AccessInformation>> accesses = entriesSortedByValues(requests);
Iterator<Map.Entry<UUID, AccessInformation>> iterator = accesses.iterator();
long newest = Long.MIN_VALUE;
long oldest = Long.MAX_VALUE;
long longest_request = Long.MIN_VALUE;
long count = 0;
while (iterator.hasNext()) {
if (skip-- > 0) continue;
Map.Entry<UUID, AccessInformation> entry = iterator.next();
AccessInformation ai = entry.getValue();
// Case of eviction happened.
if (ai == null) continue;
// Keep track of the delay
Long timestamp = ai.getStartTimestamp();
long delay = ai.getDurationNs();
if (timestamp > newest) newest = timestamp;
if (timestamp < oldest) oldest = timestamp;
if (longest_request < delay) longest_request = delay;
// Keep track of the record number
count++;
// Keep track of the user list
long user_count = 1;
String username = ai.getUsername();
if (username == null) username = UNKNOWN_USER;
if (user_map.containsKey(username)) user_count += user_map.get(username);
user_map.put(username, user_count);
// Keep track of the Ip List
long ip_count = 1;
String ip = ai.getRemoteAddress();
if (ip == null) ip = UNKNOWN_IP;
if (ip_map.containsKey(ip)) ip_count += ip_map.get(ip);
ip_map.put(ip, ip_count);
// Keep track of the request time spent.
String request = ai.getRequest();
Long old_request = Long.MIN_VALUE;
if (request == null) continue;
if (requests_map.containsKey(request)) old_request = requests_map.get(request);
if (delay > old_request) requests_map.put(request, delay);
}
// report the period nanoseconds
abuse.setPeriod(newest - oldest);
abuse.setCalls(count);
// Sort Abusive users
SortedSet<Map.Entry<String, Long>> sorted_users_calls = entriesSortedByValues(user_map);
Iterator<Map.Entry<String, Long>> user_it = sorted_users_calls.iterator();
abuse.setAbusiveUsers(new LinkedHashMap<String, Long>());
int top_count = 0;
while (user_it.hasNext() && top_count++ < top) {
Map.Entry<String, Long> entry = user_it.next();
abuse.getAbusiveUsers().put(entry.getKey(), entry.getValue());
}
// Sort Abusive IP usage
SortedSet<Map.Entry<String, Long>> sorted_ip_calls = entriesSortedByValues(ip_map);
Iterator<Map.Entry<String, Long>> ip_it = sorted_ip_calls.iterator();
abuse.setAbusiveIp(new LinkedHashMap<String, Long>());
top_count = 0;
while (ip_it.hasNext() && top_count++ < top) {
Map.Entry<String, Long> entry = ip_it.next();
abuse.getAbusiveIp().put(entry.getKey(), entry.getValue());
}
// Sort Abusive IP usage
SortedSet<Map.Entry<String, Long>> sorted_requests_calls = entriesSortedByValues(requests_map);
Iterator<Map.Entry<String, Long>> requests_it = sorted_requests_calls.iterator();
abuse.setAbusiveRequests(new LinkedHashMap<String, Long>());
top_count = 0;
while (requests_it.hasNext() && top_count++ < top) {
Map.Entry<String, Long> entry = requests_it.next();
abuse.getAbusiveRequests().put(entry.getKey(), entry.getValue());
}
return abuse;
}