/**
* Encode the user ID in a secure cookie.
*
* @param userId
* @return
*/
String encodeCookie(String userId, String tokenType) {
if (userId == null) {
return null;
}
if (clusterCookieServer != null) {
return clusterCookieServer.encodeCookie(userId);
} else {
long expires = System.currentTimeMillis() + ttl;
SecureCookie secretKeyHolder = tokenStore.getActiveToken();
try {
return secretKeyHolder.encode(expires, userId, tokenType);
} catch (NoSuchAlgorithmException e) {
LOG.error(e.getMessage(), e);
} catch (InvalidKeyException e) {
LOG.error(e.getMessage(), e);
} catch (IllegalStateException e) {
LOG.error(e.getMessage(), e);
} catch (UnsupportedEncodingException e) {
LOG.error(e.getMessage(), e);
} catch (SecureCookieException e) {
if (e.isError()) {
LOG.error(e.getMessage(), e);
} else {
LOG.info(e.getMessage(), e);
}
}
return null;
}
}
@SuppressWarnings("rawtypes")
protected void activate(ComponentContext context) {
Dictionary props = context.getProperties();
usingSession = PropertiesUtil.toBoolean(props.get(USE_SESSION), false);
secureCookie = PropertiesUtil.toBoolean(props.get(SECURE_COOKIE), false);
ttl = PropertiesUtil.toLong(props.get(TTL), 1200000);
trustedAuthCookieName = PropertiesUtil.toString(props.get(COOKIE_NAME), "");
sharedSecret =
PropertiesUtil.toString(
props.get(SERVER_TOKEN_SHARED_SECRET), "default-setting-change-before-use");
trustedTokenEnabled = PropertiesUtil.toBoolean(props.get(SERVER_TOKEN_ENABLED), true);
debugCookies = PropertiesUtil.toBoolean(props.get(DEBUG_COOKIES), false);
tokenStore.setDebugCookies(debugCookies);
String safeHostsAddr = PropertiesUtil.toString(props.get(SERVER_TOKEN_SAFE_HOSTS_ADDR), "");
safeHostAddrSet.clear();
if (safeHostsAddr != null) {
for (String address : StringUtils.split(safeHostsAddr, ';')) {
safeHostAddrSet.add(address);
}
}
String trustedProxyServerAddr =
PropertiesUtil.toString(props.get(TRUSTED_PROXY_SERVER_ADDR), "");
trustedProxyServerAddrSet.clear();
if (trustedProxyServerAddr != null) {
for (String address : StringUtils.split(trustedProxyServerAddr, ';')) {
trustedProxyServerAddrSet.add(address);
}
}
String wrappers = PropertiesUtil.toString(props.get(SERVER_TOKEN_SAFE_WRAPPERS), "");
if (wrappers == null || wrappers.length() == 0) {
wrappers = DEFAULT_WRAPPERS;
}
safeWrappers = StringUtils.split(wrappers, ";");
String tokenFile = PropertiesUtil.toString(props.get(TOKEN_FILE_NAME), "");
String serverId = clusterTrackingService.getCurrentServerId();
tokenStore.doInit(cacheManager, tokenFile, serverId, ttl);
trustedHeaderName = PropertiesUtil.toString(props.get(TRUSTED_HEADER_NAME), "");
trustedParameterName = PropertiesUtil.toString(props.get(TRUSTED_PARAMETER_NAME), "");
}
@Test
public void test()
throws IOException, InvalidKeyException, NoSuchAlgorithmException, IllegalStateException {
File tokenFile = new File("target/keys.txt");
long sessionTimeout = System.currentTimeMillis() + 5 * 60 * 1000;
TokenStore tokenStore = new TokenStore(tokenFile, sessionTimeout, false);
String userId = "123@1234@11";
long expires = sessionTimeout;
String token = null;
for (int i = 0; i < 11; i++) {
token = tokenStore.encode(expires, userId);
}
System.out.println("token: " + token);
boolean isValid = tokenStore.isValid(token);
String[] user = TokenStore.split(token);
System.out.println(isValid);
for (String string : user) {
System.out.println(string);
}
}
private static <T extends TokenRecord> void dumpTokens(final TokenStore<T> store, long[] ids)
throws Exception {
try {
new DumpStore<T, TokenStore<T>>(System.out) {
@Override
protected Object transform(T record) throws Exception {
if (record.inUse()) {
store.ensureHeavy(record);
return record.getId() + ": \"" + store.getStringFor(record) + "\": " + record;
}
return null;
}
}.dump(store, ids);
} finally {
store.close();
}
}
/**
* Decode the user ID.
*
* @param value
* @return
*/
String[] decodeCookie(String value) {
if (value == null) {
return null;
}
if (clusterCookieServer != null) {
return clusterCookieServer.decodeCookie(value);
} else {
try {
SecureCookie secureCookie = tokenStore.getSecureCookie();
return secureCookie.decode(value);
} catch (SecureCookieException e) {
if (e.isError()) {
LOG.error(e.getMessage());
} else {
LOG.info(e.getMessage());
}
}
}
return null;
}
/*
* @param req The authentication request of which to request the expiration
* status.
* @return The number of milliseconds until the token expires, or negative
* infinity if no token was found.
*/
public double expiresIn(AuthRequest req) {
String val = tokenStore.get(req.asString());
return val == null
? Double.NEGATIVE_INFINITY
: Double.valueOf(TokenInfo.fromString(val).expires) - clock.now();
}
/**
* Clears all tokens stored by this class.
*
* <p>This will result in subsequent calls to {@link #login(AuthRequest, Callback)} displaying a
* popup to the user. If the user has already granted access, that popup will immediately close.
*/
public void clearAllTokens() {
tokenStore.clear();
}
void setToken(AuthRequest req, TokenInfo info) {
tokenStore.set(req.asString(), info.asString());
}
TokenInfo getToken(AuthRequest req) {
String tokenStr = tokenStore.get(req.asString());
return tokenStr != null ? TokenInfo.fromString(tokenStr) : null;
}
