ZacTokenService updated to use expiring FastTokenServices.

Signed-off-by: Henry <henry.zhao1@ge.com>
predix · Jan 29, 2018 · 6fb2d55 · 6fb2d55
1 parent 6a7d853
commit 6fb2d55
Show file tree

Hide file tree

Showing 5 changed files with 69 additions and 8 deletions.
diff --git a/src/main/java/com/ge/predix/uaa/token/lib/AbstractZoneAwareTokenService.java b/src/main/java/com/ge/predix/uaa/token/lib/AbstractZoneAwareTokenService.java
@@ -30,6 +30,9 @@
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.BeanFactory;
+import org.springframework.beans.factory.BeanFactoryAware;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Required;
 import org.springframework.http.HttpStatus;
@@ -49,7 +52,7 @@
  *
  * @author 212304931
  */
-public abstract class AbstractZoneAwareTokenService implements ResourceServerTokenServices {
+public abstract class AbstractZoneAwareTokenService implements ResourceServerTokenServices, BeanFactoryAware {
 
     private static final Logger LOGGER = LoggerFactory.getLogger(AbstractZoneAwareTokenService.class);
 
@@ -63,8 +66,6 @@ public abstract class AbstractZoneAwareTokenService implements ResourceServerTok
 
     private FastTokenServices defaultFastTokenService;
 
-    private FastTokenServicesCreator fastRemoteTokenServicesCreator = new FastTokenServicesCreator();
-
     @Autowired(required = true)
     private HttpServletRequest request;
 
@@ -80,6 +81,10 @@ public abstract class AbstractZoneAwareTokenService implements ResourceServerTok
 
     private boolean useHttps = true;
 
+    private BeanFactory beanFactory;
+
+    private FastTokenServicesCreator fastRemoteTokenServicesCreator = new FastTokenServicesCreator();
+
     @Override
     public OAuth2Authentication loadAuthentication(final String accessToken)
             throws AuthenticationException, InvalidTokenException {
@@ -197,6 +202,7 @@ protected FastTokenServices createFastTokenService(final List<String> trustedIss
         return tokenServices;
     }
 
+
     @Override
     public OAuth2AccessToken readAccessToken(final String accessToken) {
         throw new UnsupportedOperationException("Not supported: read access token");
@@ -219,6 +225,11 @@ public void setStoreClaims(final boolean storeClaims) {
         this.storeClaims = storeClaims;
     }
 
+    public void setFastRemoteTokenServicesCreator(final FastTokenServicesCreator fastRemoteTokenServicesCreator) {
+        this.fastRemoteTokenServicesCreator = fastRemoteTokenServicesCreator;
+    }
+
+
     public boolean isUseHttps() {
         return this.useHttps;
     }
@@ -239,10 +250,6 @@ public void setDefaultFastTokenService(final FastTokenServices defaultFastTokenS
         this.defaultFastTokenService = defaultFastTokenService;
     }
 
-    public void setFastRemoteTokenServicesCreator(final FastTokenServicesCreator fastRemoteTokenServicesCreator) {
-        this.fastRemoteTokenServicesCreator = fastRemoteTokenServicesCreator;
-    }
-
     public void setServiceBaseDomain(final String serviceBaseDomain) {
         this.serviceBaseDomainList = splitCSV(serviceBaseDomain);
     }
@@ -280,4 +287,8 @@ public boolean isUseSubdomainsForZones() {
         return this.useSubdomainsForZones;
     }
 
+    @Override
+    public void setBeanFactory(final BeanFactory beanFactory) throws BeansException {
+        this.beanFactory = beanFactory;
+    }
 }
diff --git a/src/main/java/com/ge/predix/uaa/token/lib/FastTokenServices.java b/src/main/java/com/ge/predix/uaa/token/lib/FastTokenServices.java
@@ -90,6 +90,10 @@ public class FastTokenServices implements ResourceServerTokenServices, Initializ
 
     @Override
     public void afterPropertiesSet() throws Exception {
+        this.init();
+    }
+
+    protected void init() {
         this.tokenKeys = new PassiveExpiringMap<>(this.issuerPublicKeyTTL);
     }
 

diff --git a/src/main/java/com/ge/predix/uaa/token/lib/FastTokenServicesCreator.java b/src/main/java/com/ge/predix/uaa/token/lib/FastTokenServicesCreator.java
@@ -16,9 +16,15 @@
 
 package com.ge.predix.uaa.token.lib;
 
+/**
+ * <code>FastTokenServicesCreator</code> not meant for public use: use <code>ZacTokenServices</code> instead.
+ */
 public class FastTokenServicesCreator {
 
     public FastTokenServices newInstance() {
-        return new FastTokenServices();
+        FastTokenServices fastTokenServices = new FastTokenServices();
+        fastTokenServices.setIssuerPublicKeyTTL(-1L);
+        fastTokenServices.init();
+        return fastTokenServices;
     }
 }
diff --git a/src/test/java/com/ge/predix/uaa/token/lib/FastTokenServicesCreatorTest.java b/src/test/java/com/ge/predix/uaa/token/lib/FastTokenServicesCreatorTest.java
@@ -0,0 +1,28 @@
+package com.ge.predix.uaa.token.lib;
+
+import org.springframework.security.jwt.crypto.sign.SignatureVerifier;
+import org.springframework.test.util.ReflectionTestUtils;
+import org.testng.Assert;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Test;
+
+import java.lang.reflect.Field;
+import java.util.Map;
+
+public class FastTokenServicesCreatorTest {
+
+    FastTokenServicesCreator creator = null;
+
+    @BeforeClass
+    private void setUp() {
+        creator = new FastTokenServicesCreator();
+    }
+
+    @Test
+    public void testNewInstance() {
+        FastTokenServices tokenServices = creator.newInstance();
+        Map<String, SignatureVerifier> tokenKeys = (Map<String, SignatureVerifier>) ReflectionTestUtils.getField(tokenServices, "tokenKeys");
+        Assert.assertNotNull(tokenKeys,
+                "The TokenKeys Map must have been initialized");
+    }
+}
diff --git a/src/test/java/com/ge/predix/uaa/token/lib/TestTokenUtil.java b/src/test/java/com/ge/predix/uaa/token/lib/TestTokenUtil.java
@@ -178,6 +178,18 @@ public String mockAccessToken(final int validitySeconds, final String zoneUserSc
         return openIdToken.getValue();
     }
 
+    public String mockAccessToken(final String issuerId, final int validitySeconds, final String zoneUserScope) {
+        Collection<GrantedAuthority> clientScopes = Arrays.asList(new GrantedAuthority[] {
+                new SimpleGrantedAuthority("uaa.resource"), new SimpleGrantedAuthority(zoneUserScope) });
+        Set<String> requestedScopes = new HashSet<>(Arrays.asList(new String[] { "openid", zoneUserScope }));
+        Set<String> resourceIds = new HashSet<>(Arrays.asList(new String[] { "none" }));
+        DefaultOAuth2AccessToken openIdToken = createAccessToken(issuerId,
+                "1adc931e-d65f-4357-b90d-dd4131b8749a", "marissa", "marissa@test.com", validitySeconds, clientScopes,
+                requestedScopes, "cf", resourceIds, "passsword", null, null, null, null, System.currentTimeMillis(),
+                "uaa", false);
+        return openIdToken.getValue();
+    }
+
     private DefaultOAuth2AccessToken createAccessToken(final String issuerId, final String userId,
             final String username, final String userEmail, final int validitySeconds,
             final Collection<GrantedAuthority> clientScopes, final Set<String> requestedScopes, final String clientId,