From 6fb2d55207823970d44ec217de087fd990fd75df Mon Sep 17 00:00:00 2001 From: Roop Date: Mon, 29 Jan 2018 10:50:04 -0800 Subject: [PATCH] ZacTokenService updated to use expiring FastTokenServices. Signed-off-by: Henry --- .../lib/AbstractZoneAwareTokenService.java | 25 ++++++++++++----- .../uaa/token/lib/FastTokenServices.java | 4 +++ .../token/lib/FastTokenServicesCreator.java | 8 +++++- .../lib/FastTokenServicesCreatorTest.java | 28 +++++++++++++++++++ .../predix/uaa/token/lib/TestTokenUtil.java | 12 ++++++++ 5 files changed, 69 insertions(+), 8 deletions(-) create mode 100644 src/test/java/com/ge/predix/uaa/token/lib/FastTokenServicesCreatorTest.java diff --git a/src/main/java/com/ge/predix/uaa/token/lib/AbstractZoneAwareTokenService.java b/src/main/java/com/ge/predix/uaa/token/lib/AbstractZoneAwareTokenService.java index ef3a94d..09ab5f1 100644 --- a/src/main/java/com/ge/predix/uaa/token/lib/AbstractZoneAwareTokenService.java +++ b/src/main/java/com/ge/predix/uaa/token/lib/AbstractZoneAwareTokenService.java @@ -30,6 +30,9 @@ import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.beans.BeansException; +import org.springframework.beans.factory.BeanFactory; +import org.springframework.beans.factory.BeanFactoryAware; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Required; import org.springframework.http.HttpStatus; @@ -49,7 +52,7 @@ * * @author 212304931 */ -public abstract class AbstractZoneAwareTokenService implements ResourceServerTokenServices { +public abstract class AbstractZoneAwareTokenService implements ResourceServerTokenServices, BeanFactoryAware { private static final Logger LOGGER = LoggerFactory.getLogger(AbstractZoneAwareTokenService.class); @@ -63,8 +66,6 @@ public abstract class AbstractZoneAwareTokenService implements ResourceServerTok private FastTokenServices defaultFastTokenService; - private FastTokenServicesCreator fastRemoteTokenServicesCreator = new FastTokenServicesCreator(); - @Autowired(required = true) private HttpServletRequest request; @@ -80,6 +81,10 @@ public abstract class AbstractZoneAwareTokenService implements ResourceServerTok private boolean useHttps = true; + private BeanFactory beanFactory; + + private FastTokenServicesCreator fastRemoteTokenServicesCreator = new FastTokenServicesCreator(); + @Override public OAuth2Authentication loadAuthentication(final String accessToken) throws AuthenticationException, InvalidTokenException { @@ -197,6 +202,7 @@ protected FastTokenServices createFastTokenService(final List trustedIss return tokenServices; } + @Override public OAuth2AccessToken readAccessToken(final String accessToken) { throw new UnsupportedOperationException("Not supported: read access token"); @@ -219,6 +225,11 @@ public void setStoreClaims(final boolean storeClaims) { this.storeClaims = storeClaims; } + public void setFastRemoteTokenServicesCreator(final FastTokenServicesCreator fastRemoteTokenServicesCreator) { + this.fastRemoteTokenServicesCreator = fastRemoteTokenServicesCreator; + } + + public boolean isUseHttps() { return this.useHttps; } @@ -239,10 +250,6 @@ public void setDefaultFastTokenService(final FastTokenServices defaultFastTokenS this.defaultFastTokenService = defaultFastTokenService; } - public void setFastRemoteTokenServicesCreator(final FastTokenServicesCreator fastRemoteTokenServicesCreator) { - this.fastRemoteTokenServicesCreator = fastRemoteTokenServicesCreator; - } - public void setServiceBaseDomain(final String serviceBaseDomain) { this.serviceBaseDomainList = splitCSV(serviceBaseDomain); } @@ -280,4 +287,8 @@ public boolean isUseSubdomainsForZones() { return this.useSubdomainsForZones; } + @Override + public void setBeanFactory(final BeanFactory beanFactory) throws BeansException { + this.beanFactory = beanFactory; + } } diff --git a/src/main/java/com/ge/predix/uaa/token/lib/FastTokenServices.java b/src/main/java/com/ge/predix/uaa/token/lib/FastTokenServices.java index 05e0052..453a6a0 100644 --- a/src/main/java/com/ge/predix/uaa/token/lib/FastTokenServices.java +++ b/src/main/java/com/ge/predix/uaa/token/lib/FastTokenServices.java @@ -90,6 +90,10 @@ public class FastTokenServices implements ResourceServerTokenServices, Initializ @Override public void afterPropertiesSet() throws Exception { + this.init(); + } + + protected void init() { this.tokenKeys = new PassiveExpiringMap<>(this.issuerPublicKeyTTL); } diff --git a/src/main/java/com/ge/predix/uaa/token/lib/FastTokenServicesCreator.java b/src/main/java/com/ge/predix/uaa/token/lib/FastTokenServicesCreator.java index ab2fa8e..1defe42 100644 --- a/src/main/java/com/ge/predix/uaa/token/lib/FastTokenServicesCreator.java +++ b/src/main/java/com/ge/predix/uaa/token/lib/FastTokenServicesCreator.java @@ -16,9 +16,15 @@ package com.ge.predix.uaa.token.lib; +/** + * FastTokenServicesCreator not meant for public use: use ZacTokenServices instead. + */ public class FastTokenServicesCreator { public FastTokenServices newInstance() { - return new FastTokenServices(); + FastTokenServices fastTokenServices = new FastTokenServices(); + fastTokenServices.setIssuerPublicKeyTTL(-1L); + fastTokenServices.init(); + return fastTokenServices; } } diff --git a/src/test/java/com/ge/predix/uaa/token/lib/FastTokenServicesCreatorTest.java b/src/test/java/com/ge/predix/uaa/token/lib/FastTokenServicesCreatorTest.java new file mode 100644 index 0000000..82fd829 --- /dev/null +++ b/src/test/java/com/ge/predix/uaa/token/lib/FastTokenServicesCreatorTest.java @@ -0,0 +1,28 @@ +package com.ge.predix.uaa.token.lib; + +import org.springframework.security.jwt.crypto.sign.SignatureVerifier; +import org.springframework.test.util.ReflectionTestUtils; +import org.testng.Assert; +import org.testng.annotations.BeforeClass; +import org.testng.annotations.Test; + +import java.lang.reflect.Field; +import java.util.Map; + +public class FastTokenServicesCreatorTest { + + FastTokenServicesCreator creator = null; + + @BeforeClass + private void setUp() { + creator = new FastTokenServicesCreator(); + } + + @Test + public void testNewInstance() { + FastTokenServices tokenServices = creator.newInstance(); + Map tokenKeys = (Map) ReflectionTestUtils.getField(tokenServices, "tokenKeys"); + Assert.assertNotNull(tokenKeys, + "The TokenKeys Map must have been initialized"); + } +} diff --git a/src/test/java/com/ge/predix/uaa/token/lib/TestTokenUtil.java b/src/test/java/com/ge/predix/uaa/token/lib/TestTokenUtil.java index bc5f400..edcad30 100644 --- a/src/test/java/com/ge/predix/uaa/token/lib/TestTokenUtil.java +++ b/src/test/java/com/ge/predix/uaa/token/lib/TestTokenUtil.java @@ -178,6 +178,18 @@ public String mockAccessToken(final int validitySeconds, final String zoneUserSc return openIdToken.getValue(); } + public String mockAccessToken(final String issuerId, final int validitySeconds, final String zoneUserScope) { + Collection clientScopes = Arrays.asList(new GrantedAuthority[] { + new SimpleGrantedAuthority("uaa.resource"), new SimpleGrantedAuthority(zoneUserScope) }); + Set requestedScopes = new HashSet<>(Arrays.asList(new String[] { "openid", zoneUserScope })); + Set resourceIds = new HashSet<>(Arrays.asList(new String[] { "none" })); + DefaultOAuth2AccessToken openIdToken = createAccessToken(issuerId, + "1adc931e-d65f-4357-b90d-dd4131b8749a", "marissa", "marissa@test.com", validitySeconds, clientScopes, + requestedScopes, "cf", resourceIds, "passsword", null, null, null, null, System.currentTimeMillis(), + "uaa", false); + return openIdToken.getValue(); + } + private DefaultOAuth2AccessToken createAccessToken(final String issuerId, final String userId, final String username, final String userEmail, final int validitySeconds, final Collection clientScopes, final Set requestedScopes, final String clientId,