[SciTokens] Simplify the SciTokensHelper architecture.

xrootd · Jan 11, 2021 · 4d7d6de · 4d7d6de
1 parent 085a1c8
commit 4d7d6de
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 56 deletions.
diff --git a/src/XrdSciTokens/src/XrdAccSciTokens.cc b/src/XrdSciTokens/src/XrdAccSciTokens.cc
@@ -270,6 +270,7 @@ class XrdAccRules
 class XrdAccSciTokens;
 
 XrdAccSciTokens *accSciTokens = nullptr;
+XrdSciTokensHelper *SciTokensHelper = nullptr;
 
 class XrdAccSciTokens : public XrdAccAuthorize, public XrdSciTokensHelper
 {
@@ -458,26 +459,13 @@ class XrdAccSciTokens : public XrdAccAuthorize, public XrdSciTokensHelper
     virtual int         Test(const XrdAccPrivs priv,
                              const Access_Operation oper) override
     {
-        return 0;
+        return (m_chain ? m_chain->Test(priv, oper) : 0);
     }
 
     std::string GetConfigFile() {
         return m_cfg_file;
     }
 
-    static XrdSciTokensHelper* InitViaZTN(XrdSysLogger *lp,
-                                             const char   *cfn,
-                                             const char   *parm,
-                                             XrdAccAuthorize *accP)
-    {
-        try {
-            accSciTokens = new XrdAccSciTokens(lp, parm, accP); // The last arg not needed!
-            return (XrdSciTokensHelper*)accSciTokens;
-        } catch (std::exception &) {
-            return nullptr;
-        }
-    }
-
 private:
     XrdAccPrivs OnMissing(const XrdSecEntity *Entity, const char *path,
                           const Access_Operation oper, XrdOucEnv *env)
@@ -961,7 +949,15 @@ class XrdAccSciTokens : public XrdAccAuthorize, public XrdSciTokensHelper
     static constexpr uint64_t m_expiry_secs = 60;
 };
 
-std::string      cfgSciTokens;
+void InitAccSciTokens(XrdSysLogger *lp, const char *cfn, const char *parm,
+                      XrdAccAuthorize *accP)
+{
+    try {
+        accSciTokens = new XrdAccSciTokens(lp, parm, accP);
+        SciTokensHelper = accSciTokens;
+    } catch (std::exception &) {
+    }
+}
 
 extern "C" {
 
@@ -975,35 +971,19 @@ XrdAccAuthorize *XrdAccAuthorizeObjAdd(XrdSysLogger *lp,
     // unique_ptr as all of this happens once in the main and only thread.
     //
 
-    // Create a logging platform to send error messages
-    XrdSysError xrootdLog(lp, "scitokens_");
-    // If we have been initialized by via InitViaZTN() then all we need to check
-    // is that the config file passed here is the same one passed via the ZTN.
-    // If it isn't, issue a nasty message and return a nil pointer.
-    //
-    if (accSciTokens)  // Already initialzed?
-    {
-        // Verify sameness of config file
-        if (accSciTokens->GetConfigFile() == cfn) {
-            return accSciTokens;
-        } else {
-            xrootdLog.Emsg("XrdAccAuthorizeObjAdd", "SciTokens configuration is different now from the scitokens configuration when initialized");
-            return nullptr;
-        }
-    }
-
-    // First time through, get a new SciTokens authorizer. We simply reuse the
-    // InitViaZTN() method as that is all we need.
+    // If we have been initialized by a previous load, them return that result.
+    // Otherwise, it's the first time through, get a new SciTokens authorizer.
     //
-    accSciTokens = (XrdAccSciTokens*)XrdAccSciTokens::InitViaZTN(lp, cfn, parm, accP);
-    return (accSciTokens ? accSciTokens : nullptr);
+    if (!accSciTokens) InitAccSciTokens(lp, cfn, parm, accP);
+    return accSciTokens;
 }
 
 XrdAccAuthorize *XrdAccAuthorizeObject(XrdSysLogger *lp,
                                        const char   *cfn,
                                        const char   *parm)
 {
-    return XrdAccAuthorizeObjAdd(lp, cfn, parm, 0, 0);
+    InitAccSciTokens(lp, cfn, parm, 0);
+    return accSciTokens;
 }
 
 

diff --git a/src/XrdSciTokens/src/XrdSciTokensHelper.hh b/src/XrdSciTokens/src/XrdSciTokensHelper.hh
@@ -1,28 +1,23 @@
-
+/******************************************************************************/
+/*                                                                            */
+/*                 X r d S c i T o k e n s H e l p e r . h h                  */
+/*                                                                            */
+/******************************************************************************/
+
 #include <string>
 #include <vector>
 
-class XrdSciTokensHelper
-{
-public:
-
 //-----------------------------------------------------------------------------
-//! Initialize SciTokens plugin via authentication plugin path.
-//!
-//! @param   lp    - Pointer to the error logging object.
-//! @param   cfn   - Pointer to the configuration file used by xrootd.
-//! @param   parm  - Pointer to the plugin library parameters.
-//! @param   accP  - Pointer to the authorization object, but should be null 
-//!                  when initialized with this function.
-//!
-//! @result  Pointer to an instance of this object upon success, nil otherwise.
+//! This class defines the XrdAccSciTokens API to perform token validation as
+//! well as getting the list of valid issuers. It requires that the SciTokens
+//! authorization plugin be loaded and initialized. Upon successful loading
+//! and initialization the symbol "SciTokensHelper" will contain the address
+//! of an instance of this class.
 //-----------------------------------------------------------------------------
 
-static XrdSciTokensHelper *InitViaZTN(XrdSysLogger *lp,
-                                      const char   *cfn,
-                                      const char   *parm,
-                                      XrdAccAuthorize *accP = 0
-                                      );
+class XrdSciTokensHelper
+{
+public:
 
 //-----------------------------------------------------------------------------
 //! Get the list of valid issuers.