Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CXF-8765: Option to remove Ehcache #2196

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

CXF-8765: Option to remove Ehcache #2196

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions rt/rs/security/sso/saml/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,5 +71,12 @@
<classifier>jakarta</classifier>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.ehcache.modules</groupId>
<artifactId>ehcache-107</artifactId>
<version>${cxf.ehcache3.version}</version>
<scope>provided</scope>
<optional>true</optional>
</dependency>
</dependencies>
</project>
162 changes: 162 additions & 0 deletions ...saml/src/main/java/org/apache/cxf/rs/security/saml/sso/jcache/JCacheTokenReplayCache.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,162 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

package org.apache.cxf.rs.security.saml.sso.jcache;

import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import java.time.Instant;

import javax.cache.Cache;
import javax.cache.CacheManager;
import javax.cache.Caching;
import javax.cache.configuration.MutableConfiguration;
import javax.cache.spi.CachingProvider;

import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.jaxrs.utils.ResourceUtils;
import org.apache.cxf.rs.security.saml.sso.TokenReplayCache;
import org.apache.wss4j.common.cache.EHCacheReplayCache;
import org.apache.wss4j.common.cache.EHCacheValue;
import org.apache.wss4j.common.util.Loader;

/**
* An in-memory EHCache implementation of the TokenReplayCache interface.
* The default TTL is 60 minutes and the max TTL is 12 hours.
*/

public class JCacheTokenReplayCache implements TokenReplayCache<String> {

public static final String CACHE_KEY = "cxf.samlp.replay.cache";

private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(EHCacheReplayCache.class);
private static final String DEFAULT_CONFIG_URL = "/cxf-samlp-jcache.xml";

private final Cache<String, EHCacheValue> cache;
private final CacheManager cacheManager;

public JCacheTokenReplayCache() throws URISyntaxException {
this(DEFAULT_CONFIG_URL, null);
}

public JCacheTokenReplayCache(Bus bus) throws URISyntaxException {
this(DEFAULT_CONFIG_URL, bus);
}

public JCacheTokenReplayCache(String configFile) throws URISyntaxException {
this(configFile, null);
}

public JCacheTokenReplayCache(String configFile, Bus bus) throws URISyntaxException {
if (bus == null) {
bus = BusFactory.getThreadDefaultBus(true);
}
URL configFileURL = null;
try {
configFileURL =
ResourceUtils.getClasspathResourceURL(configFile, JCacheTokenReplayCache.class, bus);
} catch (Exception ex) {
// ignore
}

final CachingProvider cachingProvider = Caching.getCachingProvider();

cacheManager = cachingProvider.getCacheManager(
getConfigFileURL(configFileURL).toURI(),
getClass().getClassLoader());

cache = getOrCreate(cacheManager, CACHE_KEY, String.class, EHCacheValue.class);
}

private static <K, V> Cache<K, V> getOrCreate(CacheManager cacheManager, String name,
Class<K> kclass, Class<V> vclass) {

final Cache<K, V> cache = cacheManager.getCache(name, kclass, vclass);
if (cache != null) {
return cache;
}

final MutableConfiguration<K, V> cacheConfiguration = new MutableConfiguration<>();
cacheConfiguration.setTypes(kclass, vclass);

return cacheManager.createCache(name, cacheConfiguration);
}

private URL getConfigFileURL(URL suppliedConfigFileURL) {
if (suppliedConfigFileURL == null) {
//using the default
try {
URL configFileURL = Loader.getResource(DEFAULT_CONFIG_URL);
if (configFileURL == null) {
configFileURL = new URL(DEFAULT_CONFIG_URL);
}
return configFileURL;
} catch (IOException e) {
// Do nothing
LOG.debug(e.getMessage());
}
}
return suppliedConfigFileURL;
}

/**
* Add the given identifier to the cache. It will be cached for a default amount of time.
* @param identifier The identifier to be added
*/
public void putId(String identifier) {
putId(identifier, null);
}

/**
* Add the given identifier to the cache to be cached for the given time
* @param identifier The identifier to be added
* @param expiry A custom expiry time for the identifier. Can be null in which case, the default expiry is used.
*/
public void putId(String identifier, Instant expiry) {
if (identifier == null || "".equals(identifier)) {
return;
}

cache.put(identifier, new EHCacheValue(identifier, expiry));
}

/**
* Return true if the given identifier is contained in the cache
* @param identifier The identifier to check
*/
public boolean contains(String identifier) {
if (cache == null) {
return false;
}
EHCacheValue element = cache.get(identifier);
return element != null;
}

public synchronized void close() {
if (!cacheManager.isClosed()) {
cacheManager.destroyCache(CACHE_KEY);
cacheManager.close();
}
}


}
165 changes: 165 additions & 0 deletions .../src/main/java/org/apache/cxf/rs/security/saml/sso/state/jcache/JCacheSPStateManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,165 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.cxf.rs.security.saml.sso.state.jcache;

import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;

import javax.cache.Cache;
import javax.cache.CacheManager;
import javax.cache.Caching;
import javax.cache.configuration.MutableConfiguration;
import javax.cache.spi.CachingProvider;

import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.jaxrs.utils.ResourceUtils;
import org.apache.cxf.rs.security.saml.sso.state.RequestState;
import org.apache.cxf.rs.security.saml.sso.state.ResponseState;
import org.apache.cxf.rs.security.saml.sso.state.SPStateManager;
import org.apache.wss4j.common.util.Loader;

/**
* An in-memory EHCache implementation of the SPStateManager interface.
* The default TTL is 5 minutes.
*/
public class JCacheSPStateManager implements SPStateManager {

public static final String REQUEST_CACHE_KEY = "cxf.samlp.request.state.cache";
public static final String RESPONSE_CACHE_KEY = "cxf.samlp.response.state.cache";
private static final String DEFAULT_CONFIG_URL = "/cxf-samlp-jcache.xml";
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(JCacheSPStateManager.class);

private final Cache<String, RequestState> requestCache;
private final Cache<String, ResponseState> responseCache;
private final CacheManager cacheManager;

public JCacheSPStateManager() throws URISyntaxException {
this(DEFAULT_CONFIG_URL, null);
}

public JCacheSPStateManager(Bus bus) throws URISyntaxException {
this(DEFAULT_CONFIG_URL, bus);
}

public JCacheSPStateManager(String configFileURL) throws URISyntaxException {
this(configFileURL, null);
}

public JCacheSPStateManager(String configFile, Bus bus) throws URISyntaxException {
if (bus == null) {
bus = BusFactory.getThreadDefaultBus(true);
}

URL configFileURL = null;
try {
configFileURL =
ResourceUtils.getClasspathResourceURL(configFile, JCacheSPStateManager.class, bus);
} catch (Exception ex) {
// ignore
}

final CachingProvider cachingProvider = Caching.getCachingProvider();

cacheManager = cachingProvider.getCacheManager(
getConfigFileURL(configFileURL).toURI(),
getClass().getClassLoader());

requestCache = getOrCreate(cacheManager, REQUEST_CACHE_KEY, String.class, RequestState.class);
responseCache = getOrCreate(cacheManager, RESPONSE_CACHE_KEY, String.class, ResponseState.class);
}

private static <K, V> Cache<K, V> getOrCreate(CacheManager cacheManager, String name,
Class<K> kclass, Class<V> vclass) {

final Cache<K, V> cache = cacheManager.getCache(name, kclass, vclass);
if (cache != null) {
return cache;
}

final MutableConfiguration<K, V> cacheConfiguration = new MutableConfiguration<>();
cacheConfiguration.setTypes(kclass, vclass);

return cacheManager.createCache(name, cacheConfiguration);
}

private URL getConfigFileURL(URL suppliedConfigFileURL) {
if (suppliedConfigFileURL == null) {
//using the default
try {
URL configFileURL = Loader.getResource(DEFAULT_CONFIG_URL);
if (configFileURL == null) {
configFileURL = new URL(DEFAULT_CONFIG_URL);
}
return configFileURL;
} catch (IOException e) {
// Do nothing
LOG.debug(e.getMessage());
}
}
return suppliedConfigFileURL;
}

public ResponseState getResponseState(String securityContextKey) {
return responseCache.get(securityContextKey);
}

public ResponseState removeResponseState(String securityContextKey) {
ResponseState responseState = getResponseState(securityContextKey);
if (responseState != null) {
responseCache.remove(securityContextKey);
}
return responseState;
}

public void setResponseState(String securityContextKey, ResponseState state) {
if (securityContextKey == null || "".equals(securityContextKey)) {
return;
}

responseCache.put(securityContextKey, state);
}

public void setRequestState(String relayState, RequestState state) {
if (relayState == null || "".equals(relayState)) {
return;
}

requestCache.put(relayState, state);
}

public RequestState removeRequestState(String relayState) {
RequestState state = requestCache.get(relayState);
if (state != null) {
requestCache.remove(relayState);
}
return state;
}

public synchronized void close() throws IOException {
if (!cacheManager.isClosed()) {
cacheManager.destroyCache(REQUEST_CACHE_KEY);
cacheManager.destroyCache(RESPONSE_CACHE_KEY);
cacheManager.close();
}
}

}
56 changes: 56 additions & 0 deletions rt/rs/security/sso/saml/src/main/resources/cxf-samlp-jcache.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
<?xml version="1.0"?>
<config
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
xmlns='http://www.ehcache.org/v3'
xmlns:jsr107='http://www.ehcache.org/v3/jsr107'
xsi:schemaLocation="http://www.ehcache.org/v3 http://www.ehcache.org/schema/ehcache-core-3.8.xsd
http://www.ehcache.org/v3/jsr107 http://www.ehcache.org/schema/ehcache-107-ext-3.0.xsd">

<service>
<jsr107:defaults>
<jsr107:cache name="cxf.samlp.response.state.cache" template="cxf.samlp.response.state.cache.template"/>
<jsr107:cache name="cxf.samlp.request.state.cache" template="cxf.samlp.request.state.cache.template"/>
<jsr107:cache name="cxf.samlp.replay.cache" template="cxf.samlp.replay.cache.template"/>
</jsr107:defaults>
</service>

<persistence directory="${java.io.tmpdir}/ehcache/" />

<cache-template name="cxf.samlp.replay.cache.template">
<key-type>java.lang.String</key-type>
<value-type>org.apache.wss4j.common.cache.EHCacheValue</value-type>
<expiry>
<class>org.apache.wss4j.common.cache.EHCacheExpiry</class>
</expiry>
<resources>
<heap unit="entries">5000</heap>
<disk unit="MB" persistent="false">10</disk>
</resources>
</cache-template>

<cache-template name="cxf.samlp.request.state.cache.template">
<key-type>java.lang.String</key-type>
<value-type>org.apache.cxf.rs.security.saml.sso.state.RequestState</value-type>
<expiry>
<ttl unit="seconds">300</ttl>
</expiry>
<resources>
<heap unit="entries">5000</heap>
<disk unit="MB" persistent="false">10</disk>
</resources>
</cache-template>

<cache-template name="cxf.samlp.response.state.cache.template">
<key-type>java.lang.String</key-type>
<value-type>org.apache.cxf.rs.security.saml.sso.state.ResponseState</value-type>
<expiry>
<ttl unit="seconds">300</ttl>
</expiry>
<resources>
<heap unit="entries">5000</heap>
<disk unit="MB" persistent="false">10</disk>
</resources>
</cache-template>

</config>

Loading
Loading