@Test public void shouldRefreshIsCorrect() { Timer mockTimer = mock(Timer.class); when(mockTimer.now()) .thenReturn(500l) .thenReturn(1000000l + 500l); AccessTokenTimer timer = new AccessTokenTimer(mockTimer); timer.setExpiresInMSSinceEpoch("1000000"); assertFalse(timer.shouldRefresh()); assertTrue(timer.shouldRefresh()); verify(mockTimer, times(2)).now(); }
public Groups(Configuration conf, final Timer timer) { impl = ReflectionUtils.newInstance( conf.getClass(CommonConfigurationKeys.HADOOP_SECURITY_GROUP_MAPPING, ShellBasedUnixGroupsMapping.class, GroupMappingServiceProvider.class), conf); cacheTimeout = conf.getLong(CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_SECS, CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_SECS_DEFAULT) * 1000; negativeCacheTimeout = conf.getLong(CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_NEGATIVE_CACHE_SECS, CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_NEGATIVE_CACHE_SECS_DEFAULT) * 1000; warningDeltaMs = conf.getLong(CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_WARN_AFTER_MS, CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_WARN_AFTER_MS_DEFAULT); parseStaticMapping(conf); this.timer = timer; this.cache = CacheBuilder.newBuilder() .refreshAfterWrite(cacheTimeout, TimeUnit.MILLISECONDS) .ticker(new TimerToTickerAdapter(timer)) .expireAfterWrite(10 * cacheTimeout, TimeUnit.MILLISECONDS) .build(new GroupCacheLoader()); if(negativeCacheTimeout > 0) { Cache<String, Boolean> tempMap = CacheBuilder.newBuilder() .expireAfterWrite(negativeCacheTimeout, TimeUnit.MILLISECONDS) .ticker(new TimerToTickerAdapter(timer)) .build(); negativeCache = Collections.newSetFromMap(tempMap.asMap()); } if(LOG.isDebugEnabled()) LOG.debug("Group mapping impl=" + impl.getClass().getName() + "; cacheTimeout=" + cacheTimeout + "; warningDeltaMs=" + warningDeltaMs); }
public Groups(Configuration conf, final Timer timer) { impl = ReflectionUtils.newInstance( conf.getClass(CommonConfigurationKeys.HADOOP_SECURITY_GROUP_MAPPING, ShellBasedUnixGroupsMapping.class, GroupMappingServiceProvider.class), conf); cacheTimeout = conf.getLong(CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_SECS, CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_SECS_DEFAULT) * 1000; negativeCacheTimeout = conf.getLong(CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_NEGATIVE_CACHE_SECS, CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_NEGATIVE_CACHE_SECS_DEFAULT) * 1000; warningDeltaMs = conf.getLong(CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_WARN_AFTER_MS, CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_WARN_AFTER_MS_DEFAULT); staticUserToGroupsMap = parseStaticMapping(conf); this.timer = timer; this.cache = CacheBuilder.newBuilder() .refreshAfterWrite(cacheTimeout, TimeUnit.MILLISECONDS) .ticker(new TimerToTickerAdapter(timer)) .expireAfterWrite(10 * cacheTimeout, TimeUnit.MILLISECONDS) .build(new GroupCacheLoader()); if(negativeCacheTimeout > 0) { Cache<String, Boolean> tempMap = CacheBuilder.newBuilder() .expireAfterWrite(negativeCacheTimeout, TimeUnit.MILLISECONDS) .ticker(new TimerToTickerAdapter(timer)) .build(); negativeCache = Collections.newSetFromMap(tempMap.asMap()); } if(LOG.isDebugEnabled()) LOG.debug("Group mapping impl=" + impl.getClass().getName() + "; cacheTimeout=" + cacheTimeout + "; warningDeltaMs=" + warningDeltaMs); }
@Test public void expireConversionWorks() { Timer mockTimer = mock(Timer.class); when(mockTimer.now()) .thenReturn(5l); AccessTokenTimer timer = new AccessTokenTimer(mockTimer); timer.setExpiresIn("3"); assertEquals(3005, timer.getNextRefreshMSSinceEpoch()); assertTrue(timer.shouldRefresh()); }
public Groups(Configuration conf) { this(conf, new Timer()); }
public TimerToTickerAdapter(Timer timer) { this.timer = timer; }
public ConfRefreshTokenBasedAccessTokenProvider(Timer timer) { this.accessTokenTimer = new AccessTokenTimer(timer); }
public ConfCredentialBasedAccessTokenProvider(Timer timer) { super(timer); }
CredentialBasedAccessTokenProvider(Timer timer) { this.timer = new AccessTokenTimer(timer); }
public AccessTokenTimer() { this(new Timer()); }
/** * * @param timer Timer instance for unit testing */ public AccessTokenTimer(Timer timer) { this.timer = timer; this.nextRefreshMSSinceEpoch = 0; }
/** * The expires_in param from OAuth is in seconds-from-now. Convert to * milliseconds-from-epoch */ static Long convertExpiresIn(Timer timer, String expiresInSecs) { long expiresSecs = Long.parseLong(expiresInSecs); long expiresMs = expiresSecs * 1000; return timer.now() + expiresMs; }
@Test public void refreshUrlIsCorrect() throws IOException { final int PORT = 7552; final String REFRESH_ADDRESS = "http://localhost:" + PORT + "/refresh"; long tokenExpires = 0; Configuration conf = buildConf("refresh token key", Long.toString(tokenExpires), "joebob", REFRESH_ADDRESS); Timer mockTimer = mock(Timer.class); when(mockTimer.now()).thenReturn(tokenExpires + 1000l); AccessTokenProvider tokenProvider = new ConfRefreshTokenBasedAccessTokenProvider(mockTimer); tokenProvider.setConf(conf); // Build mock server to receive refresh request ClientAndServer mockServer = startClientAndServer(PORT); HttpRequest expectedRequest = request() .withMethod("POST") .withPath("/refresh") // Note, OkHttp does not sort the param values, so we need to // do it ourselves via the ordering provided to ParameterBody... .withBody( ParameterBody.params( Parameter.param(CLIENT_ID, "joebob"), Parameter.param(GRANT_TYPE, REFRESH_TOKEN), Parameter.param(REFRESH_TOKEN, "refresh token key"))); MockServerClient mockServerClient = new MockServerClient("localhost", PORT); // https://tools.ietf.org/html/rfc6749#section-5.1 Map<String, Object> map = new TreeMap<>(); map.put(EXPIRES_IN, "0987654321"); map.put(TOKEN_TYPE, BEARER); map.put(ACCESS_TOKEN, "new access token"); ObjectMapper mapper = new ObjectMapper(); HttpResponse resp = response() .withStatusCode(HttpStatus.SC_OK) .withHeaders( CONTENT_TYPE_APPLICATION_JSON ) .withBody(mapper.writeValueAsString(map)); mockServerClient .when(expectedRequest, exactly(1)) .respond(resp); assertEquals("new access token", tokenProvider.getAccessToken()); mockServerClient.verify(expectedRequest); mockServerClient.clear(expectedRequest); mockServer.stop(); }
@Test public void refreshUrlIsCorrect() throws IOException { final int PORT = ServerSocketUtil.getPort(0, 20); final String REFRESH_ADDRESS = "http://localhost:" + PORT + "/refresh"; long tokenExpires = 0; Configuration conf = buildConf("myreallycoolcredential", Long.toString(tokenExpires), CLIENT_ID_FOR_TESTING, REFRESH_ADDRESS); Timer mockTimer = mock(Timer.class); when(mockTimer.now()).thenReturn(tokenExpires + 1000l); AccessTokenProvider credProvider = new ConfCredentialBasedAccessTokenProvider(mockTimer); credProvider.setConf(conf); // Build mock server to receive refresh request ClientAndServer mockServer = startClientAndServer(PORT); HttpRequest expectedRequest = request() .withMethod("POST") .withPath("/refresh") .withBody( // Note, OkHttp does not sort the param values, so we need to do // it ourselves via the ordering provided to ParameterBody... ParameterBody.params( Parameter.param(CLIENT_SECRET, "myreallycoolcredential"), Parameter.param(GRANT_TYPE, CLIENT_CREDENTIALS), Parameter.param(CLIENT_ID, CLIENT_ID_FOR_TESTING) )); MockServerClient mockServerClient = new MockServerClient("localhost", PORT); // https://tools.ietf.org/html/rfc6749#section-5.1 Map<String, Object> map = new TreeMap<>(); map.put(EXPIRES_IN, "0987654321"); map.put(TOKEN_TYPE, "bearer"); map.put(ACCESS_TOKEN, "new access token"); ObjectMapper mapper = new ObjectMapper(); HttpResponse resp = response() .withStatusCode(HttpStatus.SC_OK) .withHeaders( CONTENT_TYPE_APPLICATION_JSON ) .withBody(mapper.writeValueAsString(map)); mockServerClient .when(expectedRequest, exactly(1)) .respond(resp); assertEquals("new access token", credProvider.getAccessToken()); mockServerClient.verify(expectedRequest); mockServerClient.clear(expectedRequest); mockServer.stop(); }
public Groups(Configuration conf, final Timer timer) { impl = ReflectionUtils.newInstance( conf.getClass(CommonConfigurationKeys.HADOOP_SECURITY_GROUP_MAPPING, ShellBasedUnixGroupsMapping.class, GroupMappingServiceProvider.class), conf); cacheTimeout = conf.getLong(CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_SECS, CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_SECS_DEFAULT) * 1000; negativeCacheTimeout = conf.getLong(CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_NEGATIVE_CACHE_SECS, CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_NEGATIVE_CACHE_SECS_DEFAULT) * 1000; warningDeltaMs = conf.getLong(CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_WARN_AFTER_MS, CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_WARN_AFTER_MS_DEFAULT); reloadGroupsInBackground = conf.getBoolean( CommonConfigurationKeys. HADOOP_SECURITY_GROUPS_CACHE_BACKGROUND_RELOAD, CommonConfigurationKeys. HADOOP_SECURITY_GROUPS_CACHE_BACKGROUND_RELOAD_DEFAULT); reloadGroupsThreadCount = conf.getInt( CommonConfigurationKeys. HADOOP_SECURITY_GROUPS_CACHE_BACKGROUND_RELOAD_THREADS, CommonConfigurationKeys. HADOOP_SECURITY_GROUPS_CACHE_BACKGROUND_RELOAD_THREADS_DEFAULT); parseStaticMapping(conf); this.timer = timer; this.cache = CacheBuilder.newBuilder() .refreshAfterWrite(cacheTimeout, TimeUnit.MILLISECONDS) .ticker(new TimerToTickerAdapter(timer)) .expireAfterWrite(10 * cacheTimeout, TimeUnit.MILLISECONDS) .build(new GroupCacheLoader()); if(negativeCacheTimeout > 0) { Cache<String, Boolean> tempMap = CacheBuilder.newBuilder() .expireAfterWrite(negativeCacheTimeout, TimeUnit.MILLISECONDS) .ticker(new TimerToTickerAdapter(timer)) .build(); negativeCache = Collections.newSetFromMap(tempMap.asMap()); } if(LOG.isDebugEnabled()) LOG.debug("Group mapping impl=" + impl.getClass().getName() + "; cacheTimeout=" + cacheTimeout + "; warningDeltaMs=" + warningDeltaMs); }
