broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/CachingSecurityToken.java - qpid-broker-j - Git at Google

 /*
  *
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  *
  */
 package org.apache.qpid.server.security.access.config;

 import java.util.Map;
 import java.util.Objects;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 import java.util.concurrent.atomic.AtomicReferenceFieldUpdater;

 import javax.security.auth.Subject;

 import org.apache.qpid.server.model.PermissionedObject;
 import org.apache.qpid.server.security.Result;
 import org.apache.qpid.server.security.SecurityToken;
 import org.apache.qpid.server.security.access.Operation;

 class CachingSecurityToken implements SecurityToken
 {
     private final Subject _subject;
     private volatile AccessControlCache _cache;

     private static final AtomicReferenceFieldUpdater<CachingSecurityToken, AccessControlCache> CACHE_UPDATE =
             AtomicReferenceFieldUpdater.newUpdater(CachingSecurityToken.class, AccessControlCache.class, "_cache");

     CachingSecurityToken(final Subject subject, final RuleBasedAccessControl accessControl)
     {
         _subject = subject;
         _cache = new AccessControlCache(accessControl);
     }

     Subject getSubject()
     {
         return _subject;
     }

     Result authorise(final RuleBasedAccessControl ruleBasedAccessControl, final Operation operation,
                      final PermissionedObject configuredObject,
                      final Map<String, Object> arguments)
     {
         AccessControlCache cache;
         while((cache = CACHE_UPDATE.get(this)).getAccessControl() != ruleBasedAccessControl)
         {
             CACHE_UPDATE.compareAndSet(this, cache, new AccessControlCache(ruleBasedAccessControl));
         }
         final CachedMethodAuthKey key = new CachedMethodAuthKey(configuredObject, operation, arguments);
         Result result = cache.getCache().get(key);
         if(result == null)
         {
             result = ruleBasedAccessControl.authorise(operation, configuredObject, arguments);
             cache.getCache().putIfAbsent(key, result);
         }
         return result;
     }

     private static final class CachedMethodAuthKey
     {
         private final PermissionedObject _configuredObject;
         private final Operation _operation;
         private final Map<String, Object> _arguments;
         private final int _hashCode;

         public CachedMethodAuthKey(final PermissionedObject configuredObject,
                                    final Operation operation,
                                    final Map<String, Object> arguments)
         {
             _configuredObject = configuredObject;
             _operation = operation;
             _arguments = arguments;
             int result = _configuredObject != null ? _configuredObject.hashCode() : 0;
             result = 31 * result + (operation != null ? operation.hashCode() : 0);
             result = 31 * result + (_arguments != null ? _arguments.hashCode() : 0);
             _hashCode = result;
         }

         @Override
         public boolean equals(final Object o)
         {
             if (this == o)
             {
                 return true;
             }
             if (o == null || getClass() != o.getClass())
             {
                 return false;
             }

             final CachedMethodAuthKey that = (CachedMethodAuthKey) o;

             return Objects.equals(_configuredObject, that._configuredObject)
                    && Objects.equals(_operation, that._operation)
                    && Objects.equals(_arguments, that._arguments);

         }

         @Override
         public int hashCode()
         {
             return _hashCode;
         }
     }

     private static final class AccessControlCache
     {
         private final RuleBasedAccessControl _accessControl;
         private final ConcurrentMap<CachedMethodAuthKey, Result>  _cache = new ConcurrentHashMap<>();

         private AccessControlCache(final RuleBasedAccessControl accessControl)
         {
             _accessControl = accessControl;
         }

         public RuleBasedAccessControl getAccessControl()
         {
             return _accessControl;
         }

         public ConcurrentMap<CachedMethodAuthKey, Result> getCache()
         {
             return _cache;
         }
     }
 }
	/*
	*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*
	*/
	package org.apache.qpid.server.security.access.config;

	import java.util.Map;
	import java.util.Objects;
	import java.util.concurrent.ConcurrentHashMap;
	import java.util.concurrent.ConcurrentMap;
	import java.util.concurrent.atomic.AtomicReferenceFieldUpdater;

	import javax.security.auth.Subject;

	import org.apache.qpid.server.model.PermissionedObject;
	import org.apache.qpid.server.security.Result;
	import org.apache.qpid.server.security.SecurityToken;
	import org.apache.qpid.server.security.access.Operation;

	class CachingSecurityToken implements SecurityToken
	{
	private final Subject _subject;
	private volatile AccessControlCache _cache;

	private static final AtomicReferenceFieldUpdater<CachingSecurityToken, AccessControlCache> CACHE_UPDATE =
	AtomicReferenceFieldUpdater.newUpdater(CachingSecurityToken.class, AccessControlCache.class, "_cache");

	CachingSecurityToken(final Subject subject, final RuleBasedAccessControl accessControl)
	{
	_subject = subject;
	_cache = new AccessControlCache(accessControl);
	}

	Subject getSubject()
	{
	return _subject;
	}

	Result authorise(final RuleBasedAccessControl ruleBasedAccessControl, final Operation operation,
	final PermissionedObject configuredObject,
	final Map<String, Object> arguments)
	{
	AccessControlCache cache;
	while((cache = CACHE_UPDATE.get(this)).getAccessControl() != ruleBasedAccessControl)
	{
	CACHE_UPDATE.compareAndSet(this, cache, new AccessControlCache(ruleBasedAccessControl));
	}
	final CachedMethodAuthKey key = new CachedMethodAuthKey(configuredObject, operation, arguments);
	Result result = cache.getCache().get(key);
	if(result == null)
	{
	result = ruleBasedAccessControl.authorise(operation, configuredObject, arguments);
	cache.getCache().putIfAbsent(key, result);
	}
	return result;
	}

	private static final class CachedMethodAuthKey
	{
	private final PermissionedObject _configuredObject;
	private final Operation _operation;
	private final Map<String, Object> _arguments;
	private final int _hashCode;

	public CachedMethodAuthKey(final PermissionedObject configuredObject,
	final Operation operation,
	final Map<String, Object> arguments)
	{
	_configuredObject = configuredObject;
	_operation = operation;
	_arguments = arguments;
	int result = _configuredObject != null ? _configuredObject.hashCode() : 0;
	result = 31 * result + (operation != null ? operation.hashCode() : 0);
	result = 31 * result + (_arguments != null ? _arguments.hashCode() : 0);
	_hashCode = result;
	}

	@Override
	public boolean equals(final Object o)
	{
	if (this == o)
	{
	return true;
	}
	if (o == null \|\| getClass() != o.getClass())
	{
	return false;
	}

	final CachedMethodAuthKey that = (CachedMethodAuthKey) o;

	return Objects.equals(_configuredObject, that._configuredObject)
	&& Objects.equals(_operation, that._operation)
	&& Objects.equals(_arguments, that._arguments);

	}

	@Override
	public int hashCode()
	{
	return _hashCode;
	}
	}

	private static final class AccessControlCache
	{
	private final RuleBasedAccessControl _accessControl;
	private final ConcurrentMap<CachedMethodAuthKey, Result> _cache = new ConcurrentHashMap<>();

	private AccessControlCache(final RuleBasedAccessControl accessControl)
	{
	_accessControl = accessControl;
	}

	public RuleBasedAccessControl getAccessControl()
	{
	return _accessControl;
	}

	public ConcurrentMap<CachedMethodAuthKey, Result> getCache()
	{
	return _cache;
	}
	}
	}