porter_lightweight/gateway-service/src/main/java/org/apache/servicecomb/samples/porter/gateway/AuthHandler.java - servicecomb-samples - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.servicecomb.samples.porter.gateway;

 import java.util.concurrent.TimeUnit;

 import org.apache.servicecomb.core.Handler;
 import org.apache.servicecomb.core.Invocation;
 import org.apache.servicecomb.foundation.common.utils.JsonUtils;
 import org.apache.servicecomb.provider.springmvc.reference.async.CseAsyncRestTemplate;
 import org.apache.servicecomb.samples.porter.user.api.SessionInfo;
 import org.apache.servicecomb.swagger.invocation.AsyncResponse;
 import org.apache.servicecomb.swagger.invocation.Response;
 import org.apache.servicecomb.swagger.invocation.exception.InvocationException;
 import org.springframework.http.ResponseEntity;
 import org.springframework.util.concurrent.ListenableFuture;
 import org.springframework.util.concurrent.ListenableFutureCallback;

 import com.google.common.cache.Cache;
 import com.google.common.cache.CacheBuilder;


 public class AuthHandler implements Handler {
   private CseAsyncRestTemplate restTemplate = new CseAsyncRestTemplate();

   // session expires in 10 minutes, cache for 1 seconds to get rid of concurrent scenarios.
   private Cache<String, String> sessionCache = CacheBuilder.newBuilder()
       .expireAfterAccess(30, TimeUnit.SECONDS)
       .build();

   @Override
   public void handle(Invocation invocation, AsyncResponse asyncResponse) throws Exception {
     if (invocation.getMicroserviceName().equals("user-service")
         && (invocation.getOperationName().equals("login")
             || (invocation.getOperationName().equals("getSession")))) {
       // login：return session id, set cookie by javascript
       invocation.next(asyncResponse);
     } else {
       // check session
       String sessionId = invocation.getContext("session-id");
       if (sessionId == null) {
         throw new InvocationException(403, "", "session is not valid.");
       }

       String sessionInfo = sessionCache.getIfPresent(sessionId);
       if (sessionInfo != null) {
         try {
           // session info stored in InvocationContext. Microservices can get it.
           invocation.addContext("session-id", sessionId);
           invocation.addContext("session-info", sessionInfo);
           invocation.next(asyncResponse);
         } catch (Exception e) {
           asyncResponse.complete(Response.failResp(new InvocationException(500, "", e.getMessage())));
         }
         return;
       }

       // In edge, handler is executed in reactively. Must have no blocking logic.
       ListenableFuture<ResponseEntity<SessionInfo>> sessionInfoFuture =
           restTemplate.getForEntity("cse://user-service/v1/user/session?sessionId=" + sessionId, SessionInfo.class);
       sessionInfoFuture.addCallback(
           new ListenableFutureCallback<ResponseEntity<SessionInfo>>() {
             @Override
             public void onFailure(Throwable ex) {
               asyncResponse.complete(Response.failResp(new InvocationException(403, "", "session is not valid.")));
             }

             @Override
             public void onSuccess(ResponseEntity<SessionInfo> result) {
               SessionInfo sessionInfo = result.getBody();
               if (sessionInfo == null) {
                 asyncResponse.complete(Response.failResp(new InvocationException(403, "", "session is not valid.")));
                 return;
               }
               try {
                 // session info stored in InvocationContext. Microservices can get it.
                 invocation.addContext("session-id", sessionId);
                 String sessionInfoStr = JsonUtils.writeValueAsString(sessionInfo);
                 invocation.addContext("session-info", sessionInfoStr);
                 invocation.next(asyncResponse);
                 sessionCache.put(sessionId, sessionInfoStr);
               } catch (Exception e) {
                 asyncResponse.complete(Response.failResp(new InvocationException(500, "", e.getMessage())));
               }
             }
           });
     }
   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.servicecomb.samples.porter.gateway;

	import java.util.concurrent.TimeUnit;

	import org.apache.servicecomb.core.Handler;
	import org.apache.servicecomb.core.Invocation;
	import org.apache.servicecomb.foundation.common.utils.JsonUtils;
	import org.apache.servicecomb.provider.springmvc.reference.async.CseAsyncRestTemplate;
	import org.apache.servicecomb.samples.porter.user.api.SessionInfo;
	import org.apache.servicecomb.swagger.invocation.AsyncResponse;
	import org.apache.servicecomb.swagger.invocation.Response;
	import org.apache.servicecomb.swagger.invocation.exception.InvocationException;
	import org.springframework.http.ResponseEntity;
	import org.springframework.util.concurrent.ListenableFuture;
	import org.springframework.util.concurrent.ListenableFutureCallback;

	import com.google.common.cache.Cache;
	import com.google.common.cache.CacheBuilder;


	public class AuthHandler implements Handler {
	private CseAsyncRestTemplate restTemplate = new CseAsyncRestTemplate();

	// session expires in 10 minutes, cache for 1 seconds to get rid of concurrent scenarios.
	private Cache<String, String> sessionCache = CacheBuilder.newBuilder()
	.expireAfterAccess(30, TimeUnit.SECONDS)
	.build();

	@Override
	public void handle(Invocation invocation, AsyncResponse asyncResponse) throws Exception {
	if (invocation.getMicroserviceName().equals("user-service")
	&& (invocation.getOperationName().equals("login")
	\|\| (invocation.getOperationName().equals("getSession")))) {
	// login：return session id, set cookie by javascript
	invocation.next(asyncResponse);
	} else {
	// check session
	String sessionId = invocation.getContext("session-id");
	if (sessionId == null) {
	throw new InvocationException(403, "", "session is not valid.");
	}

	String sessionInfo = sessionCache.getIfPresent(sessionId);
	if (sessionInfo != null) {
	try {
	// session info stored in InvocationContext. Microservices can get it.
	invocation.addContext("session-id", sessionId);
	invocation.addContext("session-info", sessionInfo);
	invocation.next(asyncResponse);
	} catch (Exception e) {
	asyncResponse.complete(Response.failResp(new InvocationException(500, "", e.getMessage())));
	}
	return;
	}

	// In edge, handler is executed in reactively. Must have no blocking logic.
	ListenableFuture<ResponseEntity<SessionInfo>> sessionInfoFuture =
	restTemplate.getForEntity("cse://user-service/v1/user/session?sessionId=" + sessionId, SessionInfo.class);
	sessionInfoFuture.addCallback(
	new ListenableFutureCallback<ResponseEntity<SessionInfo>>() {
	@Override
	public void onFailure(Throwable ex) {
	asyncResponse.complete(Response.failResp(new InvocationException(403, "", "session is not valid.")));
	}

	@Override
	public void onSuccess(ResponseEntity<SessionInfo> result) {
	SessionInfo sessionInfo = result.getBody();
	if (sessionInfo == null) {
	asyncResponse.complete(Response.failResp(new InvocationException(403, "", "session is not valid.")));
	return;
	}
	try {
	// session info stored in InvocationContext. Microservices can get it.
	invocation.addContext("session-id", sessionId);
	String sessionInfoStr = JsonUtils.writeValueAsString(sessionInfo);
	invocation.addContext("session-info", sessionInfoStr);
	invocation.next(asyncResponse);
	sessionCache.put(sessionId, sessionInfoStr);
	} catch (Exception e) {
	asyncResponse.complete(Response.failResp(new InvocationException(500, "", e.getMessage())));
	}
	}
	});
	}
	}
	}