sm/ldap/CoreTokenConfig.java

	CoreTokenConfig.java revision b334b83b7ac2d9a8c60d935cad0365506f13333b
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major/**
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major * Copyright 2013 ForgeRock, AS.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major *
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major * The contents of this file are subject to the terms of the Common Development and
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major * Distribution License (the License). You may not use this file except in compliance with the
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major * License.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major *
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major * specific language governing permission and limitations under the License.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major *
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major * When distributing Covered Software, include this CDDL Header Notice in each file and include
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major * Header, with the fields enclosed by brackets [] replaced by your own identifying
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major * information: "Portions copyright [year] [name of copyright owner]".
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major */
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Majorpackage com.sun.identity.sm.ldap;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Majorimport com.iplanet.am.util.SystemProperties;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Majorimport com.iplanet.dpro.session.service.InternalSession;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Majorimport com.sun.identity.shared.Constants;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Majorimport com.sun.identity.shared.configuration.SystemPropertiesManager;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Majorimport com.sun.identity.sm.ldap.api.CoreTokenConstants;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major/**
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major * Represents any configuration required for the Core Token Service.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major *
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major * @author robert.wapshott@forgerock.com
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major */
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Majorpublic class CoreTokenConfig {
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    private final boolean caseSensitiveUserId;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    private final int sessionExpiryGracePeriod;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    private final int expiredSessionsSearchLimit;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    private final int cleanupPeriod;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    private final int healthCheckPeriod;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    private final int runPeriod;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    private final int sleepInterval;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    // Token Blob strategy flags
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    private final boolean tokensEncrypted;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    private final boolean tokensCompressed;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    private final boolean attributeNamesCompressed;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    /**
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     * Create a new default instance of the CoreTokenConfig which will establish the various configuration
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     * it requires from System Properties.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     */
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    public CoreTokenConfig() {
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        caseSensitiveUserId = SystemProperties.getAsBoolean(com.sun.identity.shared.Constants.CASE_SENSITIVE_UUID);
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        // 5 minutes
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        sessionExpiryGracePeriod = 5 * 60;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        // Derive the expired Session Search Limit from system properties
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        expiredSessionsSearchLimit = getSystemManagerPropertyAsInt(CoreTokenConstants.SYS_PROPERTY_EXPIRED_SEARCH_LIMIT, 250);
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        // Derive the run period for the Core Token Service, controls how often token cleanup occurs.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        cleanupPeriod = getSystemManagerPropertyAsInt(CoreTokenConstants.CLEANUP_PERIOD, 5 * 60 * 1000);
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        healthCheckPeriod = getSystemManagerPropertyAsInt(CoreTokenConstants.HEALTH_CHECK_PERIOD, 1 * 60 * 1000);
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        runPeriod = Math.min(cleanupPeriod, healthCheckPeriod);
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        // Sleep interval between cycles in Core Token Service thread.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        sleepInterval = 60 * 1000;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        // Indicate if all Tokens stored in the Core Token Service should be encrypted.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        tokensEncrypted = SystemProperties.getAsBoolean(Constants.SESSION_REPOSITORY_ENCRYPTION);
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        // Control Token Compression.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        tokensCompressed = SystemProperties.getAsBoolean(Constants.SESSION_REPOSITORY_COMPRESSION);
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        // Control Attribute Name Compression.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        attributeNamesCompressed = SystemProperties.getAsBoolean(Constants.SESSION_REPOSITORY_ATTRIBUTE_NAME_COMPRESSION);
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    }
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    /**
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     * Utility function to correctly derive the value of a SystemPropertiesManager value.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     *
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     * @param prop Property to extract from SystemPropertiesManager.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     * @param defaultValue Default value to use in the event of an error of any kind.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     * @return An integer, either the value from the system properties or the default.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     */
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    private static int getSystemManagerPropertyAsInt(String prop, int defaultValue) {
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        if (prop == null) {
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major            return defaultValue;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        }
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        String value = SystemPropertiesManager.get(prop);
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        if (value == null) {
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major            return defaultValue;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        }
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        try {
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major            return Integer.parseInt(value);
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        } catch (NumberFormatException e) {
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major            return defaultValue;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        }
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    }
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    /**
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     * The Expired Session Search Limit.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     * @return A value greater than zero.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     */
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    public int getExpiredSessionsSearchLimit() {
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        return expiredSessionsSearchLimit;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    }
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    /**
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     * @return True if the User Id is case sensitive.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     */
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    public boolean isCaseSensitiveUserId() {
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        return caseSensitiveUserId;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    }
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    /**
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     * @return The time period in seconds before a Session will timeout.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     */
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    public int getSessionExpiryGracePeriod() {
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        return sessionExpiryGracePeriod;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    }
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    /**
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     * @return The period in milliseconds for how often the clean up thread of the Core Token Service should
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     * run to check for expired Tokens.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     */
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    public int getRunPeriod() {
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        return runPeriod;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    }
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    /**
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     * @return The interval in milliseconds for the
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     */
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    public int getSleepInterval() {
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        return sleepInterval;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    }
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    /**
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     * Extract the UserId from the InternalSession.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     *
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     * Account for some foibles around the user id. In particular
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     *
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     * @param session Non null.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     * @return Non null user id.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     */
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    public String getUserId(InternalSession session) {
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        // If the sessions Users ID has not been initialised, calling set will initialise it.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        String userId = session.getUUID();
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        // Now process the case sensitivity for users id.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        if (isCaseSensitiveUserId()) {
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major            return userId;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        }
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        return userId.toLowerCase();
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    }
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    /**
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     * @return True if the Binary object stored for each Token should be encrypted by the Core Token Service.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     */
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    public boolean isTokenEncrypted() {
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        return tokensEncrypted;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    }
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    /**
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     * @return True if the tokens within the Core Token Service can be compressed. False is the default.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     */
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    public boolean isTokenCompressed() {
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        return tokensCompressed;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    }
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    /**
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     * @return True if The Token Attribute Names should be compressed as well. False by default.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major     */
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    public boolean isAttributeNamesCompressed() {
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major        return attributeNamesCompressed;
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major    }
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major}