/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2015 ForgeRock AS.
*/
/**
* A session blacklist decorator implementation that uses a bloom filter to reduce the number of checks that need to
* be performed against the underlying blacklist implementation. The advantage of a bloom filter is that it can store
* very large blacklists (millions of entries) in memory, but with some possibility of false positives.
*/
this.bloomFilter = bloomFilter;
this.serviceConfig = serviceConfig;
}
});
}
/**
* Creates the bloom filter session blacklist using the given delegate blacklist to confirm membership, and the
* given service configuration. If the bloom filter does not contain a given session, then we know for definite
* that it is not blacklisted. Otherwise, we delegate to the given session blacklist to check if it actually is
* blacklisted or not, to eliminate false positives.
* <p/>
* In order to ensure that the bloom filter is kept in-sync with the definitive blacklist (to avoid false
* negatives), this implementation will subscribe to blacklist notifications from the delegate.
*
* @param delegate the definitive blacklist.
* @param serviceConfig the session service configuration to get blacklist settings from.
*/
final SessionServiceConfig serviceConfig) {
.build());
}
// Just delegate - the event listener on the delegate will add the session to the bloom filter
}
boolean blacklisted = false;
}
return blacklisted;
}
}
/**
* Adapter to allow session objects to be stored in Guava bloom filters. Uses the UTF-8 encoded bytes of the
* stable id of the session as the key.
*/
private static final Funnel<CharSequence> UTF8FUNNEL = Funnels.stringFunnel(Charset.forName("UTF-8"));
public void funnel(final @Nonnull SessionBlacklistEntry session, final @Nonnull PrimitiveSink primitiveSink) {
}
}
/**
* Strategy to determine when a session has expired and no longer needs to be stored in the bloom filter.
*/
return session.expiryTime;
}
}
/**
* Minimal information about a session required for blacklisting in the bloom filter.
*/
static final class SessionBlacklistEntry {
private final long expiryTime;
this.expiryTime = expiryTime;
}
return new SessionBlacklistEntry(session.getStableStorageID(), session.getBlacklistExpiryTime(purgeDelayMs));
}
if (this == o) {
return true;
}
return false;
}
}
public int hashCode() {
return result;
}
}
}