coretoken/service/TokenCleanupRunnable.java

	TokenCleanupRunnable.java revision 8af80418ba1ec431c8027fa9668e5678658d3611
abd8dd44106c507dd2cb64359b63d7d56fa0a9c8Christian Maeder/**
abd8dd44106c507dd2cb64359b63d7d56fa0a9c8Christian Maeder * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
09249711700a6acbc40a2e337688b434d7aafa28Christian Maeder *
76647324ed70f33b95a881b536d883daccf9568dChristian Maeder * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
97018cf5fa25b494adffd7e9b4e87320dae6bf47Christian Maeder *
c00adad2e9459b422dee09e3a2bddba66b433bb7Christian Maeder * The contents of this file are subject to the terms of the Common
3f69b6948966979163bdfe8331c38833d5d90ecdChristian Maeder * Development and Distribution License (the License). You may not use
abd8dd44106c507dd2cb64359b63d7d56fa0a9c8Christian Maeder * this file except in compliance with the License.
76647324ed70f33b95a881b536d883daccf9568dChristian Maeder *
f3a94a197960e548ecd6520bb768cb0d547457bbChristian Maeder * You can obtain a copy of the License at
f3a94a197960e548ecd6520bb768cb0d547457bbChristian Maeder * https://opensso.dev.java.net/public/CDDLv1.0.html or
aff01ee50b66032469c232e00c945d1fd4f57d1bChristian Maeder * opensso/legal/CDDLv1.0.txt
c00adad2e9459b422dee09e3a2bddba66b433bb7Christian Maeder * See the License for the specific language governing
c00adad2e9459b422dee09e3a2bddba66b433bb7Christian Maeder * permission and limitations under the License.
e8ffec0fa3d3061061bdc16e44247b9cf96b050fChristian Maeder *
c00adad2e9459b422dee09e3a2bddba66b433bb7Christian Maeder * When distributing Covered Code, include this CDDL Header Notice in each
e8ffec0fa3d3061061bdc16e44247b9cf96b050fChristian Maeder * file and include the License file at opensso/legal/CDDLv1.0.txt. If
950e053ba55ac9c7d9c26a1ab48bd00202b29511Christian Maeder * applicable, add the following below the CDDL Header, with the fields
0a39036fa485579a7b7c81cdd44a412392571927Christian Maeder * enclosed by brackets [] replaced by your own identifying information:
e8ffec0fa3d3061061bdc16e44247b9cf96b050fChristian Maeder * "Portions Copyrighted [year] [name of copyright owner]"
0a39036fa485579a7b7c81cdd44a412392571927Christian Maeder *
d48085f765fca838c1d972d2123601997174583dChristian Maeder * $Id: TokenCleanupRunnable.java,v 1.1 2009/11/19 00:07:40 qcheng Exp $
5d7e4bf173534e7eb3fc84dce7bb0151079d3f8aChristian Maeder */
ad270004874ce1d0697fb30d7309f180553bb315Christian Maeder
0a39036fa485579a7b7c81cdd44a412392571927Christian Maederpackage com.sun.identity.coretoken.service;
abd8dd44106c507dd2cb64359b63d7d56fa0a9c8Christian Maeder
d48085f765fca838c1d972d2123601997174583dChristian Maederimport com.iplanet.sso.SSOException;
76647324ed70f33b95a881b536d883daccf9568dChristian Maederimport com.iplanet.sso.SSOToken;
d48085f765fca838c1d972d2123601997174583dChristian Maederimport com.sun.identity.coretoken.spi.OpenSSOCoreTokenStore;
d48085f765fca838c1d972d2123601997174583dChristian Maederimport com.sun.identity.common.GeneralTaskRunnable;
76647324ed70f33b95a881b536d883daccf9568dChristian Maederimport com.sun.identity.coretoken.CoreTokenException;
d48085f765fca838c1d972d2123601997174583dChristian Maederimport com.sun.identity.coretoken.CoreTokenConstants;
05ae87b9efa19655024b0b6ac344d250b96567cdChristian Maederimport com.sun.identity.coretoken.CoreTokenUtils;
d48085f765fca838c1d972d2123601997174583dChristian Maederimport com.sun.identity.coretoken.TokenLogUtils;
d48085f765fca838c1d972d2123601997174583dChristian Maederimport com.sun.identity.security.AdminTokenAction;
d48085f765fca838c1d972d2123601997174583dChristian Maederimport com.sun.identity.shared.ldap.LDAPDN;
d48085f765fca838c1d972d2123601997174583dChristian Maederimport com.sun.identity.sm.SMSEntry;
d48085f765fca838c1d972d2123601997174583dChristian Maederimport com.sun.identity.sm.SMSException;
a39a820684c1974350f46593025e0bb279f41bc6Christian Maederimport java.security.AccessController;
a39a820684c1974350f46593025e0bb279f41bc6Christian Maederimport java.util.HashSet;
a39a820684c1974350f46593025e0bb279f41bc6Christian Maederimport java.util.Iterator;
a39a820684c1974350f46593025e0bb279f41bc6Christian Maederimport java.util.Map;
76647324ed70f33b95a881b536d883daccf9568dChristian Maederimport java.util.Set;
d48085f765fca838c1d972d2123601997174583dChristian Maederimport java.util.logging.Level;
d48085f765fca838c1d972d2123601997174583dChristian Maederimport org.json.JSONArray;
d48085f765fca838c1d972d2123601997174583dChristian Maederimport org.json.JSONException;
d48085f765fca838c1d972d2123601997174583dChristian Maederimport org.json.JSONObject;
d48085f765fca838c1d972d2123601997174583dChristian Maeder
05ae87b9efa19655024b0b6ac344d250b96567cdChristian Maeder/**
d48085f765fca838c1d972d2123601997174583dChristian Maeder * The class is used to cleanup expired token in the core token store.
793945d4ac7c0f22760589c87af8e71427c76118Christian Maeder */
a716971174535184da7713ed308423e355a4aa66Christian Maederpublic class TokenCleanupRunnable extends GeneralTaskRunnable {
793945d4ac7c0f22760589c87af8e71427c76118Christian Maeder
793945d4ac7c0f22760589c87af8e71427c76118Christian Maeder    // TODO : evaluate other options for cleanup based on performance
5e5c3fbbf8c22b883d551d83429b9f8d8041f1e0Christian Maeder    // 1. use directory server plugin
feab655b0275874012c3cf9859064c177860cc70Christian Maeder
f2c2b420e386a90d940c758c631d16f12952d2b7Christian Maeder    // run period of the cleanup thread
f2c2b420e386a90d940c758c631d16f12952d2b7Christian Maeder    private long runPeriod;
f2c2b420e386a90d940c758c631d16f12952d2b7Christian Maeder
793945d4ac7c0f22760589c87af8e71427c76118Christian Maeder    /**
793945d4ac7c0f22760589c87af8e71427c76118Christian Maeder     * Constructor.
a716971174535184da7713ed308423e355a4aa66Christian Maeder     * @param runPeriod The period for the clean up to run.
a716971174535184da7713ed308423e355a4aa66Christian Maeder     */
5e5c3fbbf8c22b883d551d83429b9f8d8041f1e0Christian Maeder    public TokenCleanupRunnable(long runPeriod) {
a716971174535184da7713ed308423e355a4aa66Christian Maeder        this.runPeriod = runPeriod;
a716971174535184da7713ed308423e355a4aa66Christian Maeder    }
a716971174535184da7713ed308423e355a4aa66Christian Maeder
a716971174535184da7713ed308423e355a4aa66Christian Maeder    public boolean addElement(Object obj) {
5e5c3fbbf8c22b883d551d83429b9f8d8041f1e0Christian Maeder        // no-op
793945d4ac7c0f22760589c87af8e71427c76118Christian Maeder        return true;
ee6c748be810b24e3c70ffd74f291c7394e389f5Christian Maeder    }
ee6c748be810b24e3c70ffd74f291c7394e389f5Christian Maeder
9884c7cef7e5a2c8595d5ef8c7d32b9b44a3fad8Christian Maeder    public boolean removeElement(Object obj) {
9884c7cef7e5a2c8595d5ef8c7d32b9b44a3fad8Christian Maeder        // no-op
fd2dcd5c071e938c07338fd3a32296819b8a2333Christian Maeder        return true;
fd2dcd5c071e938c07338fd3a32296819b8a2333Christian Maeder    }
fd2dcd5c071e938c07338fd3a32296819b8a2333Christian Maeder
fd2dcd5c071e938c07338fd3a32296819b8a2333Christian Maeder    public boolean isEmpty() {
9884c7cef7e5a2c8595d5ef8c7d32b9b44a3fad8Christian Maeder        return false;
ee6c748be810b24e3c70ffd74f291c7394e389f5Christian Maeder    }
ee6c748be810b24e3c70ffd74f291c7394e389f5Christian Maeder
ee6c748be810b24e3c70ffd74f291c7394e389f5Christian Maeder    public long getRunPeriod() {
ee6c748be810b24e3c70ffd74f291c7394e389f5Christian Maeder        return runPeriod;
ee6c748be810b24e3c70ffd74f291c7394e389f5Christian Maeder    }
ee6c748be810b24e3c70ffd74f291c7394e389f5Christian Maeder
ee6c748be810b24e3c70ffd74f291c7394e389f5Christian Maeder    public void run() {
793945d4ac7c0f22760589c87af8e71427c76118Christian Maeder        if (!runCleanup()) {
d48085f765fca838c1d972d2123601997174583dChristian Maeder            // no need to run cleanup on this instance
793945d4ac7c0f22760589c87af8e71427c76118Christian Maeder            return;
793945d4ac7c0f22760589c87af8e71427c76118Christian Maeder        }
793945d4ac7c0f22760589c87af8e71427c76118Christian Maeder
793945d4ac7c0f22760589c87af8e71427c76118Christian Maeder        CoreTokenUtils.debug.message("TokenCleanupRunnable.run : START");
5b1f1d57c75562a7af79e8256f4afa07febe921bChristian Maeder        Set<String> tokenSet = getAllTokens();
793945d4ac7c0f22760589c87af8e71427c76118Christian Maeder        Iterator<String> tokens = tokenSet.iterator();
793945d4ac7c0f22760589c87af8e71427c76118Christian Maeder        if (CoreTokenUtils.debug.messageEnabled()) {
a716971174535184da7713ed308423e355a4aa66Christian Maeder            CoreTokenUtils.debug.message("TokenCleanupRunnable.run : found "
a716971174535184da7713ed308423e355a4aa66Christian Maeder                + tokenSet.size() + " tokens");
a716971174535184da7713ed308423e355a4aa66Christian Maeder        }
67a14e04c885a87e4273a300eef60e680531088cChristian Maeder        while (tokens.hasNext()) {
67a14e04c885a87e4273a300eef60e680531088cChristian Maeder            String token = tokens.next();
67a14e04c885a87e4273a300eef60e680531088cChristian Maeder            String dn = OpenSSOCoreTokenStore.getCoreTokenDN(token);
d48085f765fca838c1d972d2123601997174583dChristian Maeder            SSOToken adminToken = (SSOToken) AccessController.doPrivileged(
d48085f765fca838c1d972d2123601997174583dChristian Maeder                AdminTokenAction.getInstance());
d48085f765fca838c1d972d2123601997174583dChristian Maeder            if (SMSEntry.checkIfEntryExists(dn, adminToken)) {
d48085f765fca838c1d972d2123601997174583dChristian Maeder                try {
5b1f1d57c75562a7af79e8256f4afa07febe921bChristian Maeder                    SMSEntry s = new SMSEntry(adminToken, dn);
d48085f765fca838c1d972d2123601997174583dChristian Maeder                    String tokenExpiry = getTokenExpiry(s);
d48085f765fca838c1d972d2123601997174583dChristian Maeder                    if (CoreTokenUtils.isTokenExpired(tokenExpiry)) {
76647324ed70f33b95a881b536d883daccf9568dChristian Maeder                        s.delete();
d48085f765fca838c1d972d2123601997174583dChristian Maeder                        // add logging
d48085f765fca838c1d972d2123601997174583dChristian Maeder                        TokenLogUtils.access(Level.INFO,
d48085f765fca838c1d972d2123601997174583dChristian Maeder                            TokenLogUtils.EXPIRED_TOKEN_DELETE_SUCCESS,
76647324ed70f33b95a881b536d883daccf9568dChristian Maeder                            null, null, token);
d48085f765fca838c1d972d2123601997174583dChristian Maeder                        if (CoreTokenUtils.debug.messageEnabled()) {
d48085f765fca838c1d972d2123601997174583dChristian Maeder                            CoreTokenUtils.debug.message("TokenCleanupRunnable"
d48085f765fca838c1d972d2123601997174583dChristian Maeder                               + ".run: removed expired token " + token);
d48085f765fca838c1d972d2123601997174583dChristian Maeder                        }
d48085f765fca838c1d972d2123601997174583dChristian Maeder                    }
5b1f1d57c75562a7af79e8256f4afa07febe921bChristian Maeder                } catch (SMSException ex) {
d48085f765fca838c1d972d2123601997174583dChristian Maeder                    CoreTokenUtils.debug.error("TokenCleanupRunnable.run", ex);
d48085f765fca838c1d972d2123601997174583dChristian Maeder                } catch (SSOException ex) {
d48085f765fca838c1d972d2123601997174583dChristian Maeder                    CoreTokenUtils.debug.error("TokenCleanupRunnable.run", ex);
5b1f1d57c75562a7af79e8256f4afa07febe921bChristian Maeder                } catch (CoreTokenException ce) {
d48085f765fca838c1d972d2123601997174583dChristian Maeder                    CoreTokenUtils.debug.error("TokenCleanupRunnable.run", ce);
d48085f765fca838c1d972d2123601997174583dChristian Maeder                }
d48085f765fca838c1d972d2123601997174583dChristian Maeder            }
76647324ed70f33b95a881b536d883daccf9568dChristian Maeder        }
35cd0c10843c2cdbbe29f00a2a5d7e5e4f2d0064Christian Maeder        CoreTokenUtils.debug.message("TokenCleanupRunnable.run : END");
35cd0c10843c2cdbbe29f00a2a5d7e5e4f2d0064Christian Maeder    }
35cd0c10843c2cdbbe29f00a2a5d7e5e4f2d0064Christian Maeder
d48085f765fca838c1d972d2123601997174583dChristian Maeder    private boolean runCleanup() {
d48085f765fca838c1d972d2123601997174583dChristian Maeder        // TODO : need to define algorithm that only the cleanup thread is
5b1f1d57c75562a7af79e8256f4afa07febe921bChristian Maeder        // run on one instance only in case of multi-server deployment.
d48085f765fca838c1d972d2123601997174583dChristian Maeder        // to be done in build9
35cd0c10843c2cdbbe29f00a2a5d7e5e4f2d0064Christian Maeder        return true;
35cd0c10843c2cdbbe29f00a2a5d7e5e4f2d0064Christian Maeder    }
35cd0c10843c2cdbbe29f00a2a5d7e5e4f2d0064Christian Maeder
35cd0c10843c2cdbbe29f00a2a5d7e5e4f2d0064Christian Maeder    private Set<String> getAllTokens() {
35cd0c10843c2cdbbe29f00a2a5d7e5e4f2d0064Christian Maeder
35cd0c10843c2cdbbe29f00a2a5d7e5e4f2d0064Christian Maeder        SSOToken token = (SSOToken) AccessController.doPrivileged(
76647324ed70f33b95a881b536d883daccf9568dChristian Maeder            AdminTokenAction.getInstance());
d48085f765fca838c1d972d2123601997174583dChristian Maeder        Set<String> results = new HashSet<String>();
d48085f765fca838c1d972d2123601997174583dChristian Maeder        if (SMSEntry.checkIfEntryExists(
d48085f765fca838c1d972d2123601997174583dChristian Maeder            OpenSSOCoreTokenStore.SERVICE_DN, token)) {
d48085f765fca838c1d972d2123601997174583dChristian Maeder            Set<String> dns = null;
76647324ed70f33b95a881b536d883daccf9568dChristian Maeder            try {
d48085f765fca838c1d972d2123601997174583dChristian Maeder                dns = SMSEntry.search(token, OpenSSOCoreTokenStore.SERVICE_DN,
3eb7ebab2dd79ac5277f087b18e8f05b9e9f0f9bChristian Maeder                    "ou=*", 0, 0, false, false);
3eb7ebab2dd79ac5277f087b18e8f05b9e9f0f9bChristian Maeder            } catch (SMSException ex) {
3eb7ebab2dd79ac5277f087b18e8f05b9e9f0f9bChristian Maeder                CoreTokenUtils.debug.error("TokenCleanupThread.getAllTokens",
81946e2b3f6dde6167f48769bd02c7a634736856Christian Maeder                    ex);
d976ba42e9d48c289f9c73147669c7e57b7aa98eChristian Maeder            }
3eb7ebab2dd79ac5277f087b18e8f05b9e9f0f9bChristian Maeder            for (String dn : dns) {
3eb7ebab2dd79ac5277f087b18e8f05b9e9f0f9bChristian Maeder                if (!CoreTokenUtils.areDNIdentical(
3eb7ebab2dd79ac5277f087b18e8f05b9e9f0f9bChristian Maeder                    OpenSSOCoreTokenStore.SERVICE_DN, dn)) {
3eb7ebab2dd79ac5277f087b18e8f05b9e9f0f9bChristian Maeder                    String rdns[] = LDAPDN.explodeDN(dn, true);
81946e2b3f6dde6167f48769bd02c7a634736856Christian Maeder                    if ((rdns != null) && rdns.length > 0) {
d976ba42e9d48c289f9c73147669c7e57b7aa98eChristian Maeder                        results.add(rdns[0]);
6b1153c560b677f9f5da2a60ee8a10de75ff90c5Christian Maeder                    }
6b1153c560b677f9f5da2a60ee8a10de75ff90c5Christian Maeder                }
d976ba42e9d48c289f9c73147669c7e57b7aa98eChristian Maeder            }
81946e2b3f6dde6167f48769bd02c7a634736856Christian Maeder        }
76647324ed70f33b95a881b536d883daccf9568dChristian Maeder        return results;
81946e2b3f6dde6167f48769bd02c7a634736856Christian Maeder    }
81946e2b3f6dde6167f48769bd02c7a634736856Christian Maeder
81946e2b3f6dde6167f48769bd02c7a634736856Christian Maeder    private String getTokenExpiry (SMSEntry s) {
76647324ed70f33b95a881b536d883daccf9568dChristian Maeder        String tokenExpiry = null;
9a44a07ffc79da9852b6319bd6d9df81efe99809Christian Maeder        Map<String, Set<String>> map = s.getAttributes();
81946e2b3f6dde6167f48769bd02c7a634736856Christian Maeder        Set<String> attrVals = map.get(SMSEntry.ATTR_KEYVAL);
81946e2b3f6dde6167f48769bd02c7a634736856Christian Maeder        if ((attrVals != null) && ! attrVals.isEmpty()) {
76647324ed70f33b95a881b536d883daccf9568dChristian Maeder            for (Iterator<String> i = attrVals.iterator(); i.hasNext(); ) {
e47d29b522739fbf08aac80c6faa447dde113fbcChristian Maeder                String value = i.next();
81946e2b3f6dde6167f48769bd02c7a634736856Christian Maeder                if (value.startsWith(OpenSSOCoreTokenStore.JSON_ATTR + "=")) {
a39a820684c1974350f46593025e0bb279f41bc6Christian Maeder                    String jsonAttr = value.substring(
a39a820684c1974350f46593025e0bb279f41bc6Christian Maeder                        OpenSSOCoreTokenStore.JSON_ATTR.length() + 1);
a39a820684c1974350f46593025e0bb279f41bc6Christian Maeder                    try {
a39a820684c1974350f46593025e0bb279f41bc6Christian Maeder                        JSONObject jObj = new JSONObject(jsonAttr);
5b1f1d57c75562a7af79e8256f4afa07febe921bChristian Maeder                        JSONArray jArry = jObj.getJSONArray(
d48085f765fca838c1d972d2123601997174583dChristian Maeder                                CoreTokenConstants.TOKEN_EXPIRY);
d48085f765fca838c1d972d2123601997174583dChristian Maeder                        if ((jArry != null) && (jArry.length() != 0)) {
d48085f765fca838c1d972d2123601997174583dChristian Maeder                            tokenExpiry = jArry.getString(0);
5b1f1d57c75562a7af79e8256f4afa07febe921bChristian Maeder                            break;
e47d29b522739fbf08aac80c6faa447dde113fbcChristian Maeder                        }
e47d29b522739fbf08aac80c6faa447dde113fbcChristian Maeder                    } catch (JSONException ex) {
d48085f765fca838c1d972d2123601997174583dChristian Maeder                        CoreTokenUtils.debug.error(
5b1f1d57c75562a7af79e8256f4afa07febe921bChristian Maeder                            "TokenCleanupRunnable.getTokenExpity", ex);
d48085f765fca838c1d972d2123601997174583dChristian Maeder                    }
e47d29b522739fbf08aac80c6faa447dde113fbcChristian Maeder                }
d48085f765fca838c1d972d2123601997174583dChristian Maeder            }
d48085f765fca838c1d972d2123601997174583dChristian Maeder        }
d48085f765fca838c1d972d2123601997174583dChristian Maeder        return tokenExpiry;
d48085f765fca838c1d972d2123601997174583dChristian Maeder    }
d48085f765fca838c1d972d2123601997174583dChristian Maeder}
d48085f765fca838c1d972d2123601997174583dChristian Maeder