TokenCleanupRunnable.java revision 8af80418ba1ec431c8027fa9668e5678658d3611
abd8dd44106c507dd2cb64359b63d7d56fa0a9c8Christian Maeder * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
76647324ed70f33b95a881b536d883daccf9568dChristian Maeder * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
c00adad2e9459b422dee09e3a2bddba66b433bb7Christian Maeder * The contents of this file are subject to the terms of the Common
3f69b6948966979163bdfe8331c38833d5d90ecdChristian Maeder * Development and Distribution License (the License). You may not use
abd8dd44106c507dd2cb64359b63d7d56fa0a9c8Christian Maeder * this file except in compliance with the License.
f3a94a197960e548ecd6520bb768cb0d547457bbChristian Maeder * You can obtain a copy of the License at
f3a94a197960e548ecd6520bb768cb0d547457bbChristian Maeder * https://opensso.dev.java.net/public/CDDLv1.0.html or
c00adad2e9459b422dee09e3a2bddba66b433bb7Christian Maeder * See the License for the specific language governing
c00adad2e9459b422dee09e3a2bddba66b433bb7Christian Maeder * permission and limitations under the License.
c00adad2e9459b422dee09e3a2bddba66b433bb7Christian Maeder * When distributing Covered Code, include this CDDL Header Notice in each
e8ffec0fa3d3061061bdc16e44247b9cf96b050fChristian Maeder * file and include the License file at opensso/legal/CDDLv1.0.txt. If
950e053ba55ac9c7d9c26a1ab48bd00202b29511Christian Maeder * applicable, add the following below the CDDL Header, with the fields
0a39036fa485579a7b7c81cdd44a412392571927Christian Maeder * enclosed by brackets [] replaced by your own identifying information:
e8ffec0fa3d3061061bdc16e44247b9cf96b050fChristian Maeder * "Portions Copyrighted [year] [name of copyright owner]"
d48085f765fca838c1d972d2123601997174583dChristian Maeder * $Id: TokenCleanupRunnable.java,v 1.1 2009/11/19 00:07:40 qcheng Exp $
d48085f765fca838c1d972d2123601997174583dChristian Maederimport com.sun.identity.coretoken.spi.OpenSSOCoreTokenStore;
d48085f765fca838c1d972d2123601997174583dChristian Maederimport com.sun.identity.common.GeneralTaskRunnable;
76647324ed70f33b95a881b536d883daccf9568dChristian Maederimport com.sun.identity.coretoken.CoreTokenException;
d48085f765fca838c1d972d2123601997174583dChristian Maederimport com.sun.identity.coretoken.CoreTokenConstants;
05ae87b9efa19655024b0b6ac344d250b96567cdChristian Maederimport com.sun.identity.coretoken.CoreTokenUtils;
d48085f765fca838c1d972d2123601997174583dChristian Maederimport com.sun.identity.coretoken.TokenLogUtils;
d48085f765fca838c1d972d2123601997174583dChristian Maederimport com.sun.identity.security.AdminTokenAction;
d48085f765fca838c1d972d2123601997174583dChristian Maeder * The class is used to cleanup expired token in the core token store.
a716971174535184da7713ed308423e355a4aa66Christian Maederpublic class TokenCleanupRunnable extends GeneralTaskRunnable {
793945d4ac7c0f22760589c87af8e71427c76118Christian Maeder // TODO : evaluate other options for cleanup based on performance
5e5c3fbbf8c22b883d551d83429b9f8d8041f1e0Christian Maeder // 1. use directory server plugin
f2c2b420e386a90d940c758c631d16f12952d2b7Christian Maeder // run period of the cleanup thread
793945d4ac7c0f22760589c87af8e71427c76118Christian Maeder * Constructor.
a716971174535184da7713ed308423e355a4aa66Christian Maeder * @param runPeriod The period for the clean up to run.
5e5c3fbbf8c22b883d551d83429b9f8d8041f1e0Christian Maeder public TokenCleanupRunnable(long runPeriod) {
fd2dcd5c071e938c07338fd3a32296819b8a2333Christian Maeder public boolean isEmpty() {
9884c7cef7e5a2c8595d5ef8c7d32b9b44a3fad8Christian Maeder return false;
ee6c748be810b24e3c70ffd74f291c7394e389f5Christian Maeder public long getRunPeriod() {
ee6c748be810b24e3c70ffd74f291c7394e389f5Christian Maeder public void run() {
d48085f765fca838c1d972d2123601997174583dChristian Maeder // no need to run cleanup on this instance
793945d4ac7c0f22760589c87af8e71427c76118Christian Maeder CoreTokenUtils.debug.message("TokenCleanupRunnable.run : START");
793945d4ac7c0f22760589c87af8e71427c76118Christian Maeder Iterator<String> tokens = tokenSet.iterator();
793945d4ac7c0f22760589c87af8e71427c76118Christian Maeder if (CoreTokenUtils.debug.messageEnabled()) {
a716971174535184da7713ed308423e355a4aa66Christian Maeder CoreTokenUtils.debug.message("TokenCleanupRunnable.run : found "
67a14e04c885a87e4273a300eef60e680531088cChristian Maeder String dn = OpenSSOCoreTokenStore.getCoreTokenDN(token);
d48085f765fca838c1d972d2123601997174583dChristian Maeder SSOToken adminToken = (SSOToken) AccessController.doPrivileged(
d48085f765fca838c1d972d2123601997174583dChristian Maeder if (SMSEntry.checkIfEntryExists(dn, adminToken)) {
d48085f765fca838c1d972d2123601997174583dChristian Maeder if (CoreTokenUtils.isTokenExpired(tokenExpiry)) {
d48085f765fca838c1d972d2123601997174583dChristian Maeder // add logging
d48085f765fca838c1d972d2123601997174583dChristian Maeder TokenLogUtils.EXPIRED_TOKEN_DELETE_SUCCESS,
d48085f765fca838c1d972d2123601997174583dChristian Maeder if (CoreTokenUtils.debug.messageEnabled()) {
d48085f765fca838c1d972d2123601997174583dChristian Maeder CoreTokenUtils.debug.message("TokenCleanupRunnable"
d48085f765fca838c1d972d2123601997174583dChristian Maeder CoreTokenUtils.debug.error("TokenCleanupRunnable.run", ex);
d48085f765fca838c1d972d2123601997174583dChristian Maeder CoreTokenUtils.debug.error("TokenCleanupRunnable.run", ex);
d48085f765fca838c1d972d2123601997174583dChristian Maeder CoreTokenUtils.debug.error("TokenCleanupRunnable.run", ce);
35cd0c10843c2cdbbe29f00a2a5d7e5e4f2d0064Christian Maeder CoreTokenUtils.debug.message("TokenCleanupRunnable.run : END");
d48085f765fca838c1d972d2123601997174583dChristian Maeder private boolean runCleanup() {
d48085f765fca838c1d972d2123601997174583dChristian Maeder // TODO : need to define algorithm that only the cleanup thread is
5b1f1d57c75562a7af79e8256f4afa07febe921bChristian Maeder // run on one instance only in case of multi-server deployment.
d48085f765fca838c1d972d2123601997174583dChristian Maeder // to be done in build9
35cd0c10843c2cdbbe29f00a2a5d7e5e4f2d0064Christian Maeder SSOToken token = (SSOToken) AccessController.doPrivileged(
d48085f765fca838c1d972d2123601997174583dChristian Maeder Set<String> results = new HashSet<String>();
d48085f765fca838c1d972d2123601997174583dChristian Maeder OpenSSOCoreTokenStore.SERVICE_DN, token)) {
d48085f765fca838c1d972d2123601997174583dChristian Maeder dns = SMSEntry.search(token, OpenSSOCoreTokenStore.SERVICE_DN,
3eb7ebab2dd79ac5277f087b18e8f05b9e9f0f9bChristian Maeder CoreTokenUtils.debug.error("TokenCleanupThread.getAllTokens",
3eb7ebab2dd79ac5277f087b18e8f05b9e9f0f9bChristian Maeder String rdns[] = LDAPDN.explodeDN(dn, true);
81946e2b3f6dde6167f48769bd02c7a634736856Christian Maeder private String getTokenExpiry (SMSEntry s) {
9a44a07ffc79da9852b6319bd6d9df81efe99809Christian Maeder Map<String, Set<String>> map = s.getAttributes();
81946e2b3f6dde6167f48769bd02c7a634736856Christian Maeder Set<String> attrVals = map.get(SMSEntry.ATTR_KEYVAL);
81946e2b3f6dde6167f48769bd02c7a634736856Christian Maeder if ((attrVals != null) && ! attrVals.isEmpty()) {
76647324ed70f33b95a881b536d883daccf9568dChristian Maeder for (Iterator<String> i = attrVals.iterator(); i.hasNext(); ) {
81946e2b3f6dde6167f48769bd02c7a634736856Christian Maeder if (value.startsWith(OpenSSOCoreTokenStore.JSON_ATTR + "=")) {
a39a820684c1974350f46593025e0bb279f41bc6Christian Maeder OpenSSOCoreTokenStore.JSON_ATTR.length() + 1);
a39a820684c1974350f46593025e0bb279f41bc6Christian Maeder JSONObject jObj = new JSONObject(jsonAttr);
d48085f765fca838c1d972d2123601997174583dChristian Maeder if ((jArry != null) && (jArry.length() != 0)) {
5b1f1d57c75562a7af79e8256f4afa07febe921bChristian Maeder "TokenCleanupRunnable.getTokenExpity", ex);