org.apache.directory.server.kerberos.shared.replay
Class InMemoryReplayCache

java.lang.Object
  extended by java.lang.Thread
      extended by org.apache.directory.server.kerberos.shared.replay.InMemoryReplayCache
All Implemented Interfaces:
java.lang.Runnable, ReplayCache

public class InMemoryReplayCache
extends java.lang.Thread
implements ReplayCache

"The replay cache will store at least the server name, along with the client name, time, and microsecond fields from the recently-seen authenticators, and if a matching tuple is found, the KRB_AP_ERR_REPEAT error is returned." We will store the entries using an HashMap which key will be the client principal, and we will store a list of entries for each client principal. A thread will run every N seconds to clean the cache from entries out of the clockSkew

Version:
$Rev: 589775 $, $Date: 2007-10-29 19:04:59 +0100 (Mo, 29 Okt 2007) $
Author:
Apache Directory Project

Nested Class Summary
 class InMemoryReplayCache.ReplayCacheEntry
          A structure to hold an entry
 
Nested classes/interfaces inherited from class java.lang.Thread
java.lang.Thread.State, java.lang.Thread.UncaughtExceptionHandler
 
Field Summary
 
Fields inherited from class java.lang.Thread
MAX_PRIORITY, MIN_PRIORITY, NORM_PRIORITY
 
Constructor Summary
InMemoryReplayCache()
          Creates a new instance of InMemoryReplayCache.
InMemoryReplayCache(int delay)
          Creates a new instance of InMemoryReplayCache.
InMemoryReplayCache(long clockSkew)
          Creates a new instance of InMemoryReplayCache.
InMemoryReplayCache(long clockSkew, int delay)
          Creates a new instance of InMemoryReplayCache.
 
Method Summary
 java.util.Map<javax.security.auth.kerberos.KerberosPrincipal,java.util.List<InMemoryReplayCache.ReplayCacheEntry>> getCache()
           
 boolean isReplay(javax.security.auth.kerberos.KerberosPrincipal serverPrincipal, javax.security.auth.kerberos.KerberosPrincipal clientPrincipal, KerberosTime clientTime, int clientMicroSeconds)
          Check if an entry is a replay or not.
 void run()
          The cleaning thread.
 void save(javax.security.auth.kerberos.KerberosPrincipal serverPrincipal, javax.security.auth.kerberos.KerberosPrincipal clientPrincipal, KerberosTime clientTime, int clientMicroSeconds)
          Add a new entry into the cache.
 void setClockSkew(long clockSkew)
          Sets the clock skew.
 void setDelay(long delay)
          Set the delay between each cleaning thread run.
 
Methods inherited from class java.lang.Thread
activeCount, checkAccess, countStackFrames, currentThread, destroy, dumpStack, enumerate, getAllStackTraces, getContextClassLoader, getDefaultUncaughtExceptionHandler, getId, getName, getPriority, getStackTrace, getState, getThreadGroup, getUncaughtExceptionHandler, holdsLock, interrupt, interrupted, isAlive, isDaemon, isInterrupted, join, join, join, resume, setContextClassLoader, setDaemon, setDefaultUncaughtExceptionHandler, setName, setPriority, setUncaughtExceptionHandler, sleep, sleep, start, stop, stop, suspend, toString, yield
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

InMemoryReplayCache

public InMemoryReplayCache()
Creates a new instance of InMemoryReplayCache. Sets the delay between each cleaning run to 5 seconds.


InMemoryReplayCache

public InMemoryReplayCache(long clockSkew)
Creates a new instance of InMemoryReplayCache. Sets the delay between each cleaning run to 5 seconds. Sets the clockSkew to the given value

Parameters:
clockSkew - the allowed skew (milliseconds)

InMemoryReplayCache

public InMemoryReplayCache(long clockSkew,
                           int delay)
Creates a new instance of InMemoryReplayCache. Sets the clockSkew to the given value, and set the cleaning thread kick off delay

Parameters:
clockSkew - the allowed skew (milliseconds)
delay - the interval between each run of the cache cleaning thread (milliseconds)

InMemoryReplayCache

public InMemoryReplayCache(int delay)
Creates a new instance of InMemoryReplayCache. Sets the delay between each cleaning run to 5 seconds. Sets the cleaning thread kick off delay

Parameters:
delay - the interval between each run of the cache cleaning thread (milliseconds).
Method Detail

setClockSkew

public void setClockSkew(long clockSkew)
Sets the clock skew.

Parameters:
clockSkew -

setDelay

public void setDelay(long delay)
Set the delay between each cleaning thread run.

Parameters:
delay - delay in milliseconds

isReplay

public boolean isReplay(javax.security.auth.kerberos.KerberosPrincipal serverPrincipal,
                        javax.security.auth.kerberos.KerberosPrincipal clientPrincipal,
                        KerberosTime clientTime,
                        int clientMicroSeconds)
Check if an entry is a replay or not.

Specified by:
isReplay in interface ReplayCache
Parameters:
serverPrincipal - The server principal
clientPrincipal - The client principal
clientTime - The client time
clientMicroSeconds - The client microsecond
Returns:
true if the request is a replay.

save

public void save(javax.security.auth.kerberos.KerberosPrincipal serverPrincipal,
                 javax.security.auth.kerberos.KerberosPrincipal clientPrincipal,
                 KerberosTime clientTime,
                 int clientMicroSeconds)
Add a new entry into the cache. A thread will clean all the timed out entries.

Specified by:
save in interface ReplayCache
Parameters:
serverPrincipal - The server principal
clientPrincipal - The client principal
clientTime - The client time
clientMicroSeconds - The client microsecond

getCache

public java.util.Map<javax.security.auth.kerberos.KerberosPrincipal,java.util.List<InMemoryReplayCache.ReplayCacheEntry>> getCache()

run

public void run()
The cleaning thread. It runs every N seconds.

Specified by:
run in interface java.lang.Runnable
Overrides:
run in class java.lang.Thread


Copyright © 2003-2009 Apache Software Foundation. All Rights Reserved.