org.apache.directory.server.kerberos.shared.replay
Class InMemoryReplayCache

java.lang.Object
  java.lang.Thread
      org.apache.directory.server.kerberos.shared.replay.InMemoryReplayCache

All Implemented Interfaces:

java.lang.Runnable, ReplayCache

public class InMemoryReplayCache
extends java.lang.Thread
implements ReplayCache

"The replay cache will store at least the server name, along with the client name, time, and microsecond fields from the recently-seen authenticators, and if a matching tuple is found, the KRB_AP_ERR_REPEAT error is returned." We will store the entries using an HashMap which key will be the client principal, and we will store a list of entries for each client principal. A thread will run every N seconds to clean the cache from entries out of the clockSkew

Version:

$Rev: 589775 $, $Date: 2007-10-29 19:04:59 +0100 (Mo, 29 Okt 2007) $

Author:

Apache Directory Project

Nested Class Summary

class

InMemoryReplayCache.ReplayCacheEntry A structure to hold an entry

Nested classes/interfaces inherited from class java.lang.Thread

java.lang.Thread.State, java.lang.Thread.UncaughtExceptionHandler

Field Summary

Fields inherited from class java.lang.Thread

MAX_PRIORITY, MIN_PRIORITY, NORM_PRIORITY

Constructor Summary

InMemoryReplayCache()
Creates a new instance of InMemoryReplayCache.

InMemoryReplayCache(int delay)
Creates a new instance of InMemoryReplayCache.

InMemoryReplayCache(long clockSkew)
Creates a new instance of InMemoryReplayCache.

InMemoryReplayCache(long clockSkew, int delay)
Creates a new instance of InMemoryReplayCache.

Method Summary

java.util.Map<javax.security.auth.kerberos.KerberosPrincipal,java.util.List<InMemoryReplayCache.ReplayCacheEntry>>	getCache()
boolean	isReplay(javax.security.auth.kerberos.KerberosPrincipal serverPrincipal, javax.security.auth.kerberos.KerberosPrincipal clientPrincipal, KerberosTime clientTime, int clientMicroSeconds) Check if an entry is a replay or not.
void	run() The cleaning thread.
void	save(javax.security.auth.kerberos.KerberosPrincipal serverPrincipal, javax.security.auth.kerberos.KerberosPrincipal clientPrincipal, KerberosTime clientTime, int clientMicroSeconds) Add a new entry into the cache.
void	setClockSkew(long clockSkew) Sets the clock skew.
void	setDelay(long delay) Set the delay between each cleaning thread run.

Methods inherited from class java.lang.Thread

activeCount, checkAccess, clone, countStackFrames, currentThread, destroy, dumpStack, enumerate, getAllStackTraces, getContextClassLoader, getDefaultUncaughtExceptionHandler, getId, getName, getPriority, getStackTrace, getState, getThreadGroup, getUncaughtExceptionHandler, holdsLock, interrupt, interrupted, isAlive, isDaemon, isInterrupted, join, join, join, resume, setContextClassLoader, setDaemon, setDefaultUncaughtExceptionHandler, setName, setPriority, setUncaughtExceptionHandler, sleep, sleep, start, stop, stop, suspend, toString, yield

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

InMemoryReplayCache

public InMemoryReplayCache()

Creates a new instance of InMemoryReplayCache. Sets the delay between each cleaning run to 5 seconds.

InMemoryReplayCache

public InMemoryReplayCache(long clockSkew)

Creates a new instance of InMemoryReplayCache. Sets the delay between each cleaning run to 5 seconds. Sets the clockSkew to the given value

Parameters:

clockSkew - the allowed skew (milliseconds)

InMemoryReplayCache

public InMemoryReplayCache(long clockSkew,
                           int delay)

Creates a new instance of InMemoryReplayCache. Sets the clockSkew to the given value, and set the cleaning thread kick off delay

Parameters:

clockSkew - the allowed skew (milliseconds)

delay - the interval between each run of the cache cleaning thread (milliseconds)

InMemoryReplayCache

public InMemoryReplayCache(int delay)

Creates a new instance of InMemoryReplayCache. Sets the delay between each cleaning run to 5 seconds. Sets the cleaning thread kick off delay

Parameters:

delay - the interval between each run of the cache cleaning thread (milliseconds).

Method Detail

setClockSkew

public void setClockSkew(long clockSkew)

Sets the clock skew.

Parameters:

clockSkew -

setDelay

public void setDelay(long delay)

Set the delay between each cleaning thread run.

Parameters:

delay - delay in milliseconds

isReplay

public boolean isReplay(javax.security.auth.kerberos.KerberosPrincipal serverPrincipal,
                        javax.security.auth.kerberos.KerberosPrincipal clientPrincipal,
                        KerberosTime clientTime,
                        int clientMicroSeconds)

Check if an entry is a replay or not.

Specified by:

isReplay in interface ReplayCache

Parameters:

serverPrincipal - The server principal

clientPrincipal - The client principal

clientTime - The client time

clientMicroSeconds - The client microsecond

Returns:

true if the request is a replay.

save

public void save(javax.security.auth.kerberos.KerberosPrincipal serverPrincipal,
                 javax.security.auth.kerberos.KerberosPrincipal clientPrincipal,
                 KerberosTime clientTime,
                 int clientMicroSeconds)

Add a new entry into the cache. A thread will clean all the timed out entries.

Specified by:

save in interface ReplayCache

Parameters:

serverPrincipal - The server principal

clientPrincipal - The client principal

clientTime - The client time

clientMicroSeconds - The client microsecond

getCache

public java.util.Map<javax.security.auth.kerberos.KerberosPrincipal,java.util.List<InMemoryReplayCache.ReplayCacheEntry>> getCache()

run

public void run()

The cleaning thread. It runs every N seconds.

Specified by:

run in interface java.lang.Runnable

Overrides:

run in class java.lang.Thread