JCL-279: Implement token cache for session objects

Author: acoburn

access-grant/src/main/java/com/inrupt/client/accessgrant/AccessGrantSession.java

@@ -22,17 +22,23 @@
 
 import static java.nio.charset.StandardCharsets.UTF_8;
 
+import com.inrupt.client.ClientCache;
 import com.inrupt.client.Request;
+import com.inrupt.client.auth.Authenticator;
 import com.inrupt.client.auth.Credential;
 import com.inrupt.client.auth.Session;
+import com.inrupt.client.spi.ServiceProvider;
 
 import java.net.URI;
+import java.time.Duration;
+import java.time.Instant;
 import java.util.Arrays;
 import java.util.Base64;
 import java.util.Collection;
 import java.util.List;
 import java.util.Map;
 import java.util.NavigableMap;
+import java.util.Objects;
 import java.util.Optional;
 import java.util.Set;
 import java.util.UUID;
@@ -53,10 +59,13 @@ public final class AccessGrantSession implements Session {
     private final String id;
     private final Session session;
     private final NavigableMap<URI, AccessGrant> grants = new ConcurrentSkipListMap<>();
+    private final ClientCache<URI, Credential> tokenCache;
 
-    private AccessGrantSession(final Session session, final List<AccessGrant> grants) {
+    private AccessGrantSession(final Session session, final ClientCache<URI, Credential> cache,
+            final List<AccessGrant> grants) {
         this.id = UUID.randomUUID().toString();
         this.session = session;
+        this.tokenCache = Objects.requireNonNull(cache, "Cache may not be null!");
 
         for (final AccessGrant grant : grants) {
             for (final URI uri : grant.getResources()) {
@@ -73,7 +82,21 @@ private AccessGrantSession(final Session session, final List<AccessGrant> grants
      * @return the Access Grant-based session
      */
     public static AccessGrantSession ofAccessGrant(final Session session, final AccessGrant... accessGrants) {
-        return new AccessGrantSession(session, Arrays.asList(accessGrants));
+        return ofAccessGrant(session, ServiceProvider.getCacheBuilder().build(1000, Duration.ofMinutes(10)),
+                accessGrants);
+    }
+
+    /**
+     * Create a session with a collection of known access grants.
+     *
+     * @param session the OpenID Session
+     * @param cache a pre-configured cache
+     * @param accessGrants the access grants
+     * @return the Access Grant-based session
+     */
+    public static AccessGrantSession ofAccessGrant(final Session session, final ClientCache<URI, Credential> cache,
+            final AccessGrant... accessGrants) {
+        return new AccessGrantSession(session, cache, Arrays.asList(accessGrants));
     }
 
     @Override
@@ -117,6 +140,19 @@ public Optional<String> generateProof(final String jkt, final Request request) {
         return session.generateProof(jkt, request);
     }
 
+    @Override
+    public CompletionStage<Optional<Credential>> authenticate(final Authenticator authenticator,
+            final Request request, final Set<String> algorithms) {
+        return authenticator.authenticate(this, request, algorithms)
+            .thenApply(credential -> {
+                if (credential != null) {
+                    tokenCache.put(request.uri(), credential);
+                }
+                return Optional.ofNullable(credential);
+            });
+    }
+
+    /* deprecated */
     @Override
     public CompletionStage<Optional<Credential>> authenticate(final Request request,
             final Set<String> algorithms) {
@@ -129,7 +165,10 @@ public CompletionStage<Optional<Credential>> authenticate(final Request request,
 
     @Override
     public Optional<Credential> fromCache(final Request request) {
-        // TODO add cache
+        final Credential cachedToken = tokenCache.get(request.uri());
+        if (cachedToken != null && cachedToken.getExpiration().isAfter(Instant.now())) {
+            return Optional.of(cachedToken);
+        }
         return Optional.empty();
     }
 

api/src/main/java/com/inrupt/client/auth/ReactiveAuthorization.java

@@ -95,7 +95,7 @@ public CompletionStage<Optional<Credential>> negotiate(final Session session, fi
             authenticators.sort(comparator);
             final Authenticator auth = authenticators.get(0);
             LOGGER.debug("Using {} authenticator", auth.getName());
-            return auth.authenticate(session, request, algorithms).thenApply(Optional::ofNullable);
+            return session.authenticate(auth, request, algorithms);
         }
         return CompletableFuture.completedFuture(Optional.empty());
     }

api/src/main/java/com/inrupt/client/auth/Session.java

@@ -99,9 +99,22 @@ public interface Session {
      * @param request the HTTP request
      * @param algorithms the supported DPoP algorithms
      * @return the next stage of completion, containing an access token, if present
+     * @deprecated as of Beta3, this method is no longer used
      */
+    @Deprecated
     CompletionStage<Optional<Credential>> authenticate(Request request, Set<String> algorithms);
 
+    /**
+     * Fetch an authentication token from session values.
+     *
+     * @param authenticator the authenticator in use
+     * @param request the HTTP request
+     * @param algorithms the supported DPoP algorithms
+     * @return the next stage of completion, containing an access token, if present
+     */
+    CompletionStage<Optional<Credential>> authenticate(Authenticator authenticator, Request request,
+            Set<String> algorithms);
+
     /**
      * Create a new anonymous session.
      *
@@ -146,6 +159,13 @@ public Optional<String> selectThumbprint(final Collection<String> algorithms) {
                 return Optional.empty();
             }
 
+            @Override
+            public CompletionStage<Optional<Credential>> authenticate(final Authenticator authenticator,
+                    final Request request, final Set<String> algorithms) {
+                return authenticator.authenticate(this, request, algorithms).thenApply(Optional::ofNullable);
+            }
+
+            /* deprecated */
             @Override
             public CompletionStage<Optional<Credential>> authenticate(final Request request,
                     final Set<String> algorithms) {

core/src/test/java/com/inrupt/client/core/MockHttpService.java

@@ -133,7 +133,7 @@ private void setupMocks() {
                     .withHeader("User-Agent", equalTo(USER_AGENT))
                     .withRequestBody(matching("Test String 1"))
                     .withHeader(CONTENT_TYPE, containing(TEXT_PLAIN))
-                    .withHeader("Authorization", containing("Bearer token-67890"))
+                    .withHeader("Authorization", containing("Bearer eyJ"))
                     .withHeader("DPoP", absent())
                     .willReturn(aResponse()
                         .withStatus(201)));

openid/src/main/java/com/inrupt/client/openid/OpenIdSession.java

@@ -22,13 +22,17 @@
 
 import static java.nio.charset.StandardCharsets.UTF_8;
 
+import com.inrupt.client.ClientCache;
 import com.inrupt.client.Request;
+import com.inrupt.client.auth.Authenticator;
 import com.inrupt.client.auth.Credential;
 import com.inrupt.client.auth.DPoP;
 import com.inrupt.client.auth.Session;
+import com.inrupt.client.spi.ServiceProvider;
 
 import java.net.URI;
 import java.security.MessageDigest;
+import java.time.Duration;
 import java.time.Instant;
 import java.util.Collection;
 import java.util.Collections;
@@ -75,12 +79,14 @@ public final class OpenIdSession implements Session {
     private final AtomicReference<Credential> credential = new AtomicReference<>();
     private final ForkJoinPool executor = new ForkJoinPool(1);
     private final DPoP dpop;
+    private final ClientCache<URI, Boolean> requestCache;
 
     private OpenIdSession(final String id, final DPoP dpop,
             final Supplier<CompletionStage<Credential>> authenticator) {
         this.id = Objects.requireNonNull(id, "Session id may not be null!");
         this.authenticator = Objects.requireNonNull(authenticator, "OpenID authenticator may not be null!");
         this.dpop = Objects.requireNonNull(dpop);
+        this.requestCache = ServiceProvider.getCacheBuilder().build(1000, Duration.ofMinutes(5));
 
         // Support case-insensitive lookups
         final Set<String> schemeNames = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
@@ -216,16 +222,29 @@ public Optional<String> generateProof(final String jkt, final Request request) {
     @Override
     public Optional<Credential> fromCache(final Request request) {
         final Credential c = credential.get();
-        if (!hasExpired(c)) {
+        if (!hasExpired(c) && request != null && requestCache.get(request.uri()) != null) {
+            LOGGER.debug("Using cached token for request: {}", request.uri());
             return Optional.of(c);
         }
         return Optional.empty();
     }
 
+    @Override
+    public CompletionStage<Optional<Credential>> authenticate(final Authenticator auth,
+            final Request request, final Set<String> algorithms) {
+        final Optional<Credential> credential = getCredential(ID_TOKEN, null);
+        if (credential.isPresent() && request != null) {
+            LOGGER.debug("Setting cache entry for request: {}", request.uri());
+            requestCache.put(request.uri(), Boolean.TRUE);
+        }
+        return CompletableFuture.completedFuture(credential);
+    }
+
+    /* deprecated */
     @Override
     public CompletionStage<Optional<Credential>> authenticate(final Request request,
             final Set<String> algorithms) {
-        return CompletableFuture.completedFuture(getCredential(ID_TOKEN, null));
+        return authenticate(null, request, algorithms);
     }
 
     boolean hasExpired(final Credential credential) {

openid/src/test/java/com/inrupt/client/openid/OpenIdSessionTest.java

@@ -157,7 +157,7 @@ void testClientCredentials() {
         assertFalse(session.fromCache(null).isPresent());
         final Optional<URI> principal = session.getPrincipal();
         assertEquals(Optional.of(URI.create(WEBID)), principal);
-        assertTrue(session.fromCache(null).isPresent());
+        assertFalse(session.fromCache(null).isPresent());
         final Optional<Credential> credential = session.authenticate(null, Collections.emptySet())
             .toCompletableFuture().join();
         assertEquals(Optional.of(URI.create(WEBID)), credential.flatMap(Credential::getPrincipal));
@@ -176,7 +176,7 @@ void testClientCredentialsWithConfig() {
         assertFalse(session.fromCache(null).isPresent());
         final Optional<URI> principal = session.getPrincipal();
         assertEquals(Optional.of(URI.create(WEBID)), principal);
-        assertTrue(session.fromCache(null).isPresent());
+        assertFalse(session.fromCache(null).isPresent());
         final Optional<Credential> credential = session.authenticate(null, Collections.emptySet())
             .toCompletableFuture().join();
         assertEquals(Optional.of(URI.create(WEBID)), credential.flatMap(Credential::getPrincipal));

uma/src/main/java/com/inrupt/client/uma/UmaSession.java

@@ -20,11 +20,16 @@
  */
 package com.inrupt.client.uma;
 
+import com.inrupt.client.ClientCache;
 import com.inrupt.client.Request;
+import com.inrupt.client.auth.Authenticator;
 import com.inrupt.client.auth.Credential;
 import com.inrupt.client.auth.Session;
+import com.inrupt.client.spi.ServiceProvider;
 
 import java.net.URI;
+import java.time.Duration;
+import java.time.Instant;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -47,6 +52,7 @@ public final class UmaSession implements Session {
     private final String id;
     private final Set<String> schemes;
     private final List<Session> internalSessions = new ArrayList<>();
+    private final ClientCache<URI, Credential> tokenCache;
 
     private UmaSession(final Session... sessions) {
         this.id = UUID.randomUUID().toString();
@@ -57,6 +63,7 @@ private UmaSession(final Session... sessions) {
         }
         schemeTypes.add("UMA");
         this.schemes = Collections.unmodifiableSet(schemeTypes);
+        this.tokenCache = ServiceProvider.getCacheBuilder().build(1000, Duration.ofMinutes(5));
     }
 
     /**
@@ -125,7 +132,20 @@ public Optional<String> selectThumbprint(final Collection<String> algorithms) {
 
     @Override
     public Optional<Credential> fromCache(final Request request) {
-        return Optional.empty();
+        return Optional.ofNullable(tokenCache.get(request.uri()))
+            .filter(credential -> credential.getExpiration().isAfter(Instant.now()));
+    }
+
+    @Override
+    public CompletionStage<Optional<Credential>> authenticate(final Authenticator authenticator,
+            final Request request, final Set<String> algorithms) {
+        return authenticator.authenticate(this, request, algorithms)
+            .thenApply(credential -> {
+                if (credential != null) {
+                    tokenCache.put(request.uri(), credential);
+                }
+                return Optional.ofNullable(credential);
+            });
     }
 
     @Override