Skip to content

Feature 4159 handle token cache in cluster #4160

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
May 26, 2025
Merged

Feature 4159 handle token cache in cluster #4160

merged 8 commits into from
May 26, 2025

Conversation

de-jcup
Copy link
Member

@de-jcup de-jcup commented May 12, 2025

@de-jcup de-jcup self-assigned this May 12, 2025
@de-jcup de-jcup force-pushed the feature-4159-handle-token-cache-in-cluster branch 5 times, most recently from 89501b7 to 064d705 Compare May 21, 2025 19:04
@de-jcup
Implementing cluster token caching #4159
d2c054c 
- introduced pre-cache
- refactored self cleaning cache
- added new fields
- introduced builder
- introduced OAuth2OpaqueTokenClusterCachePersistence
- added documentation
- introduced integration test + unit tests
@de-jcup de-jcup force-pushed the feature-4159-handle-token-cache-in-cluster branch from 064d705 to d2c054c Compare May 22, 2025 07:28
@de-jcup de-jcup force-pushed the feature-4159-handle-token-cache-in-cluster branch 3 times, most recently from 1611fc3 to 1ca5d21 Compare May 23, 2025 08:08
@de-jcup
Some refactorings for cluster token cache handling + oauth2 #4159
66c50b3 
- removed unnecessary consructors, where only for test, the test was
changed
  instead.
- introduced component to provide cryptoAccessprovider for
  opaque token introspection response, used this comonent inside
  selfcleaning cache instance, but also inside cluster token cache
  (when transforming database entities to cache data objects)
@de-jcup de-jcup force-pushed the feature-4159-handle-token-cache-in-cluster branch from 1ca5d21 to 66c50b3 Compare May 23, 2025 08:13
@de-jcup de-jcup requested a review from winzj May 23, 2025 08:44
@de-jcup de-jcup marked this pull request as ready for review May 23, 2025 08:44
sven-dmlr added 2 commits May 23, 2025 14:26
@sven-dmlr
increased version #4159
f233f42 
Due to PR #4187 version 2.11.0 was aready reached.
Set to 2.12.0
@sven-dmlr
alpabetically ordered #4159
c3fe704
winzj
winzj approved these changes May 26, 2025
View reviewed changes
Copy link
Member

@winzj winzj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking very good to me 🚀

I just found some optional things, but nothing related to the implementation logic.
If you change the optional parts, maybe you can apply the license headers as well.

...ing/src/main/java/com/mercedesbenz/sechub/spring/security/OAuth2OpaqueTokenIntrospector.java Outdated
@@ -163,98 +270,123 @@ public OAuth2AuthenticatedPrincipal introspect(String opaqueToken) throws OAuth2
return new OAuth2IntrospectionAuthenticatedPrincipal(username, introspectionClaims, authorities);
}

private OAuth2OpaqueTokenIntrospectionResponse getIntrospectionResponse(String opaqueToken, Instant now) {
private OAuth2OpaqueTokenIntrospectionResponse getIntrospectionResponseFromInMemoryCache(String opaqueToken, Instant now) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This method does more than fetching the introspection response fromt he in-memory cache. If it is not inside the in-memory cache the cluster cache is asked afterwards and updates the in-memory cache. Maybe give this method a more generic name?

@de-jcup de-jcup merged commit fb1fb27 into develop May 26, 2025
2 checks passed
@de-jcup de-jcup deleted the feature-4159-handle-token-cache-in-cluster branch May 26, 2025 21:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@winzj winzj winzj approved these changes

Assignees

@de-jcup de-jcup

@winzj winzj

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Handle session persistence for cluster environments
3 participants
@de-jcup @winzj @sven-dmlr